################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2024-12-22 06:54:06 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.40.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372083/; classtype:trojan-activity;sid:84235183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.168.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372082/; classtype:trojan-activity;sid:84235182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.170.148.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372081/; classtype:trojan-activity;sid:84235181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.188.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372079/; classtype:trojan-activity;sid:84235179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.23.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372080/; classtype:trojan-activity;sid:84235180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.106.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372078/; classtype:trojan-activity;sid:84235178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.220.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372077/; classtype:trojan-activity;sid:84235177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.20.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372075/; classtype:trojan-activity;sid:84235175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.116.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372074/; classtype:trojan-activity;sid:84235174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.151.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372073/; classtype:trojan-activity;sid:84235173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.193.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372072/; classtype:trojan-activity;sid:84235172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.152.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372071/; classtype:trojan-activity;sid:84235171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.25.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372070/; classtype:trojan-activity;sid:84235170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.7.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372069/; classtype:trojan-activity;sid:84235169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.110.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372068/; classtype:trojan-activity;sid:84235168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.161.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372067/; classtype:trojan-activity;sid:84235167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.135.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372066/; classtype:trojan-activity;sid:84235166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.194.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372065/; classtype:trojan-activity;sid:84235165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.131.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372064/; classtype:trojan-activity;sid:84235164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.138.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372063/; classtype:trojan-activity;sid:84235163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.226.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372062/; classtype:trojan-activity;sid:84235162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.135.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372061/; classtype:trojan-activity;sid:84235161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.124.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372060/; classtype:trojan-activity;sid:84235160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.170.148.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372059/; classtype:trojan-activity;sid:84235159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.157.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372058/; classtype:trojan-activity;sid:84235158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.107.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372057/; classtype:trojan-activity;sid:84235157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.151.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372055/; classtype:trojan-activity;sid:84235155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.25.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372054/; classtype:trojan-activity;sid:84235154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.226.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372053/; classtype:trojan-activity;sid:84235153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.116.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372052/; classtype:trojan-activity;sid:84235152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.197.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372051/; classtype:trojan-activity;sid:84235151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.135.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372050/; classtype:trojan-activity;sid:84235150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.109.237.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372049/; classtype:trojan-activity;sid:84235149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.229.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372047/; classtype:trojan-activity;sid:84235147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.110.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372048/; classtype:trojan-activity;sid:84235148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372046/; classtype:trojan-activity;sid:84235146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.133.76.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372042/; classtype:trojan-activity;sid:84235142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.180.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372041/; classtype:trojan-activity;sid:84235141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.124.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372040/; classtype:trojan-activity;sid:84235140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.131.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372039/; classtype:trojan-activity;sid:84235139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.15.50"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372038/; classtype:trojan-activity;sid:84235138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.140.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372037/; classtype:trojan-activity;sid:84235137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.165.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372036/; classtype:trojan-activity;sid:84235136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.250.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372035/; classtype:trojan-activity;sid:84235135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.32.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372034/; classtype:trojan-activity;sid:84235134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.110.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372033/; classtype:trojan-activity;sid:84235133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.210.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372032/; classtype:trojan-activity;sid:84235132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.180.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372031/; classtype:trojan-activity;sid:84235131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.89.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372030/; classtype:trojan-activity;sid:84235130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.76.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372029/; classtype:trojan-activity;sid:84235129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.238.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372028/; classtype:trojan-activity;sid:84235128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.130.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372027/; classtype:trojan-activity;sid:84235127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.248.74.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372026/; classtype:trojan-activity;sid:84235126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.181.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372025/; classtype:trojan-activity;sid:84235125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.180.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372023/; classtype:trojan-activity;sid:84235123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.204.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372024/; classtype:trojan-activity;sid:84235124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.57.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372022/; classtype:trojan-activity;sid:84235122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.250.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372019/; classtype:trojan-activity;sid:84235119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.129.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372018/; classtype:trojan-activity;sid:84235118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.167.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372017/; classtype:trojan-activity;sid:84235117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.89.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372016/; classtype:trojan-activity;sid:84235116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.110.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372014/; classtype:trojan-activity;sid:84235114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.245.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372015/; classtype:trojan-activity;sid:84235115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.220.112.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372013/; classtype:trojan-activity;sid:84235113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.42.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372012/; classtype:trojan-activity;sid:84235112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.74.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372011/; classtype:trojan-activity;sid:84235111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372010/; classtype:trojan-activity;sid:84235110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.144.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372009/; classtype:trojan-activity;sid:84235109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372008/; classtype:trojan-activity;sid:84235108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.25.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372007/; classtype:trojan-activity;sid:84235107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.125.167.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372006/; classtype:trojan-activity;sid:84235106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.166.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372005/; classtype:trojan-activity;sid:84235105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.74.120.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372004/; classtype:trojan-activity;sid:84235104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.198.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372003/; classtype:trojan-activity;sid:84235103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.131.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372002/; classtype:trojan-activity;sid:84235102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371999/; classtype:trojan-activity;sid:84235099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372000/; classtype:trojan-activity;sid:84235100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.217.125.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372001/; classtype:trojan-activity;sid:84235101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.61.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371997/; classtype:trojan-activity;sid:84235097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.88.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371996/; classtype:trojan-activity;sid:84235096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.42.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371995/; classtype:trojan-activity;sid:84235095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371993/; classtype:trojan-activity;sid:84235093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.144.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371994/; classtype:trojan-activity;sid:84235094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.200.55.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371992/; classtype:trojan-activity;sid:84235092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.205.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371991/; classtype:trojan-activity;sid:84235091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.88.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371990/; classtype:trojan-activity;sid:84235090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.30.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371988/; classtype:trojan-activity;sid:84235088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.198.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371989/; classtype:trojan-activity;sid:84235089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.169.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371987/; classtype:trojan-activity;sid:84235087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.197.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371986/; classtype:trojan-activity;sid:84235086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.162.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371985/; classtype:trojan-activity;sid:84235085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371984/; classtype:trojan-activity;sid:84235084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.200.55.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371983/; classtype:trojan-activity;sid:84235083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.74.120.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371982/; classtype:trojan-activity;sid:84235082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.76.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371981/; classtype:trojan-activity;sid:84235081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.96.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371980/; classtype:trojan-activity;sid:84235080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.169.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371978/; classtype:trojan-activity;sid:84235078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.216.26.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371979/; classtype:trojan-activity;sid:84235079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.3.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371977/; classtype:trojan-activity;sid:84235077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371975/; classtype:trojan-activity;sid:84235075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.170.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371976/; classtype:trojan-activity;sid:84235076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.205.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371974/; classtype:trojan-activity;sid:84235074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.128.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371973/; classtype:trojan-activity;sid:84235073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.193.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371972/; classtype:trojan-activity;sid:84235072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371971)"; flow:established,from_client; content:"GET"; http_method; content:"/boobs.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.143.1.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371971/; classtype:trojan-activity;sid:84235071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.146.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371970/; classtype:trojan-activity;sid:84235070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.99.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371969/; classtype:trojan-activity;sid:84235069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.197.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371968/; classtype:trojan-activity;sid:84235068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.100.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371967/; classtype:trojan-activity;sid:84235067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.108.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371964/; classtype:trojan-activity;sid:84235064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.240.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371965/; classtype:trojan-activity;sid:84235065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.1.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371966/; classtype:trojan-activity;sid:84235066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.145.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371963/; classtype:trojan-activity;sid:84235063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371962/; classtype:trojan-activity;sid:84235062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371961/; classtype:trojan-activity;sid:84235061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.142.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371960/; classtype:trojan-activity;sid:84235060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.213.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371959/; classtype:trojan-activity;sid:84235059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.75.44.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371958/; classtype:trojan-activity;sid:84235058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.14.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371957/; classtype:trojan-activity;sid:84235057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.58.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371956/; classtype:trojan-activity;sid:84235056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.46.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371955/; classtype:trojan-activity;sid:84235055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.25.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371954/; classtype:trojan-activity;sid:84235054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.159.206.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371953/; classtype:trojan-activity;sid:84235053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.144.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371952/; classtype:trojan-activity;sid:84235052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.3.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371951/; classtype:trojan-activity;sid:84235051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.128.248.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371950/; classtype:trojan-activity;sid:84235050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.27.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371949/; classtype:trojan-activity;sid:84235049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371948/; classtype:trojan-activity;sid:84235048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.80.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371946/; classtype:trojan-activity;sid:84235046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371947/; classtype:trojan-activity;sid:84235047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.20.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371945/; classtype:trojan-activity;sid:84235045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.159.206.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371944/; classtype:trojan-activity;sid:84235044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.127.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371943/; classtype:trojan-activity;sid:84235043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.191.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371942/; classtype:trojan-activity;sid:84235042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.140.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371941/; classtype:trojan-activity;sid:84235041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.108.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371940/; classtype:trojan-activity;sid:84235040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.36.104.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371939/; classtype:trojan-activity;sid:84235039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.142.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371938/; classtype:trojan-activity;sid:84235038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.227.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371937/; classtype:trojan-activity;sid:84235037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371934/; classtype:trojan-activity;sid:84235034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371936/; classtype:trojan-activity;sid:84235036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.236.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371932/; classtype:trojan-activity;sid:84235032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.59.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371933/; classtype:trojan-activity;sid:84235033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.68.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371931/; classtype:trojan-activity;sid:84235031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.252.50.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371924/; classtype:trojan-activity;sid:84235024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.128.248.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371922/; classtype:trojan-activity;sid:84235022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.157.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371921/; classtype:trojan-activity;sid:84235021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.166.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371919/; classtype:trojan-activity;sid:84235019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.140.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371917/; classtype:trojan-activity;sid:84235017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"129.18.188.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371914/; classtype:trojan-activity;sid:84235014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371915/; classtype:trojan-activity;sid:84235015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.215.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371916/; classtype:trojan-activity;sid:84235016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.94.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371913/; classtype:trojan-activity;sid:84235013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.39.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371911/; classtype:trojan-activity;sid:84235011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.227.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371910/; classtype:trojan-activity;sid:84235010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.104.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371908/; classtype:trojan-activity;sid:84235008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371907/; classtype:trojan-activity;sid:84235007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.157.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371903/; classtype:trojan-activity;sid:84235003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371902/; classtype:trojan-activity;sid:84235002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.194.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371900/; classtype:trojan-activity;sid:84235000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.96.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371899/; classtype:trojan-activity;sid:84234999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.192.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371898/; classtype:trojan-activity;sid:84234998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371897/; classtype:trojan-activity;sid:84234997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.1.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371895/; classtype:trojan-activity;sid:84234995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.94.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371893/; classtype:trojan-activity;sid:84234993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.237.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371891/; classtype:trojan-activity;sid:84234991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.226.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371890/; classtype:trojan-activity;sid:84234990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371888/; classtype:trojan-activity;sid:84234988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371889/; classtype:trojan-activity;sid:84234989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.194.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371886/; classtype:trojan-activity;sid:84234986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.135.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371887/; classtype:trojan-activity;sid:84234987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371884/; classtype:trojan-activity;sid:84234984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.25.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371883/; classtype:trojan-activity;sid:84234983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.102.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371882/; classtype:trojan-activity;sid:84234982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371880/; classtype:trojan-activity;sid:84234980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.195.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371878/; classtype:trojan-activity;sid:84234978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.218.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371876/; classtype:trojan-activity;sid:84234976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.175.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371874/; classtype:trojan-activity;sid:84234974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.1.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371873/; classtype:trojan-activity;sid:84234973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.151.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371872/; classtype:trojan-activity;sid:84234972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.102.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371870/; classtype:trojan-activity;sid:84234970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.222.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371869/; classtype:trojan-activity;sid:84234969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371868/; classtype:trojan-activity;sid:84234968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.116.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371867/; classtype:trojan-activity;sid:84234967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.16.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371866/; classtype:trojan-activity;sid:84234966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.131.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371865/; classtype:trojan-activity;sid:84234965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.48.114.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371864/; classtype:trojan-activity;sid:84234964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.88.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371863/; classtype:trojan-activity;sid:84234963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.28.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371862/; classtype:trojan-activity;sid:84234962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.58.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371861/; classtype:trojan-activity;sid:84234961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.183.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371860/; classtype:trojan-activity;sid:84234960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.251.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371858/; classtype:trojan-activity;sid:84234958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.23.92.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371857/; classtype:trojan-activity;sid:84234957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371856/; classtype:trojan-activity;sid:84234956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.246.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371855/; classtype:trojan-activity;sid:84234955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.91.113.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371854/; classtype:trojan-activity;sid:84234954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.116.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371853/; classtype:trojan-activity;sid:84234953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.16.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371852/; classtype:trojan-activity;sid:84234952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.48.114.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371851/; classtype:trojan-activity;sid:84234951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.89.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371849/; classtype:trojan-activity;sid:84234949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.168.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371848/; classtype:trojan-activity;sid:84234948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.183.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371847/; classtype:trojan-activity;sid:84234947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.218.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371845/; classtype:trojan-activity;sid:84234945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.195.182.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371844/; classtype:trojan-activity;sid:84234944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371843/; classtype:trojan-activity;sid:84234943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.229.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371840/; classtype:trojan-activity;sid:84234940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.193.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371839/; classtype:trojan-activity;sid:84234939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.207.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371838/; classtype:trojan-activity;sid:84234938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.224.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371836/; classtype:trojan-activity;sid:84234936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.88.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371835/; classtype:trojan-activity;sid:84234935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371834/; classtype:trojan-activity;sid:84234934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.89.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371832/; classtype:trojan-activity;sid:84234932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.112.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371829/; classtype:trojan-activity;sid:84234929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.52.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371830/; classtype:trojan-activity;sid:84234930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.6.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371831/; classtype:trojan-activity;sid:84234931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.195.182.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371828/; classtype:trojan-activity;sid:84234928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.218.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371827/; classtype:trojan-activity;sid:84234927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371825/; classtype:trojan-activity;sid:84234925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.234.201.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371823/; classtype:trojan-activity;sid:84234923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371824/; classtype:trojan-activity;sid:84234924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.111.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371822/; classtype:trojan-activity;sid:84234922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.62.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371821/; classtype:trojan-activity;sid:84234921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.117.244.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371818/; classtype:trojan-activity;sid:84234918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371816/; classtype:trojan-activity;sid:84234916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.88.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371815/; classtype:trojan-activity;sid:84234915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.6.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371813/; classtype:trojan-activity;sid:84234913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371811/; classtype:trojan-activity;sid:84234911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.199.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371810/; classtype:trojan-activity;sid:84234910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.234.201.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371809/; classtype:trojan-activity;sid:84234909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.111.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371808/; classtype:trojan-activity;sid:84234908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.112.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371807/; classtype:trojan-activity;sid:84234907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.109.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371805/; classtype:trojan-activity;sid:84234905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371790/; classtype:trojan-activity;sid:84234890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.164.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371789/; classtype:trojan-activity;sid:84234889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.14.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371787/; classtype:trojan-activity;sid:84234887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.242.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3371786/; classtype:trojan-activity;sid:84234886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371785/; classtype:trojan-activity;sid:84234885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.140.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371784/; classtype:trojan-activity;sid:84234884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.44.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371783/; classtype:trojan-activity;sid:84234883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.71.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371782/; classtype:trojan-activity;sid:84234882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.146.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371781/; classtype:trojan-activity;sid:84234881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371780/; classtype:trojan-activity;sid:84234880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.45.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371779/; classtype:trojan-activity;sid:84234879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.16.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371778/; classtype:trojan-activity;sid:84234878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.212.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371777/; classtype:trojan-activity;sid:84234877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.98.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371776/; classtype:trojan-activity;sid:84234876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.130.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371774/; classtype:trojan-activity;sid:84234874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.47.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371775/; classtype:trojan-activity;sid:84234875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.19.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371773/; classtype:trojan-activity;sid:84234873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371772/; classtype:trojan-activity;sid:84234872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371771/; classtype:trojan-activity;sid:84234871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.59.153.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371770/; classtype:trojan-activity;sid:84234870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.95.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371769/; classtype:trojan-activity;sid:84234869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.231.63.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371768/; classtype:trojan-activity;sid:84234868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.10.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371767/; classtype:trojan-activity;sid:84234867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.254.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371766/; classtype:trojan-activity;sid:84234866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.110.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371765/; classtype:trojan-activity;sid:84234865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.222.96.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371764/; classtype:trojan-activity;sid:84234864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.154.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371762/; classtype:trojan-activity;sid:84234862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.45.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371763/; classtype:trojan-activity;sid:84234863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.40.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371761/; classtype:trojan-activity;sid:84234861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.80.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371760/; classtype:trojan-activity;sid:84234860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371759/; classtype:trojan-activity;sid:84234859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.146.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371758/; classtype:trojan-activity;sid:84234858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.98.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371757/; classtype:trojan-activity;sid:84234857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.179.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371756/; classtype:trojan-activity;sid:84234856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.185.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371755/; classtype:trojan-activity;sid:84234855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.89.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371754/; classtype:trojan-activity;sid:84234854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.211.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371753/; classtype:trojan-activity;sid:84234853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.218.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371752/; classtype:trojan-activity;sid:84234852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.19.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371751/; classtype:trojan-activity;sid:84234851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.47.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371750/; classtype:trojan-activity;sid:84234850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.142.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371749/; classtype:trojan-activity;sid:84234849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371748/; classtype:trojan-activity;sid:84234848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.243.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371747/; classtype:trojan-activity;sid:84234847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.123.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371745/; classtype:trojan-activity;sid:84234845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.209.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371746/; classtype:trojan-activity;sid:84234846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.139.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371743/; classtype:trojan-activity;sid:84234843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.128.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371744/; classtype:trojan-activity;sid:84234844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.233.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371742/; classtype:trojan-activity;sid:84234842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.40.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371741/; classtype:trojan-activity;sid:84234841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371740/; classtype:trojan-activity;sid:84234840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.222.96.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371739/; classtype:trojan-activity;sid:84234839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.153.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371738/; classtype:trojan-activity;sid:84234838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371735/; classtype:trojan-activity;sid:84234835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.168.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371736/; classtype:trojan-activity;sid:84234836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.210.135.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371737/; classtype:trojan-activity;sid:84234837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.130.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371734/; classtype:trojan-activity;sid:84234834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.86.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371733/; classtype:trojan-activity;sid:84234833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.218.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371731/; classtype:trojan-activity;sid:84234831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.123.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371732/; classtype:trojan-activity;sid:84234832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.4.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371730/; classtype:trojan-activity;sid:84234830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371729/; classtype:trojan-activity;sid:84234829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.126.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371727/; classtype:trojan-activity;sid:84234827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.37.110"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371728/; classtype:trojan-activity;sid:84234828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.103.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371726/; classtype:trojan-activity;sid:84234826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.146.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371725/; classtype:trojan-activity;sid:84234825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.233.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371724/; classtype:trojan-activity;sid:84234824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.4.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371723/; classtype:trojan-activity;sid:84234823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.123.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371722/; classtype:trojan-activity;sid:84234822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.217.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371720/; classtype:trojan-activity;sid:84234820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.4.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371721/; classtype:trojan-activity;sid:84234821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371719/; classtype:trojan-activity;sid:84234819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.91.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371718/; classtype:trojan-activity;sid:84234818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371717/; classtype:trojan-activity;sid:84234817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.11.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371716/; classtype:trojan-activity;sid:84234816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.126.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371715/; classtype:trojan-activity;sid:84234815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.168.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371714/; classtype:trojan-activity;sid:84234814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.164.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371713/; classtype:trojan-activity;sid:84234813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.76.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371712/; classtype:trojan-activity;sid:84234812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.188.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371711/; classtype:trojan-activity;sid:84234811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.97.95.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371710/; classtype:trojan-activity;sid:84234810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.86.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371709/; classtype:trojan-activity;sid:84234809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.117.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371708/; classtype:trojan-activity;sid:84234808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.4.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371707/; classtype:trojan-activity;sid:84234807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.148.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371705/; classtype:trojan-activity;sid:84234805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.33.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371706/; classtype:trojan-activity;sid:84234806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.181.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371704/; classtype:trojan-activity;sid:84234804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.53.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371703/; classtype:trojan-activity;sid:84234803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.217.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371702/; classtype:trojan-activity;sid:84234802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.49.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371700/; classtype:trojan-activity;sid:84234800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.166.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371701/; classtype:trojan-activity;sid:84234801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.240.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371699/; classtype:trojan-activity;sid:84234799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.47.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371698/; classtype:trojan-activity;sid:84234798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.91.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371697/; classtype:trojan-activity;sid:84234797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.26.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371696/; classtype:trojan-activity;sid:84234796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.231.63.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371695/; classtype:trojan-activity;sid:84234795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.198.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371694/; classtype:trojan-activity;sid:84234794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.76.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371692/; classtype:trojan-activity;sid:84234792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.11.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371693/; classtype:trojan-activity;sid:84234793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.236.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371691/; classtype:trojan-activity;sid:84234791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371690/; classtype:trojan-activity;sid:84234790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.143.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371689/; classtype:trojan-activity;sid:84234789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.212.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371688/; classtype:trojan-activity;sid:84234788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.61.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371685/; classtype:trojan-activity;sid:84234785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.146.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371686/; classtype:trojan-activity;sid:84234786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371687/; classtype:trojan-activity;sid:84234787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.95.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371684/; classtype:trojan-activity;sid:84234784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371683/; classtype:trojan-activity;sid:84234783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.131.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371682/; classtype:trojan-activity;sid:84234782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.15.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371681/; classtype:trojan-activity;sid:84234781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.181.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371680/; classtype:trojan-activity;sid:84234780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.43.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371679/; classtype:trojan-activity;sid:84234779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.89.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371678/; classtype:trojan-activity;sid:84234778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.91.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371677/; classtype:trojan-activity;sid:84234777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.237.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371676/; classtype:trojan-activity;sid:84234776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.198.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371675/; classtype:trojan-activity;sid:84234775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371674/; classtype:trojan-activity;sid:84234774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.15.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371673/; classtype:trojan-activity;sid:84234773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.131.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371672/; classtype:trojan-activity;sid:84234772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.107.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371671/; classtype:trojan-activity;sid:84234771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.64.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371670/; classtype:trojan-activity;sid:84234770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371669/; classtype:trojan-activity;sid:84234769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.226.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371668/; classtype:trojan-activity;sid:84234768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371667/; classtype:trojan-activity;sid:84234767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371666/; classtype:trojan-activity;sid:84234766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.251"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371665/; classtype:trojan-activity;sid:84234765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.5.162"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371664/; classtype:trojan-activity;sid:84234764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.70.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371662/; classtype:trojan-activity;sid:84234762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.168.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371663/; classtype:trojan-activity;sid:84234763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.125.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371661/; classtype:trojan-activity;sid:84234761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.106.121.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371660/; classtype:trojan-activity;sid:84234760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.243.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371659/; classtype:trojan-activity;sid:84234759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.92.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371658/; classtype:trojan-activity;sid:84234758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371657/; classtype:trojan-activity;sid:84234757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371656/; classtype:trojan-activity;sid:84234756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371654/; classtype:trojan-activity;sid:84234754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.247.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371655/; classtype:trojan-activity;sid:84234755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.91.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371653/; classtype:trojan-activity;sid:84234753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371652/; classtype:trojan-activity;sid:84234752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371651/; classtype:trojan-activity;sid:84234751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.59.154.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371650/; classtype:trojan-activity;sid:84234750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.47.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371649/; classtype:trojan-activity;sid:84234749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371648/; classtype:trojan-activity;sid:84234748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.145.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371647/; classtype:trojan-activity;sid:84234747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.237.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371646/; classtype:trojan-activity;sid:84234746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371645)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.30.92.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371645/; classtype:trojan-activity;sid:84234745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.243.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371644/; classtype:trojan-activity;sid:84234744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.128.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371643/; classtype:trojan-activity;sid:84234743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.242.157.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371642/; classtype:trojan-activity;sid:84234742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.61.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371641/; classtype:trojan-activity;sid:84234741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.157.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371638/; classtype:trojan-activity;sid:84234738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.133.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371639/; classtype:trojan-activity;sid:84234739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.103.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371640/; classtype:trojan-activity;sid:84234740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.16.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371637/; classtype:trojan-activity;sid:84234737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.202.63.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371636/; classtype:trojan-activity;sid:84234736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371635/; classtype:trojan-activity;sid:84234735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.35.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371634/; classtype:trojan-activity;sid:84234734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.154.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371633/; classtype:trojan-activity;sid:84234733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.135.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371632/; classtype:trojan-activity;sid:84234732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.190.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371631/; classtype:trojan-activity;sid:84234731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.70.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371630/; classtype:trojan-activity;sid:84234730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.43.192.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371629/; classtype:trojan-activity;sid:84234729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.89.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371628/; classtype:trojan-activity;sid:84234728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.110.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371627/; classtype:trojan-activity;sid:84234727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.103.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371626/; classtype:trojan-activity;sid:84234726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.158.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371625/; classtype:trojan-activity;sid:84234725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.157.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371624/; classtype:trojan-activity;sid:84234724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.171.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371623/; classtype:trojan-activity;sid:84234723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.32.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371621/; classtype:trojan-activity;sid:84234721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.223.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371622/; classtype:trojan-activity;sid:84234722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.35.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371619/; classtype:trojan-activity;sid:84234719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.78.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371620/; classtype:trojan-activity;sid:84234720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.151.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371618/; classtype:trojan-activity;sid:84234718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371617/; classtype:trojan-activity;sid:84234717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.167.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371616/; classtype:trojan-activity;sid:84234716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371615)"; flow:established,from_client; content:"GET"; http_method; content:"/vre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"194.5.97.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371615/; classtype:trojan-activity;sid:84234715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.78.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371614/; classtype:trojan-activity;sid:84234714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371613)"; flow:established,from_client; content:"GET"; http_method; content:"/naurggbg953nt9qeqbg3.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"klippetamea8.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371613/; classtype:trojan-activity;sid:84234713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.135.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371612/; classtype:trojan-activity;sid:84234712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.133.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371611/; classtype:trojan-activity;sid:84234711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.249.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371610/; classtype:trojan-activity;sid:84234710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.125.212.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371609/; classtype:trojan-activity;sid:84234709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.137.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371608/; classtype:trojan-activity;sid:84234708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.12.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371607/; classtype:trojan-activity;sid:84234707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.116.186.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371604/; classtype:trojan-activity;sid:84234704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.159.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371605/; classtype:trojan-activity;sid:84234705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.158.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371606/; classtype:trojan-activity;sid:84234706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.152.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371603/; classtype:trojan-activity;sid:84234703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.53.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371602/; classtype:trojan-activity;sid:84234702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.105.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371601/; classtype:trojan-activity;sid:84234701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.192.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371600/; classtype:trojan-activity;sid:84234700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.145.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371599/; classtype:trojan-activity;sid:84234699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.159.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371598/; classtype:trojan-activity;sid:84234698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.152.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371597/; classtype:trojan-activity;sid:84234697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.192.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371596/; classtype:trojan-activity;sid:84234696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.50.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371595/; classtype:trojan-activity;sid:84234695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.42.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371593/; classtype:trojan-activity;sid:84234693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.94.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371594/; classtype:trojan-activity;sid:84234694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.19.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371592/; classtype:trojan-activity;sid:84234692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.2.94"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371591/; classtype:trojan-activity;sid:84234691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.74.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371590/; classtype:trojan-activity;sid:84234690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371589/; classtype:trojan-activity;sid:84234689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.230.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371588/; classtype:trojan-activity;sid:84234688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371587/; classtype:trojan-activity;sid:84234687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.27.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371586/; classtype:trojan-activity;sid:84234686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.183.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371585/; classtype:trojan-activity;sid:84234685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.44.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371584/; classtype:trojan-activity;sid:84234684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.39.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371583/; classtype:trojan-activity;sid:84234683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371582/; classtype:trojan-activity;sid:84234682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.211.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371581/; classtype:trojan-activity;sid:84234681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371580/; classtype:trojan-activity;sid:84234680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.55.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371579/; classtype:trojan-activity;sid:84234679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.240.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371578/; classtype:trojan-activity;sid:84234678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.48.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371577/; classtype:trojan-activity;sid:84234677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.116.186.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371576/; classtype:trojan-activity;sid:84234676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.106.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371575/; classtype:trojan-activity;sid:84234675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371574/; classtype:trojan-activity;sid:84234674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.152.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371573/; classtype:trojan-activity;sid:84234673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.39.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371571/; classtype:trojan-activity;sid:84234671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.44.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371572/; classtype:trojan-activity;sid:84234672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371569/; classtype:trojan-activity;sid:84234669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.169.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371570/; classtype:trojan-activity;sid:84234670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.2.51"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371568/; classtype:trojan-activity;sid:84234668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.242.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371567/; classtype:trojan-activity;sid:84234667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.126.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371566/; classtype:trojan-activity;sid:84234666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.28.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371565/; classtype:trojan-activity;sid:84234665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371564/; classtype:trojan-activity;sid:84234664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371563/; classtype:trojan-activity;sid:84234663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.116.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371562/; classtype:trojan-activity;sid:84234662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371559/; classtype:trojan-activity;sid:84234659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.102.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371560/; classtype:trojan-activity;sid:84234660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.137.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371561/; classtype:trojan-activity;sid:84234661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.138.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371558/; classtype:trojan-activity;sid:84234658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.1.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371557/; classtype:trojan-activity;sid:84234657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371556)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.1.103.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371556/; classtype:trojan-activity;sid:84234656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.186.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371555/; classtype:trojan-activity;sid:84234655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.102.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371554/; classtype:trojan-activity;sid:84234654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.2.51"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371553/; classtype:trojan-activity;sid:84234653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371552/; classtype:trojan-activity;sid:84234652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.215.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371551/; classtype:trojan-activity;sid:84234651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.242.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371550/; classtype:trojan-activity;sid:84234650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371549/; classtype:trojan-activity;sid:84234649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.181.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371548/; classtype:trojan-activity;sid:84234648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.113.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371547/; classtype:trojan-activity;sid:84234647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371546)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vbjr.demo.ezra-ai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371546/; classtype:trojan-activity;sid:84234646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.199.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371545/; classtype:trojan-activity;sid:84234645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.190.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371544/; classtype:trojan-activity;sid:84234644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.113.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371542/; classtype:trojan-activity;sid:84234642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.233.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371543/; classtype:trojan-activity;sid:84234643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371541/; classtype:trojan-activity;sid:84234641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.165.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371540/; classtype:trojan-activity;sid:84234640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.138.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371539/; classtype:trojan-activity;sid:84234639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.32.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371538/; classtype:trojan-activity;sid:84234638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.14.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371537/; classtype:trojan-activity;sid:84234637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371536/; classtype:trojan-activity;sid:84234636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.211.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371535/; classtype:trojan-activity;sid:84234635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.113.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371534/; classtype:trojan-activity;sid:84234634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.14.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371533/; classtype:trojan-activity;sid:84234633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371532/; classtype:trojan-activity;sid:84234632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.114.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371531/; classtype:trojan-activity;sid:84234631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.151.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371530/; classtype:trojan-activity;sid:84234630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.54.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371529/; classtype:trojan-activity;sid:84234629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.83.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371528/; classtype:trojan-activity;sid:84234628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.114.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371527/; classtype:trojan-activity;sid:84234627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.88.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371526/; classtype:trojan-activity;sid:84234626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.43.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371525/; classtype:trojan-activity;sid:84234625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371524/; classtype:trojan-activity;sid:84234624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.114.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371523/; classtype:trojan-activity;sid:84234623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.84.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371522/; classtype:trojan-activity;sid:84234622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.131.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371521/; classtype:trojan-activity;sid:84234621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.181.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371520/; classtype:trojan-activity;sid:84234620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371517/; classtype:trojan-activity;sid:84234617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.88.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371518/; classtype:trojan-activity;sid:84234618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.178.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371519/; classtype:trojan-activity;sid:84234619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.164.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371516/; classtype:trojan-activity;sid:84234616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.114.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371515/; classtype:trojan-activity;sid:84234615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.223.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371514/; classtype:trojan-activity;sid:84234614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.207.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371513/; classtype:trojan-activity;sid:84234613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.123.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371512/; classtype:trojan-activity;sid:84234612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371511/; classtype:trojan-activity;sid:84234611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.84.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371510/; classtype:trojan-activity;sid:84234610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371509/; classtype:trojan-activity;sid:84234609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.245.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371508/; classtype:trojan-activity;sid:84234608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.185.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371507/; classtype:trojan-activity;sid:84234607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.207.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371506/; classtype:trojan-activity;sid:84234606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.223.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371505/; classtype:trojan-activity;sid:84234605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.83.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371504/; classtype:trojan-activity;sid:84234604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.126.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371503/; classtype:trojan-activity;sid:84234603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.41.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371501/; classtype:trojan-activity;sid:84234601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.247.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371502/; classtype:trojan-activity;sid:84234602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.209.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371500/; classtype:trojan-activity;sid:84234600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.83.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371499/; classtype:trojan-activity;sid:84234599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.72.166.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371498/; classtype:trojan-activity;sid:84234598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.168.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371497/; classtype:trojan-activity;sid:84234597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.163.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371496/; classtype:trojan-activity;sid:84234596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371495/; classtype:trojan-activity;sid:84234595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.39.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371494/; classtype:trojan-activity;sid:84234594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.74.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371493/; classtype:trojan-activity;sid:84234593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.196.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371492/; classtype:trojan-activity;sid:84234592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.181.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371491/; classtype:trojan-activity;sid:84234591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.125.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371490/; classtype:trojan-activity;sid:84234590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.103.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371489/; classtype:trojan-activity;sid:84234589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.39.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371488/; classtype:trojan-activity;sid:84234588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371487)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371487/; classtype:trojan-activity;sid:84234587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.223.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371485/; classtype:trojan-activity;sid:84234585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.195.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371486/; classtype:trojan-activity;sid:84234586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.96.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371484/; classtype:trojan-activity;sid:84234584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.97.244.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371483/; classtype:trojan-activity;sid:84234583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.109.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371482/; classtype:trojan-activity;sid:84234582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.70.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371481/; classtype:trojan-activity;sid:84234581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.98.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371480/; classtype:trojan-activity;sid:84234580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.62.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371479/; classtype:trojan-activity;sid:84234579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.133.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371478/; classtype:trojan-activity;sid:84234578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371477/; classtype:trojan-activity;sid:84234577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.241.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371475/; classtype:trojan-activity;sid:84234575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.4.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371476/; classtype:trojan-activity;sid:84234576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.32.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371474/; classtype:trojan-activity;sid:84234574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.107.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371473/; classtype:trojan-activity;sid:84234573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.132.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371472/; classtype:trojan-activity;sid:84234572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.149.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371471/; classtype:trojan-activity;sid:84234571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.255.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371470/; classtype:trojan-activity;sid:84234570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.62.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371469/; classtype:trojan-activity;sid:84234569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.28.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371467/; classtype:trojan-activity;sid:84234567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.181.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371468/; classtype:trojan-activity;sid:84234568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.115.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371466/; classtype:trojan-activity;sid:84234566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371465/; classtype:trojan-activity;sid:84234565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371464/; classtype:trojan-activity;sid:84234564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.32.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371463/; classtype:trojan-activity;sid:84234563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.32.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371462/; classtype:trojan-activity;sid:84234562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.6.85"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371461/; classtype:trojan-activity;sid:84234561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.252.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371460/; classtype:trojan-activity;sid:84234560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.95.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371459/; classtype:trojan-activity;sid:84234559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.28.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371458/; classtype:trojan-activity;sid:84234558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.254.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371456/; classtype:trojan-activity;sid:84234556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371457/; classtype:trojan-activity;sid:84234557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.195.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371455/; classtype:trojan-activity;sid:84234555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.7.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371454/; classtype:trojan-activity;sid:84234554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371453/; classtype:trojan-activity;sid:84234553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371452)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.74.203.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371452/; classtype:trojan-activity;sid:84234552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.243.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371451/; classtype:trojan-activity;sid:84234551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.126.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371450/; classtype:trojan-activity;sid:84234550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371449/; classtype:trojan-activity;sid:84234549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.32.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371448/; classtype:trojan-activity;sid:84234548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.171.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371447/; classtype:trojan-activity;sid:84234547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.153.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371446/; classtype:trojan-activity;sid:84234546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.95.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371445/; classtype:trojan-activity;sid:84234545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371444/; classtype:trojan-activity;sid:84234544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.243.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371443/; classtype:trojan-activity;sid:84234543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.159.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371442/; classtype:trojan-activity;sid:84234542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371441/; classtype:trojan-activity;sid:84234541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.247.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371440/; classtype:trojan-activity;sid:84234540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371438/; classtype:trojan-activity;sid:84234538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371439/; classtype:trojan-activity;sid:84234539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371437/; classtype:trojan-activity;sid:84234537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.145.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371436/; classtype:trojan-activity;sid:84234536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.74.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371435/; classtype:trojan-activity;sid:84234535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371434/; classtype:trojan-activity;sid:84234534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.118.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371433/; classtype:trojan-activity;sid:84234533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.169.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371432/; classtype:trojan-activity;sid:84234532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.145.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371431/; classtype:trojan-activity;sid:84234531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.233.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371430/; classtype:trojan-activity;sid:84234530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.89.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371429/; classtype:trojan-activity;sid:84234529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.178.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371428/; classtype:trojan-activity;sid:84234528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.74.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371427/; classtype:trojan-activity;sid:84234527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.11.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371425/; classtype:trojan-activity;sid:84234525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.232.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371426/; classtype:trojan-activity;sid:84234526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.7.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371424/; classtype:trojan-activity;sid:84234524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.189.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371423/; classtype:trojan-activity;sid:84234523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.183.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371422/; classtype:trojan-activity;sid:84234522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.11.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371421/; classtype:trojan-activity;sid:84234521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.131.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371420/; classtype:trojan-activity;sid:84234520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.206.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371419/; classtype:trojan-activity;sid:84234519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.178.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371417/; classtype:trojan-activity;sid:84234517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.190.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371418/; classtype:trojan-activity;sid:84234518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.86.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371416/; classtype:trojan-activity;sid:84234516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.157.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371415/; classtype:trojan-activity;sid:84234515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.33.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371414/; classtype:trojan-activity;sid:84234514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.0.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371413/; classtype:trojan-activity;sid:84234513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371412)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.50.26.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371412/; classtype:trojan-activity;sid:84234512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.89.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371411/; classtype:trojan-activity;sid:84234511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.183.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371410/; classtype:trojan-activity;sid:84234510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.29.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371409/; classtype:trojan-activity;sid:84234509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.189.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371408/; classtype:trojan-activity;sid:84234508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.205.178.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371407/; classtype:trojan-activity;sid:84234507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371406/; classtype:trojan-activity;sid:84234506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.51.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371405/; classtype:trojan-activity;sid:84234505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.220.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371404/; classtype:trojan-activity;sid:84234504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.82.240"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371403/; classtype:trojan-activity;sid:84234503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.97.218.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371402/; classtype:trojan-activity;sid:84234502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.157.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371401/; classtype:trojan-activity;sid:84234501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.211.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371400/; classtype:trojan-activity;sid:84234500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.170.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371399/; classtype:trojan-activity;sid:84234499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371398/; classtype:trojan-activity;sid:84234498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.136.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371395/; classtype:trojan-activity;sid:84234495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371396/; classtype:trojan-activity;sid:84234496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.113.102.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371397/; classtype:trojan-activity;sid:84234497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.220.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371394/; classtype:trojan-activity;sid:84234494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.205.178.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371393/; classtype:trojan-activity;sid:84234493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.189.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371392/; classtype:trojan-activity;sid:84234492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.51.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371391/; classtype:trojan-activity;sid:84234491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.90.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371390/; classtype:trojan-activity;sid:84234490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.241.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371389/; classtype:trojan-activity;sid:84234489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371388/; classtype:trojan-activity;sid:84234488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.25.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371386/; classtype:trojan-activity;sid:84234486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.17.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371387/; classtype:trojan-activity;sid:84234487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.97.218.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371385/; classtype:trojan-activity;sid:84234485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.149.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371384/; classtype:trojan-activity;sid:84234484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371383/; classtype:trojan-activity;sid:84234483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.184.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371382/; classtype:trojan-activity;sid:84234482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.70.80.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371381/; classtype:trojan-activity;sid:84234481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.11.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371379/; classtype:trojan-activity;sid:84234479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.216.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371380/; classtype:trojan-activity;sid:84234480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.40.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371378/; classtype:trojan-activity;sid:84234478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.175.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371377/; classtype:trojan-activity;sid:84234477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371376/; classtype:trojan-activity;sid:84234476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.253.122.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371375/; classtype:trojan-activity;sid:84234475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.35.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371374/; classtype:trojan-activity;sid:84234474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.3.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371373/; classtype:trojan-activity;sid:84234473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.167.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371372/; classtype:trojan-activity;sid:84234472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371371/; classtype:trojan-activity;sid:84234471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.216.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371370/; classtype:trojan-activity;sid:84234470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.37.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371369/; classtype:trojan-activity;sid:84234469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.0.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371367/; classtype:trojan-activity;sid:84234467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.206.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371368/; classtype:trojan-activity;sid:84234468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.6.108.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371365/; classtype:trojan-activity;sid:84234465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371366/; classtype:trojan-activity;sid:84234466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371363/; classtype:trojan-activity;sid:84234463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.17.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371364/; classtype:trojan-activity;sid:84234464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.106.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371362/; classtype:trojan-activity;sid:84234462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.90.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371361/; classtype:trojan-activity;sid:84234461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.209.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371359/; classtype:trojan-activity;sid:84234459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.56.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371360/; classtype:trojan-activity;sid:84234460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.3.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371358/; classtype:trojan-activity;sid:84234458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371356/; classtype:trojan-activity;sid:84234456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.169.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371357/; classtype:trojan-activity;sid:84234457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.146.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371355/; classtype:trojan-activity;sid:84234455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.21.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371351/; classtype:trojan-activity;sid:84234451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.88.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371352/; classtype:trojan-activity;sid:84234452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371353)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.213.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371353/; classtype:trojan-activity;sid:84234453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.250.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371354/; classtype:trojan-activity;sid:84234454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.240.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371350/; classtype:trojan-activity;sid:84234450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.253.122.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371349/; classtype:trojan-activity;sid:84234449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.15.153"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371348/; classtype:trojan-activity;sid:84234448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371347/; classtype:trojan-activity;sid:84234447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.113.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371346/; classtype:trojan-activity;sid:84234446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.108.59.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371345/; classtype:trojan-activity;sid:84234445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.21.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371344/; classtype:trojan-activity;sid:84234444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371343/; classtype:trojan-activity;sid:84234443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.37.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371342/; classtype:trojan-activity;sid:84234442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.206.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371341/; classtype:trojan-activity;sid:84234441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.203.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371340/; classtype:trojan-activity;sid:84234440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.15.153"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371339/; classtype:trojan-activity;sid:84234439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371338/; classtype:trojan-activity;sid:84234438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371337/; classtype:trojan-activity;sid:84234437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.21.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371336/; classtype:trojan-activity;sid:84234436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.240.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371335/; classtype:trojan-activity;sid:84234435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.105.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371334/; classtype:trojan-activity;sid:84234434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.217.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371333/; classtype:trojan-activity;sid:84234433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.88.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371332/; classtype:trojan-activity;sid:84234432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371331/; classtype:trojan-activity;sid:84234431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.54.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371330/; classtype:trojan-activity;sid:84234430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.88.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371329/; classtype:trojan-activity;sid:84234429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371328/; classtype:trojan-activity;sid:84234428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.28.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371327/; classtype:trojan-activity;sid:84234427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371326/; classtype:trojan-activity;sid:84234426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371325/; classtype:trojan-activity;sid:84234425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371324/; classtype:trojan-activity;sid:84234424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371322/; classtype:trojan-activity;sid:84234422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.12.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371323/; classtype:trojan-activity;sid:84234423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.150.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371321/; classtype:trojan-activity;sid:84234421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.203.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371320/; classtype:trojan-activity;sid:84234420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.2.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371319/; classtype:trojan-activity;sid:84234419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.220.114.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371318/; classtype:trojan-activity;sid:84234418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371317)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.226.170.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371317/; classtype:trojan-activity;sid:84234417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.140.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371316/; classtype:trojan-activity;sid:84234416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.94.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371315/; classtype:trojan-activity;sid:84234415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.130.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371314/; classtype:trojan-activity;sid:84234414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371313/; classtype:trojan-activity;sid:84234413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.209.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371312/; classtype:trojan-activity;sid:84234412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.92.70"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371311/; classtype:trojan-activity;sid:84234411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.2.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371310/; classtype:trojan-activity;sid:84234410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.178.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371309/; classtype:trojan-activity;sid:84234409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.52.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371308/; classtype:trojan-activity;sid:84234408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.220.114.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371307/; classtype:trojan-activity;sid:84234407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.97.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371306/; classtype:trojan-activity;sid:84234406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.106.121.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371305/; classtype:trojan-activity;sid:84234405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.32.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371304/; classtype:trojan-activity;sid:84234404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.12.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371303/; classtype:trojan-activity;sid:84234403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.209.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371301/; classtype:trojan-activity;sid:84234401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.167.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371302/; classtype:trojan-activity;sid:84234402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.190.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371300/; classtype:trojan-activity;sid:84234400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.244.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371299/; classtype:trojan-activity;sid:84234399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.41.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371298/; classtype:trojan-activity;sid:84234398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.150.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371297/; classtype:trojan-activity;sid:84234397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.64.81"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371296/; classtype:trojan-activity;sid:84234396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.15.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371295/; classtype:trojan-activity;sid:84234395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.130.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371294/; classtype:trojan-activity;sid:84234394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371291/; classtype:trojan-activity;sid:84234391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.217.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371292/; classtype:trojan-activity;sid:84234392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.132.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371293/; classtype:trojan-activity;sid:84234393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.105.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371290/; classtype:trojan-activity;sid:84234390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.83.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371288/; classtype:trojan-activity;sid:84234388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.19.133.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371289/; classtype:trojan-activity;sid:84234389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.37.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371287/; classtype:trojan-activity;sid:84234387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371286/; classtype:trojan-activity;sid:84234386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.27.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371285/; classtype:trojan-activity;sid:84234385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371284/; classtype:trojan-activity;sid:84234384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.216.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371283/; classtype:trojan-activity;sid:84234383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.208.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371282/; classtype:trojan-activity;sid:84234382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.244.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371281/; classtype:trojan-activity;sid:84234381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.137.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371280/; classtype:trojan-activity;sid:84234380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371279/; classtype:trojan-activity;sid:84234379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.15.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371278/; classtype:trojan-activity;sid:84234378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.26.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371277/; classtype:trojan-activity;sid:84234377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.182.152.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371276/; classtype:trojan-activity;sid:84234376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.87.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371275/; classtype:trojan-activity;sid:84234375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.58.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371274/; classtype:trojan-activity;sid:84234374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.94.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371273/; classtype:trojan-activity;sid:84234373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.16.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371272/; classtype:trojan-activity;sid:84234372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371271/; classtype:trojan-activity;sid:84234371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.216.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371270/; classtype:trojan-activity;sid:84234370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.17.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371269/; classtype:trojan-activity;sid:84234369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371268/; classtype:trojan-activity;sid:84234368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371267/; classtype:trojan-activity;sid:84234367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.83.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371259/; classtype:trojan-activity;sid:84234359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371260/; classtype:trojan-activity;sid:84234360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371261/; classtype:trojan-activity;sid:84234361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.204.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371262/; classtype:trojan-activity;sid:84234362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.173.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371263/; classtype:trojan-activity;sid:84234363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.201.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371264/; classtype:trojan-activity;sid:84234364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.204.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371265/; classtype:trojan-activity;sid:84234365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.23.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371266/; classtype:trojan-activity;sid:84234366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.58.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371258/; classtype:trojan-activity;sid:84234358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.214.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371257/; classtype:trojan-activity;sid:84234357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.137.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371254/; classtype:trojan-activity;sid:84234354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.118.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371255/; classtype:trojan-activity;sid:84234355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371256/; classtype:trojan-activity;sid:84234356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.36.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371253/; classtype:trojan-activity;sid:84234353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.177.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371252/; classtype:trojan-activity;sid:84234352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.92.70"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371251/; classtype:trojan-activity;sid:84234351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.49.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371250/; classtype:trojan-activity;sid:84234350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.64.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371249/; classtype:trojan-activity;sid:84234349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.182.152.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371248/; classtype:trojan-activity;sid:84234348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.16.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371247/; classtype:trojan-activity;sid:84234347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371246/; classtype:trojan-activity;sid:84234346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.162.36.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371245/; classtype:trojan-activity;sid:84234345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.25.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371244/; classtype:trojan-activity;sid:84234344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.73.75.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371243/; classtype:trojan-activity;sid:84234343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.198.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371242/; classtype:trojan-activity;sid:84234342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371241/; classtype:trojan-activity;sid:84234341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371240/; classtype:trojan-activity;sid:84234340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371239/; classtype:trojan-activity;sid:84234339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.43.198.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371238/; classtype:trojan-activity;sid:84234338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.93.149.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371237/; classtype:trojan-activity;sid:84234337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.184.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371236/; classtype:trojan-activity;sid:84234336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.109.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371235/; classtype:trojan-activity;sid:84234335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.97.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371234/; classtype:trojan-activity;sid:84234334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.143.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371233/; classtype:trojan-activity;sid:84234333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.182.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371232/; classtype:trojan-activity;sid:84234332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.73.75.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371231/; classtype:trojan-activity;sid:84234331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371230/; classtype:trojan-activity;sid:84234330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.97.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371228/; classtype:trojan-activity;sid:84234328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.49.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371229/; classtype:trojan-activity;sid:84234329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371227/; classtype:trojan-activity;sid:84234327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.188.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371226/; classtype:trojan-activity;sid:84234326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.134.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371225/; classtype:trojan-activity;sid:84234325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.140.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371224/; classtype:trojan-activity;sid:84234324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371223/; classtype:trojan-activity;sid:84234323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.250.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371222/; classtype:trojan-activity;sid:84234322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371221)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.115.122.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371221/; classtype:trojan-activity;sid:84234321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.184.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371220/; classtype:trojan-activity;sid:84234320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.242.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371219/; classtype:trojan-activity;sid:84234319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.109.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371218/; classtype:trojan-activity;sid:84234318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.40.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371217/; classtype:trojan-activity;sid:84234317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.143.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371216/; classtype:trojan-activity;sid:84234316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.96.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371214/; classtype:trojan-activity;sid:84234314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371215/; classtype:trojan-activity;sid:84234315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.181.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371213/; classtype:trojan-activity;sid:84234313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.33.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371212/; classtype:trojan-activity;sid:84234312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.72.125"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371211/; classtype:trojan-activity;sid:84234311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.22.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371210/; classtype:trojan-activity;sid:84234310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.140.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371209/; classtype:trojan-activity;sid:84234309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.65.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371208/; classtype:trojan-activity;sid:84234308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.0.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371207/; classtype:trojan-activity;sid:84234307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371206/; classtype:trojan-activity;sid:84234306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.175.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371205/; classtype:trojan-activity;sid:84234305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.213.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371204/; classtype:trojan-activity;sid:84234304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.23.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371203/; classtype:trojan-activity;sid:84234303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.191.166.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371202/; classtype:trojan-activity;sid:84234302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.39.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371201/; classtype:trojan-activity;sid:84234301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371200)"; flow:established,from_client; content:"GET"; http_method; content:"/d/assignment.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.208.206.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371200/; classtype:trojan-activity;sid:84234300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371198)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.216.16.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371198/; classtype:trojan-activity;sid:84234298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.24.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371199/; classtype:trojan-activity;sid:84234299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371197)"; flow:established,from_client; content:"GET"; http_method; content:"/dasmei/download/play.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"api-conect-v1.digital"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371197/; classtype:trojan-activity;sid:84234297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.112.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371194/; classtype:trojan-activity;sid:84234294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.96.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371195/; classtype:trojan-activity;sid:84234295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.121.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371193/; classtype:trojan-activity;sid:84234293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.104.169.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371192/; classtype:trojan-activity;sid:84234292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.235.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371191/; classtype:trojan-activity;sid:84234291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.250.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371190/; classtype:trojan-activity;sid:84234290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.65.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371187/; classtype:trojan-activity;sid:84234287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.128.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371188/; classtype:trojan-activity;sid:84234288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.34.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371189/; classtype:trojan-activity;sid:84234289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.185.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371186/; classtype:trojan-activity;sid:84234286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.138.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371185/; classtype:trojan-activity;sid:84234285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.33.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371184/; classtype:trojan-activity;sid:84234284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.19.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371183/; classtype:trojan-activity;sid:84234283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.191.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371181/; classtype:trojan-activity;sid:84234281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.153.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371182/; classtype:trojan-activity;sid:84234282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.209.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371180/; classtype:trojan-activity;sid:84234280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.114.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371177/; classtype:trojan-activity;sid:84234277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.22.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371178/; classtype:trojan-activity;sid:84234278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.19.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371179/; classtype:trojan-activity;sid:84234279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.164.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371176/; classtype:trojan-activity;sid:84234276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.23.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371175/; classtype:trojan-activity;sid:84234275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.128.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371174/; classtype:trojan-activity;sid:84234274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.24.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371172/; classtype:trojan-activity;sid:84234272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.121.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371173/; classtype:trojan-activity;sid:84234273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.180.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371171/; classtype:trojan-activity;sid:84234271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371170/; classtype:trojan-activity;sid:84234270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.214.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371169/; classtype:trojan-activity;sid:84234269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.14.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371168/; classtype:trojan-activity;sid:84234268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371167/; classtype:trojan-activity;sid:84234267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.226.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371166/; classtype:trojan-activity;sid:84234266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.179.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371165/; classtype:trojan-activity;sid:84234265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.153.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371164/; classtype:trojan-activity;sid:84234264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.212.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371162/; classtype:trojan-activity;sid:84234262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.140"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371163/; classtype:trojan-activity;sid:84234263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.241.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371161/; classtype:trojan-activity;sid:84234261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.129.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371160/; classtype:trojan-activity;sid:84234260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.35.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371159/; classtype:trojan-activity;sid:84234259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.253.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371158/; classtype:trojan-activity;sid:84234258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.14.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371157/; classtype:trojan-activity;sid:84234257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.121.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371156/; classtype:trojan-activity;sid:84234256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371155/; classtype:trojan-activity;sid:84234255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.177.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371154/; classtype:trojan-activity;sid:84234254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.249.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371153/; classtype:trojan-activity;sid:84234253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.181.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371152/; classtype:trojan-activity;sid:84234252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.61.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371151/; classtype:trojan-activity;sid:84234251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371150/; classtype:trojan-activity;sid:84234250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.85.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371149/; classtype:trojan-activity;sid:84234249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371148/; classtype:trojan-activity;sid:84234248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.240.51.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371147/; classtype:trojan-activity;sid:84234247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.46.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371146/; classtype:trojan-activity;sid:84234246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.78.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371145/; classtype:trojan-activity;sid:84234245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.104.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371144/; classtype:trojan-activity;sid:84234244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.181.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371143/; classtype:trojan-activity;sid:84234243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.185.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371142/; classtype:trojan-activity;sid:84234242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371141/; classtype:trojan-activity;sid:84234241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.92.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371140/; classtype:trojan-activity;sid:84234240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.70.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371139/; classtype:trojan-activity;sid:84234239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.252.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371138/; classtype:trojan-activity;sid:84234238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.240.51.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371137/; classtype:trojan-activity;sid:84234237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371136/; classtype:trojan-activity;sid:84234236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.177.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371135/; classtype:trojan-activity;sid:84234235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.253.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371134/; classtype:trojan-activity;sid:84234234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.233.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371133/; classtype:trojan-activity;sid:84234233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.58.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371132/; classtype:trojan-activity;sid:84234232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.61.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371131/; classtype:trojan-activity;sid:84234231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.107.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371130/; classtype:trojan-activity;sid:84234230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.129.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371129/; classtype:trojan-activity;sid:84234229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.1.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371128/; classtype:trojan-activity;sid:84234228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.10.37.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371127/; classtype:trojan-activity;sid:84234227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.68.110.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371125/; classtype:trojan-activity;sid:84234225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.6.166"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371126/; classtype:trojan-activity;sid:84234226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.113.101.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371121/; classtype:trojan-activity;sid:84234221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371122/; classtype:trojan-activity;sid:84234222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371123/; classtype:trojan-activity;sid:84234223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371124/; classtype:trojan-activity;sid:84234224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.21.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371120/; classtype:trojan-activity;sid:84234220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.249.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371119/; classtype:trojan-activity;sid:84234219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.89.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371118/; classtype:trojan-activity;sid:84234218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.104.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371117/; classtype:trojan-activity;sid:84234217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.209.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371116/; classtype:trojan-activity;sid:84234216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.14.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371115/; classtype:trojan-activity;sid:84234215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.172.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371114/; classtype:trojan-activity;sid:84234214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.96.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371113/; classtype:trojan-activity;sid:84234213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.140.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371112/; classtype:trojan-activity;sid:84234212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.238.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371111/; classtype:trojan-activity;sid:84234211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.208.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371109/; classtype:trojan-activity;sid:84234209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.162.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371110/; classtype:trojan-activity;sid:84234210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.183.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371108/; classtype:trojan-activity;sid:84234208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.245.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371107/; classtype:trojan-activity;sid:84234207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.36.176.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371106/; classtype:trojan-activity;sid:84234206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.41.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371104/; classtype:trojan-activity;sid:84234204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.162.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371105/; classtype:trojan-activity;sid:84234205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.154.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371103/; classtype:trojan-activity;sid:84234203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.54.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371102/; classtype:trojan-activity;sid:84234202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.212.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371101/; classtype:trojan-activity;sid:84234201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.90.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371100/; classtype:trojan-activity;sid:84234200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.66.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371098/; classtype:trojan-activity;sid:84234198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.96.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371099/; classtype:trojan-activity;sid:84234199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.139.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371097/; classtype:trojan-activity;sid:84234197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.185.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371096/; classtype:trojan-activity;sid:84234196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.206.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371095/; classtype:trojan-activity;sid:84234195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.162.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371094/; classtype:trojan-activity;sid:84234194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.181.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371093/; classtype:trojan-activity;sid:84234193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.132.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371090/; classtype:trojan-activity;sid:84234190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371091/; classtype:trojan-activity;sid:84234191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371092/; classtype:trojan-activity;sid:84234192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.154.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371089/; classtype:trojan-activity;sid:84234189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371088/; classtype:trojan-activity;sid:84234188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.248.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371087/; classtype:trojan-activity;sid:84234187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.151.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371086/; classtype:trojan-activity;sid:84234186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.35.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371085/; classtype:trojan-activity;sid:84234185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.90.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371084/; classtype:trojan-activity;sid:84234184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.176.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371083/; classtype:trojan-activity;sid:84234183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.73.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371082/; classtype:trojan-activity;sid:84234182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.164.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371081/; classtype:trojan-activity;sid:84234181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.249.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371079/; classtype:trojan-activity;sid:84234179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.206.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371080/; classtype:trojan-activity;sid:84234180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371078/; classtype:trojan-activity;sid:84234178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371077/; classtype:trojan-activity;sid:84234177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.132.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371076/; classtype:trojan-activity;sid:84234176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.79.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371075/; classtype:trojan-activity;sid:84234175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371074/; classtype:trojan-activity;sid:84234174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.141.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371073/; classtype:trojan-activity;sid:84234173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.108.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371072/; classtype:trojan-activity;sid:84234172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.130.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371071/; classtype:trojan-activity;sid:84234171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.41.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371070/; classtype:trojan-activity;sid:84234170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.30.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371069/; classtype:trojan-activity;sid:84234169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.87.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371068/; classtype:trojan-activity;sid:84234168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.103.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371067/; classtype:trojan-activity;sid:84234167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371066/; classtype:trojan-activity;sid:84234166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.186.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371065/; classtype:trojan-activity;sid:84234165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371064/; classtype:trojan-activity;sid:84234164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.123.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371063/; classtype:trojan-activity;sid:84234163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.51.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371062/; classtype:trojan-activity;sid:84234162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.45.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371059/; classtype:trojan-activity;sid:84234159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.46.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371060/; classtype:trojan-activity;sid:84234160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.174.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371061/; classtype:trojan-activity;sid:84234161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.249.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371058/; classtype:trojan-activity;sid:84234158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.236.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371057/; classtype:trojan-activity;sid:84234157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.117.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371056/; classtype:trojan-activity;sid:84234156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.211.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371055/; classtype:trojan-activity;sid:84234155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371054/; classtype:trojan-activity;sid:84234154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371053/; classtype:trojan-activity;sid:84234153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371052/; classtype:trojan-activity;sid:84234152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.49.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371051/; classtype:trojan-activity;sid:84234151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.75.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371050/; classtype:trojan-activity;sid:84234150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371049/; classtype:trojan-activity;sid:84234149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371048/; classtype:trojan-activity;sid:84234148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.110.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371047/; classtype:trojan-activity;sid:84234147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.228.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371046/; classtype:trojan-activity;sid:84234146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371044/; classtype:trojan-activity;sid:84234144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.123.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371045/; classtype:trojan-activity;sid:84234145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.50.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371042/; classtype:trojan-activity;sid:84234142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.46.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371043/; classtype:trojan-activity;sid:84234143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.46.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371041/; classtype:trojan-activity;sid:84234141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.174.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371040/; classtype:trojan-activity;sid:84234140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371039/; classtype:trojan-activity;sid:84234139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371038/; classtype:trojan-activity;sid:84234138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.75.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371037/; classtype:trojan-activity;sid:84234137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.244.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371036/; classtype:trojan-activity;sid:84234136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.161.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371035/; classtype:trojan-activity;sid:84234135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.18.126.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371033/; classtype:trojan-activity;sid:84234133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.49.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371034/; classtype:trojan-activity;sid:84234134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.240.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371030/; classtype:trojan-activity;sid:84234130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371031/; classtype:trojan-activity;sid:84234131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.255.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371032/; classtype:trojan-activity;sid:84234132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.111.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371029/; classtype:trojan-activity;sid:84234129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.56.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371028/; classtype:trojan-activity;sid:84234128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.205.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371027/; classtype:trojan-activity;sid:84234127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.177.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371024/; classtype:trojan-activity;sid:84234124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371025/; classtype:trojan-activity;sid:84234125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.142.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371026/; classtype:trojan-activity;sid:84234126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.113.111.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371023/; classtype:trojan-activity;sid:84234123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.88.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371022/; classtype:trojan-activity;sid:84234122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.175.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371021/; classtype:trojan-activity;sid:84234121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.126.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371020/; classtype:trojan-activity;sid:84234120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.212.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371019/; classtype:trojan-activity;sid:84234119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371018/; classtype:trojan-activity;sid:84234118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371017/; classtype:trojan-activity;sid:84234117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.177.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371016/; classtype:trojan-activity;sid:84234116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.46.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371015/; classtype:trojan-activity;sid:84234115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.59.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371014/; classtype:trojan-activity;sid:84234114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.26.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371013/; classtype:trojan-activity;sid:84234113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.55.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371012/; classtype:trojan-activity;sid:84234112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.22.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371011/; classtype:trojan-activity;sid:84234111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371010/; classtype:trojan-activity;sid:84234110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.161.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371009/; classtype:trojan-activity;sid:84234109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.244.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371008/; classtype:trojan-activity;sid:84234108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.111.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371007/; classtype:trojan-activity;sid:84234107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371006/; classtype:trojan-activity;sid:84234106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.9.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371005/; classtype:trojan-activity;sid:84234105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.231.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371004/; classtype:trojan-activity;sid:84234104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371003/; classtype:trojan-activity;sid:84234103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371002/; classtype:trojan-activity;sid:84234102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.212.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371001/; classtype:trojan-activity;sid:84234101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.205.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370999/; classtype:trojan-activity;sid:84234099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.56.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371000/; classtype:trojan-activity;sid:84234100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.181.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370998/; classtype:trojan-activity;sid:84234098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.143.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370997/; classtype:trojan-activity;sid:84234097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.126.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370996/; classtype:trojan-activity;sid:84234096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.166.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370995/; classtype:trojan-activity;sid:84234095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.43.5.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370994/; classtype:trojan-activity;sid:84234094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.115.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370993/; classtype:trojan-activity;sid:84234093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.115.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370992/; classtype:trojan-activity;sid:84234092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370991/; classtype:trojan-activity;sid:84234091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.113.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370990/; classtype:trojan-activity;sid:84234090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.150.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370987/; classtype:trojan-activity;sid:84234087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.83.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370988/; classtype:trojan-activity;sid:84234088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370989/; classtype:trojan-activity;sid:84234089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.47.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370986/; classtype:trojan-activity;sid:84234086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.20.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370985/; classtype:trojan-activity;sid:84234085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.66.212"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370984/; classtype:trojan-activity;sid:84234084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370983/; classtype:trojan-activity;sid:84234083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.153.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370982/; classtype:trojan-activity;sid:84234082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370981/; classtype:trojan-activity;sid:84234081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.231.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370980/; classtype:trojan-activity;sid:84234080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.135.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370979/; classtype:trojan-activity;sid:84234079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370978/; classtype:trojan-activity;sid:84234078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.71.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370976/; classtype:trojan-activity;sid:84234076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.232.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370977/; classtype:trojan-activity;sid:84234077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370975/; classtype:trojan-activity;sid:84234075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.228.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370974/; classtype:trojan-activity;sid:84234074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.52.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370973/; classtype:trojan-activity;sid:84234073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.143.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370971/; classtype:trojan-activity;sid:84234071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.251.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370972/; classtype:trojan-activity;sid:84234072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.181.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370970/; classtype:trojan-activity;sid:84234070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370969/; classtype:trojan-activity;sid:84234069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.20.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370968/; classtype:trojan-activity;sid:84234068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.224.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370967/; classtype:trojan-activity;sid:84234067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.153.73.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370966/; classtype:trojan-activity;sid:84234066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370965/; classtype:trojan-activity;sid:84234065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.195.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370964/; classtype:trojan-activity;sid:84234064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.199.119.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370963/; classtype:trojan-activity;sid:84234063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.213.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370962/; classtype:trojan-activity;sid:84234062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370961/; classtype:trojan-activity;sid:84234061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.59.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370960/; classtype:trojan-activity;sid:84234060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.92.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370959/; classtype:trojan-activity;sid:84234059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.77.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370958/; classtype:trojan-activity;sid:84234058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.245.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370957/; classtype:trojan-activity;sid:84234057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.19.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370956/; classtype:trojan-activity;sid:84234056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.235.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370955/; classtype:trojan-activity;sid:84234055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.72.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370954/; classtype:trojan-activity;sid:84234054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.251.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370953/; classtype:trojan-activity;sid:84234053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.155.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370952/; classtype:trojan-activity;sid:84234052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.188.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370950/; classtype:trojan-activity;sid:84234050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.28.178"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370951/; classtype:trojan-activity;sid:84234051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.28.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370949/; classtype:trojan-activity;sid:84234049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.92.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370948/; classtype:trojan-activity;sid:84234048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370947/; classtype:trojan-activity;sid:84234047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.143.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370946/; classtype:trojan-activity;sid:84234046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.97.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370945/; classtype:trojan-activity;sid:84234045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.175.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370944/; classtype:trojan-activity;sid:84234044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.173.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370943/; classtype:trojan-activity;sid:84234043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.112.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370942/; classtype:trojan-activity;sid:84234042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370941/; classtype:trojan-activity;sid:84234041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370940/; classtype:trojan-activity;sid:84234040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.207.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370939/; classtype:trojan-activity;sid:84234039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370938)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mxq.law.kimsavagelaw.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370938/; classtype:trojan-activity;sid:84234038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.16.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370937/; classtype:trojan-activity;sid:84234037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.245.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370936/; classtype:trojan-activity;sid:84234036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.155.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370935/; classtype:trojan-activity;sid:84234035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.251.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370934/; classtype:trojan-activity;sid:84234034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.230.104.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370933/; classtype:trojan-activity;sid:84234033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.135.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370932/; classtype:trojan-activity;sid:84234032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370931/; classtype:trojan-activity;sid:84234031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.224.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370930/; classtype:trojan-activity;sid:84234030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.188.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370929/; classtype:trojan-activity;sid:84234029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370927/; classtype:trojan-activity;sid:84234027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.38.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370928/; classtype:trojan-activity;sid:84234028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.230.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370926/; classtype:trojan-activity;sid:84234026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.28.178"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370925/; classtype:trojan-activity;sid:84234025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.173.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370924/; classtype:trojan-activity;sid:84234024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.204.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370923/; classtype:trojan-activity;sid:84234023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.233.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370922/; classtype:trojan-activity;sid:84234022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.242.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370921/; classtype:trojan-activity;sid:84234021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.251.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370920/; classtype:trojan-activity;sid:84234020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.28.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370919/; classtype:trojan-activity;sid:84234019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370918/; classtype:trojan-activity;sid:84234018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.90.1.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370917/; classtype:trojan-activity;sid:84234017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.191.177.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370916/; classtype:trojan-activity;sid:84234016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.112.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370915/; classtype:trojan-activity;sid:84234015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.25.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370914/; classtype:trojan-activity;sid:84234014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.238.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370913/; classtype:trojan-activity;sid:84234013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.207.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370912/; classtype:trojan-activity;sid:84234012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.87.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370911/; classtype:trojan-activity;sid:84234011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.208.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370910/; classtype:trojan-activity;sid:84234010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.224.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370909/; classtype:trojan-activity;sid:84234009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.230.104.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370908/; classtype:trojan-activity;sid:84234008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.90.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370907/; classtype:trojan-activity;sid:84234007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.79.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370906/; classtype:trojan-activity;sid:84234006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.118.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370905/; classtype:trojan-activity;sid:84234005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.28.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370904/; classtype:trojan-activity;sid:84234004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.204.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370903/; classtype:trojan-activity;sid:84234003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.242.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370901/; classtype:trojan-activity;sid:84234001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.30.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370902/; classtype:trojan-activity;sid:84234002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370900/; classtype:trojan-activity;sid:84234000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.85.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370899/; classtype:trojan-activity;sid:84233999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.124.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370898/; classtype:trojan-activity;sid:84233998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.208.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370897/; classtype:trojan-activity;sid:84233997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.39.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370896/; classtype:trojan-activity;sid:84233996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.28.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370893/; classtype:trojan-activity;sid:84233993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.41.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370894/; classtype:trojan-activity;sid:84233994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370895/; classtype:trojan-activity;sid:84233995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.100.68.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370892/; classtype:trojan-activity;sid:84233992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.87.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370891/; classtype:trojan-activity;sid:84233991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.18.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370890/; classtype:trojan-activity;sid:84233990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.78.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370889/; classtype:trojan-activity;sid:84233989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.25.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370888/; classtype:trojan-activity;sid:84233988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.117.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370887/; classtype:trojan-activity;sid:84233987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.176.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370886/; classtype:trojan-activity;sid:84233986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.38.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370885/; classtype:trojan-activity;sid:84233985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370884)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.226.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370884/; classtype:trojan-activity;sid:84233984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.110.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370883/; classtype:trojan-activity;sid:84233983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.124.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370882/; classtype:trojan-activity;sid:84233982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.209.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370881/; classtype:trojan-activity;sid:84233981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.190.244.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370880/; classtype:trojan-activity;sid:84233980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.240.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370879/; classtype:trojan-activity;sid:84233979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.249.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370878/; classtype:trojan-activity;sid:84233978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.40.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370876/; classtype:trojan-activity;sid:84233976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370877/; classtype:trojan-activity;sid:84233977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370875/; classtype:trojan-activity;sid:84233975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.195.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370874/; classtype:trojan-activity;sid:84233974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.195.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370873/; classtype:trojan-activity;sid:84233973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.190.244.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370872/; classtype:trojan-activity;sid:84233972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370871/; classtype:trojan-activity;sid:84233971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.188.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370870/; classtype:trojan-activity;sid:84233970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.38.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370869/; classtype:trojan-activity;sid:84233969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.89.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370868/; classtype:trojan-activity;sid:84233968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.108.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370866/; classtype:trojan-activity;sid:84233966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.110.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370867/; classtype:trojan-activity;sid:84233967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.173.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370865/; classtype:trojan-activity;sid:84233965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.185.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370863/; classtype:trojan-activity;sid:84233963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.198.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370864/; classtype:trojan-activity;sid:84233964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.240.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370861/; classtype:trojan-activity;sid:84233961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.191.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370862/; classtype:trojan-activity;sid:84233962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.249.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370860/; classtype:trojan-activity;sid:84233960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.195.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370859/; classtype:trojan-activity;sid:84233959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.193.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370858/; classtype:trojan-activity;sid:84233958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.193.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370857/; classtype:trojan-activity;sid:84233957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370856/; classtype:trojan-activity;sid:84233956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.15.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370855/; classtype:trojan-activity;sid:84233955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.21.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370854/; classtype:trojan-activity;sid:84233954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370853/; classtype:trojan-activity;sid:84233953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.213.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370852/; classtype:trojan-activity;sid:84233952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.35.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370851/; classtype:trojan-activity;sid:84233951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.139.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3370850/; classtype:trojan-activity;sid:84233950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370849/; classtype:trojan-activity;sid:84233949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.102.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370848/; classtype:trojan-activity;sid:84233948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.146.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370847/; classtype:trojan-activity;sid:84233947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.185.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370846/; classtype:trojan-activity;sid:84233946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.248.37.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370845/; classtype:trojan-activity;sid:84233945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.243.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370844/; classtype:trojan-activity;sid:84233944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.252.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370843/; classtype:trojan-activity;sid:84233943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.234.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370842/; classtype:trojan-activity;sid:84233942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.101.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370841/; classtype:trojan-activity;sid:84233941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.252.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370840/; classtype:trojan-activity;sid:84233940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.35.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370839/; classtype:trojan-activity;sid:84233939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.214.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370838/; classtype:trojan-activity;sid:84233938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.112.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370836/; classtype:trojan-activity;sid:84233936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.56.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370837/; classtype:trojan-activity;sid:84233937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.102.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370835/; classtype:trojan-activity;sid:84233935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.146.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370834/; classtype:trojan-activity;sid:84233934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.37.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370833/; classtype:trojan-activity;sid:84233933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.246.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370832/; classtype:trojan-activity;sid:84233932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370831/; classtype:trojan-activity;sid:84233931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.9.168.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370830/; classtype:trojan-activity;sid:84233930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.151.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370829/; classtype:trojan-activity;sid:84233929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.251.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370828/; classtype:trojan-activity;sid:84233928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.198.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370827/; classtype:trojan-activity;sid:84233927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.234.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370826/; classtype:trojan-activity;sid:84233926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370825/; classtype:trojan-activity;sid:84233925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370824/; classtype:trojan-activity;sid:84233924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.168.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370823/; classtype:trojan-activity;sid:84233923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.56.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370822/; classtype:trojan-activity;sid:84233922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.98.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370821/; classtype:trojan-activity;sid:84233921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.239.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370820/; classtype:trojan-activity;sid:84233920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.84.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370819/; classtype:trojan-activity;sid:84233919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.163.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370818/; classtype:trojan-activity;sid:84233918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.14.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370817/; classtype:trojan-activity;sid:84233917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370816)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.18.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370816/; classtype:trojan-activity;sid:84233916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370815/; classtype:trojan-activity;sid:84233915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.152.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370813/; classtype:trojan-activity;sid:84233913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370814/; classtype:trojan-activity;sid:84233914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.43.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370810/; classtype:trojan-activity;sid:84233910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.151.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370811/; classtype:trojan-activity;sid:84233911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.180.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370812/; classtype:trojan-activity;sid:84233912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.221.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370809/; classtype:trojan-activity;sid:84233909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.147.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370808/; classtype:trojan-activity;sid:84233908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.97.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370806/; classtype:trojan-activity;sid:84233906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.168.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370807/; classtype:trojan-activity;sid:84233907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.59.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370805/; classtype:trojan-activity;sid:84233905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370804/; classtype:trojan-activity;sid:84233904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370803/; classtype:trojan-activity;sid:84233903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370802)"; flow:established,from_client; content:"GET"; http_method; content:"/d/aldve/0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370802/; classtype:trojan-activity;sid:84233902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.73.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370801/; classtype:trojan-activity;sid:84233901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.233.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370800/; classtype:trojan-activity;sid:84233900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.221.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370799/; classtype:trojan-activity;sid:84233899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.43.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370798/; classtype:trojan-activity;sid:84233898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.147.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370797/; classtype:trojan-activity;sid:84233897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370796/; classtype:trojan-activity;sid:84233896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370795/; classtype:trojan-activity;sid:84233895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.144.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370794/; classtype:trojan-activity;sid:84233894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.141.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370793/; classtype:trojan-activity;sid:84233893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.59.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370791/; classtype:trojan-activity;sid:84233891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.28.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370792/; classtype:trojan-activity;sid:84233892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.212.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370790/; classtype:trojan-activity;sid:84233890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.154.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370789/; classtype:trojan-activity;sid:84233889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.95.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370788/; classtype:trojan-activity;sid:84233888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.249.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370787/; classtype:trojan-activity;sid:84233887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370786)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370786/; classtype:trojan-activity;sid:84233886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370784)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370784/; classtype:trojan-activity;sid:84233884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.94.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370785/; classtype:trojan-activity;sid:84233885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.54.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370779/; classtype:trojan-activity;sid:84233879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370780)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i486"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370780/; classtype:trojan-activity;sid:84233880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370781)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370781/; classtype:trojan-activity;sid:84233881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370782)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370782/; classtype:trojan-activity;sid:84233882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370783)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370783/; classtype:trojan-activity;sid:84233883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370769)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370769/; classtype:trojan-activity;sid:84233869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370770)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370770/; classtype:trojan-activity;sid:84233870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370771)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370771/; classtype:trojan-activity;sid:84233871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370772)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370772/; classtype:trojan-activity;sid:84233872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370773)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370773/; classtype:trojan-activity;sid:84233873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370774)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370774/; classtype:trojan-activity;sid:84233874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370775)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370775/; classtype:trojan-activity;sid:84233875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370776)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370776/; classtype:trojan-activity;sid:84233876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370777)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370777/; classtype:trojan-activity;sid:84233877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370778)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.215.238.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370778/; classtype:trojan-activity;sid:84233878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.84.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370768/; classtype:trojan-activity;sid:84233868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.182.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370765/; classtype:trojan-activity;sid:84233865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370766/; classtype:trojan-activity;sid:84233866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.154.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370767/; classtype:trojan-activity;sid:84233867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370759)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/kfjrkfh.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370759/; classtype:trojan-activity;sid:84233859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370760)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/dmidnsr.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370760/; classtype:trojan-activity;sid:84233860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370761)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/fjepffi.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370761/; classtype:trojan-activity;sid:84233861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370762)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/akpoide.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370762/; classtype:trojan-activity;sid:84233862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370763)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/dciinbk.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370763/; classtype:trojan-activity;sid:84233863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370764)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/rimmknd.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370764/; classtype:trojan-activity;sid:84233864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370757)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/fifdird.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370757/; classtype:trojan-activity;sid:84233857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.128.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370758/; classtype:trojan-activity;sid:84233858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370756/; classtype:trojan-activity;sid:84233856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.154.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370755/; classtype:trojan-activity;sid:84233855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370750)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/data.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"up1035rwa5zk.prodemadoutorado.org"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370750/; classtype:trojan-activity;sid:84233850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370751)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/ghost.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hradvanceportal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370751/; classtype:trojan-activity;sid:84233851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370752)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/letter.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hradvanceportal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370752/; classtype:trojan-activity;sid:84233852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370753)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/ghost.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"youfirst.hradvanceportal.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370753/; classtype:trojan-activity;sid:84233853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370754)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/data.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hradvanceportal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370754/; classtype:trojan-activity;sid:84233854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370747)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/data.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"youfirst.hradvanceportal.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370747/; classtype:trojan-activity;sid:84233847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370748)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/letter.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"youfirst.hradvanceportal.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370748/; classtype:trojan-activity;sid:84233848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370749)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/letter.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"up1035rwa5zk.prodemadoutorado.org"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370749/; classtype:trojan-activity;sid:84233849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370743)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/data.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.227.161.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370743/; classtype:trojan-activity;sid:84233843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370744)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/letter.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.227.161.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370744/; classtype:trojan-activity;sid:84233844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370745)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/ghost.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.227.161.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370745/; classtype:trojan-activity;sid:84233845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370746)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/ghost.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"up1035rwa5zk.prodemadoutorado.org"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370746/; classtype:trojan-activity;sid:84233846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370738)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/junk.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"youfirst.hradvanceportal.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370738/; classtype:trojan-activity;sid:84233838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370739)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/junk.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hradvanceportal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370739/; classtype:trojan-activity;sid:84233839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370740)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/junk.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"up1035rwa5zk.prodemadoutorado.org"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370740/; classtype:trojan-activity;sid:84233840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370741)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/crowdstrike.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hradvanceportal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370741/; classtype:trojan-activity;sid:84233841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370742)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/crowdstrike.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"up1035rwa5zk.prodemadoutorado.org"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370742/; classtype:trojan-activity;sid:84233842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370732)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/junk.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.227.161.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370732/; classtype:trojan-activity;sid:84233832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370733)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/a.html.save"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"youfirst.hradvanceportal.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370733/; classtype:trojan-activity;sid:84233833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370734)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/a.html.save"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"up1035rwa5zk.prodemadoutorado.org"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370734/; classtype:trojan-activity;sid:84233834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370735)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/crowdstrike.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"64.227.161.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370735/; classtype:trojan-activity;sid:84233835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370736)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/a.html.save"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hradvanceportal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370736/; classtype:trojan-activity;sid:84233836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370737)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/crowdstrike.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"youfirst.hradvanceportal.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370737/; classtype:trojan-activity;sid:84233837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370717)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/abc.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hradvanceportal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370717/; classtype:trojan-activity;sid:84233817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370718)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/file.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.227.161.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370718/; classtype:trojan-activity;sid:84233818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370719)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/cv_avinash_sharma.doc.vbs"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"hradvanceportal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370719/; classtype:trojan-activity;sid:84233819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370720)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/abc.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"up1035rwa5zk.prodemadoutorado.org"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370720/; classtype:trojan-activity;sid:84233820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370721)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/abc.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"64.227.161.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370721/; classtype:trojan-activity;sid:84233821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370722)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/cv_avinash_sharma.doc.vbs"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"youfirst.hradvanceportal.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370722/; classtype:trojan-activity;sid:84233822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370723)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/s1.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hradvanceportal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370723/; classtype:trojan-activity;sid:84233823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370724)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/file.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hradvanceportal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370724/; classtype:trojan-activity;sid:84233824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370725)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/abc.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"youfirst.hradvanceportal.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370725/; classtype:trojan-activity;sid:84233825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370726)"; flow:established,from_client; content:"GET"; http_method; content:"/s1.ps1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"up1035rwa5zk.prodemadoutorado.org"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370726/; classtype:trojan-activity;sid:84233826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370727)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/file.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"youfirst.hradvanceportal.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370727/; classtype:trojan-activity;sid:84233827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370728)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/a.html.save"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.227.161.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370728/; classtype:trojan-activity;sid:84233828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370729)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/s1.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"youfirst.hradvanceportal.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370729/; classtype:trojan-activity;sid:84233829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370730)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/file.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"up1035rwa5zk.prodemadoutorado.org"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370730/; classtype:trojan-activity;sid:84233830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370731)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/cv_avinash_sharma.doc.vbs"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"up1035rwa5zk.prodemadoutorado.org"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370731/; classtype:trojan-activity;sid:84233831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370715)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/cv_avinash_sharma.doc.vbs"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"64.227.161.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370715/; classtype:trojan-activity;sid:84233815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370716)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/s1.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.227.161.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370716/; classtype:trojan-activity;sid:84233816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.249.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370714/; classtype:trojan-activity;sid:84233814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.164.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370713/; classtype:trojan-activity;sid:84233813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.0.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370712/; classtype:trojan-activity;sid:84233812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.243.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370711/; classtype:trojan-activity;sid:84233811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.107.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370710/; classtype:trojan-activity;sid:84233810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.142.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370709/; classtype:trojan-activity;sid:84233809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.199.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370668/; classtype:trojan-activity;sid:84233768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.89.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370667/; classtype:trojan-activity;sid:84233767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.94.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370666/; classtype:trojan-activity;sid:84233766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.182.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370665/; classtype:trojan-activity;sid:84233765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.175.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370664/; classtype:trojan-activity;sid:84233764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.144.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370663/; classtype:trojan-activity;sid:84233763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370661/; classtype:trojan-activity;sid:84233761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.129.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370662/; classtype:trojan-activity;sid:84233762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.95.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370660/; classtype:trojan-activity;sid:84233760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370659/; classtype:trojan-activity;sid:84233759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370658)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.24.130.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370658/; classtype:trojan-activity;sid:84233758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.110.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370657/; classtype:trojan-activity;sid:84233757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.212.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370656/; classtype:trojan-activity;sid:84233756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.149.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370655/; classtype:trojan-activity;sid:84233755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.84.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370654/; classtype:trojan-activity;sid:84233754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-final-ciencia-ciudadana-par-explora-rm-sur-poniente.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370650/; classtype:trojan-activity;sid:84233750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d04a976741d566d7551d797d97e36ae0b8eab163.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370651/; classtype:trojan-activity;sid:84233751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59408_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370652/; classtype:trojan-activity;sid:84233752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.175.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370653/; classtype:trojan-activity;sid:84233753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57363_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370649/; classtype:trojan-activity;sid:84233749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-03-24-at-4.25.59-pm.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370648/; classtype:trojan-activity;sid:84233748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/salida-de-vehiculos-y-pasajeros-mes-de-noviembre-de-2024-1.xlsx.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370636/; classtype:trojan-activity;sid:84233736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fiche-technique-supervision-collective-2024-1.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370637/; classtype:trojan-activity;sid:84233737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asus-tuf-f15-3.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370638/; classtype:trojan-activity;sid:84233738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bossy-2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370639/; classtype:trojan-activity;sid:84233739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3425.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370640/; classtype:trojan-activity;sid:84233740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59163_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370641/; classtype:trojan-activity;sid:84233741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-07-30-11-37-21.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370642/; classtype:trojan-activity;sid:84233742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/314598709920.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370643/; classtype:trojan-activity;sid:84233743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2021.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370644/; classtype:trojan-activity;sid:84233744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59658_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370645/; classtype:trojan-activity;sid:84233745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3114232282974.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370646/; classtype:trojan-activity;sid:84233746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/assainissement-2-1.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370647/; classtype:trojan-activity;sid:84233747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pesca-maya-fish07.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370621/; classtype:trojan-activity;sid:84233721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p3.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370622/; classtype:trojan-activity;sid:84233722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/myprofile.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.66.91.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370623/; classtype:trojan-activity;sid:84233723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59163_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370624/; classtype:trojan-activity;sid:84233724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8.png.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370625/; classtype:trojan-activity;sid:84233725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-03-24-at-4.25.57-pm.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370626/; classtype:trojan-activity;sid:84233726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acer-nitro-5_an515-55_gallery_03-16.png.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370627/; classtype:trojan-activity;sid:84233727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-09-27-at-5.50.21-pm-2.jpeg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370628/; classtype:trojan-activity;sid:84233728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59058_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370629/; classtype:trojan-activity;sid:84233729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pesca-maya-header04.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370630/; classtype:trojan-activity;sid:84233730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-22-at-11.44.22-3.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370631/; classtype:trojan-activity;sid:84233731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seleccionados-campamento-2021.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370632/; classtype:trojan-activity;sid:84233732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/33-2-scaled.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370633/; classtype:trojan-activity;sid:84233733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rosa-otiniano.mp4.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370634/; classtype:trojan-activity;sid:84233734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultado-de-etapa-elegibilidad-cualitativa-vissita-de-campo.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370635/; classtype:trojan-activity;sid:84233735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370616)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/plinko_game.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"147.45.179.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370616/; classtype:trojan-activity;sid:84233716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-133-scaled.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370617/; classtype:trojan-activity;sid:84233717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/raksha-bandhan-11.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370618/; classtype:trojan-activity;sid:84233718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryinstrukcja-uzytkowania-i-montazu-4701fw.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370619/; classtype:trojan-activity;sid:84233719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/114404574024.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370620/; classtype:trojan-activity;sid:84233720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aerea-5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370613/; classtype:trojan-activity;sid:84233713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312676512598.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370614/; classtype:trojan-activity;sid:84233714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politica-alcohol-y-drogas.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370615/; classtype:trojan-activity;sid:84233715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/color-mix-58.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370611/; classtype:trojan-activity;sid:84233711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fndhz-e1648078226812.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370612/; classtype:trojan-activity;sid:84233712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/514598709920.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370606/; classtype:trojan-activity;sid:84233706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60047_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370607/; classtype:trojan-activity;sid:84233707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1512676512611.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370608/; classtype:trojan-activity;sid:84233708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/attachment_1586034186.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370609/; classtype:trojan-activity;sid:84233709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p10-barla-ccca7am.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370610/; classtype:trojan-activity;sid:84233710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-supply-supreme-gas-fireplace-insert-2.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370600/; classtype:trojan-activity;sid:84233700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/114598709920.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370601/; classtype:trojan-activity;sid:84233701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/model-adresa-inaintare-registru.doc.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370602/; classtype:trojan-activity;sid:84233702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/purple-day-celebration-7.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370603/; classtype:trojan-activity;sid:84233703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-22-at-11.44.22.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370604/; classtype:trojan-activity;sid:84233704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58603_10.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370605/; classtype:trojan-activity;sid:84233705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-22-at-11.44.22-4.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370593/; classtype:trojan-activity;sid:84233693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-132-scaled.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370594/; classtype:trojan-activity;sid:84233694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/salida-de-vehiculos-y-pasajeros-mes-de-marzo-de-2024.xlsx.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370595/; classtype:trojan-activity;sid:84233695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/r-a-218-poi-multianual-2025-2027.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370596/; classtype:trojan-activity;sid:84233696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bahamia-block-o-lot-5-scaled.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370597/; classtype:trojan-activity;sid:84233697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-sidewall-standard-10-white.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370598/; classtype:trojan-activity;sid:84233698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20180613_103419.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370599/; classtype:trojan-activity;sid:84233699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58631_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370587/; classtype:trojan-activity;sid:84233687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/512676512598.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370588/; classtype:trojan-activity;sid:84233688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59058_16.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370589/; classtype:trojan-activity;sid:84233689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zaproszenie-na-knoferencje.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370590/; classtype:trojan-activity;sid:84233690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-4-carta-compromiso-directora.docx.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370591/; classtype:trojan-activity;sid:84233691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_17.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370592/; classtype:trojan-activity;sid:84233692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/714598709920.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370584/; classtype:trojan-activity;sid:84233684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3452.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370585/; classtype:trojan-activity;sid:84233685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370586/; classtype:trojan-activity;sid:84233686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-supply-supreme-gas-fireplace-insert-3.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370577/; classtype:trojan-activity;sid:84233677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/regulamentul-condominiului.docx.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370578/; classtype:trojan-activity;sid:84233678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pesca-maya-fish11.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370579/; classtype:trojan-activity;sid:84233679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lutron_qs_and_qs_wireless_30_shade_power_panel.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370580/; classtype:trojan-activity;sid:84233680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59163_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370581/; classtype:trojan-activity;sid:84233681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmna-moef-orginal-signed.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370582/; classtype:trojan-activity;sid:84233682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-25-2022-yuri-jesus-concha-gallegos-y-nikol-alondra-ramos-apaza-2022.pdf.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370583/; classtype:trojan-activity;sid:84233683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57690_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370575/; classtype:trojan-activity;sid:84233675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tg.-frumos-hcl-nr.-75-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370576/; classtype:trojan-activity;sid:84233676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/captain-cook-scene07.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370574/; classtype:trojan-activity;sid:84233674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdc-training-session-7.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370567/; classtype:trojan-activity;sid:84233667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/price-list-kacafilm.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370568/; classtype:trojan-activity;sid:84233668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pengumuman-pendaftaran-wisuda-ke-8-2024-baru-1.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370569/; classtype:trojan-activity;sid:84233669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arden-forest-1-6-5.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370570/; classtype:trojan-activity;sid:84233670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/googleearth_image.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370571/; classtype:trojan-activity;sid:84233671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/model-acord-de-asociere.docx.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370572/; classtype:trojan-activity;sid:84233672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p1261765-migliorato-nr.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370573/; classtype:trojan-activity;sid:84233673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57363_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370562/; classtype:trojan-activity;sid:84233662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60135_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370563/; classtype:trojan-activity;sid:84233663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3553.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370564/; classtype:trojan-activity;sid:84233664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370565/; classtype:trojan-activity;sid:84233665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pesca-maya-fis21.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370566/; classtype:trojan-activity;sid:84233666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_15.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370554/; classtype:trojan-activity;sid:84233654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hg905-2017.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370555/; classtype:trojan-activity;sid:84233655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politica-del-sistema-de-gestion-integrado-iso-90012015-1400....pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370556/; classtype:trojan-activity;sid:84233656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-07-30-11-38-41.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370557/; classtype:trojan-activity;sid:84233657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/panorama_alcool_saude_cisa2019.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370558/; classtype:trojan-activity;sid:84233658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/314232282941.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370559/; classtype:trojan-activity;sid:84233659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57690_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370560/; classtype:trojan-activity;sid:84233660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lab-1-1-scaled.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370561/; classtype:trojan-activity;sid:84233661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58603_11.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370548/; classtype:trojan-activity;sid:84233648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59657_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370549/; classtype:trojan-activity;sid:84233649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58603_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370550/; classtype:trojan-activity;sid:84233650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aerea.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370551/; classtype:trojan-activity;sid:84233651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryestado-de-situacion-financiera-sep-2024.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370552/; classtype:trojan-activity;sid:84233652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-09-27-at-5.50.28-pm-1-1.jpeg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370553/; classtype:trojan-activity;sid:84233653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-07-30-11-38-01.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370543/; classtype:trojan-activity;sid:84233643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370544)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61s4igsdbul._ac_uf10001000_ql80_.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370544/; classtype:trojan-activity;sid:84233644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370545)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/stansberry_subscribers.txt.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"89.23.107.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370545/; classtype:trojan-activity;sid:84233645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-pilar-2023-final17385.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370546/; classtype:trojan-activity;sid:84233646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/masina-corect-inscriptionata.jpeg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370547/; classtype:trojan-activity;sid:84233647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370538)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_16.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370538/; classtype:trojan-activity;sid:84233638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-in-1-electric-15w-pendant-alarm-clock-speaker-bluetooth-speaker-music-home-decoration-g-styling.jpg.lnk"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370539/; classtype:trojan-activity;sid:84233639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5_11.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370540/; classtype:trojan-activity;sid:84233640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m.a-psychology-course-structure.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370541/; classtype:trojan-activity;sid:84233641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-ejemplo-practico-llenado-hr-pu-pr.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370542/; classtype:trojan-activity;sid:84233642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370537)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/stansberry_cryptoplan.txt.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"89.23.107.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370537/; classtype:trojan-activity;sid:84233637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370533)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/director.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370533/; classtype:trojan-activity;sid:84233633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16-2095.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370534/; classtype:trojan-activity;sid:84233634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60047_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370535/; classtype:trojan-activity;sid:84233635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370536)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58346_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370536/; classtype:trojan-activity;sid:84233636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370531/; classtype:trojan-activity;sid:84233631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370532)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tablou-pictura-fata-cu-cercel-de-perla-de-vermeer-2040-camera-2.jpg.webp.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370532/; classtype:trojan-activity;sid:84233632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370525)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/statement.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"89.23.107.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370525/; classtype:trojan-activity;sid:84233625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370526/; classtype:trojan-activity;sid:84233626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pagina-nota4-190624-oald.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370527/; classtype:trojan-activity;sid:84233627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/myprofile.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.66.91.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370528/; classtype:trojan-activity;sid:84233628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_18.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370529/; classtype:trojan-activity;sid:84233629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370530)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/model-proces-verbal-al-adunarii-generale-de-constituire.docx.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370530/; classtype:trojan-activity;sid:84233630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370514)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pesca-maya-fish25.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370514/; classtype:trojan-activity;sid:84233614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58346_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370515/; classtype:trojan-activity;sid:84233615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/document.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"147.45.50.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370516/; classtype:trojan-activity;sid:84233616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aerea-2-4.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370517/; classtype:trojan-activity;sid:84233617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/customize-1-500x500-1-16.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370518/; classtype:trojan-activity;sid:84233618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-09-27-at-5.50.26-pm-1.jpeg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370519/; classtype:trojan-activity;sid:84233619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370520/; classtype:trojan-activity;sid:84233620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asus-f15-nepal-3.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370521/; classtype:trojan-activity;sid:84233621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politica-de-la-cadena-de-suministro..pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370522/; classtype:trojan-activity;sid:84233622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie18.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370523/; classtype:trojan-activity;sid:84233623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/producao-de-mirtilo-taguatinga-urmpbg.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370524/; classtype:trojan-activity;sid:84233624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370507)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_10.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370507/; classtype:trojan-activity;sid:84233607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/prospect-apisan-forte-ing.-victor-bogdan.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370508/; classtype:trojan-activity;sid:84233608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58346_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370509/; classtype:trojan-activity;sid:84233609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acer-nitro-16-2024-ryzen-7-rtx-4060.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370510/; classtype:trojan-activity;sid:84233610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57690_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370511/; classtype:trojan-activity;sid:84233611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3544.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370512/; classtype:trojan-activity;sid:84233612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-eliberare-atestat-administrator-condominii.docx.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370513/; classtype:trojan-activity;sid:84233613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1998.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370504/; classtype:trojan-activity;sid:84233604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370505)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/loi-2017-021_fne.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370505/; classtype:trojan-activity;sid:84233605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58631_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370506/; classtype:trojan-activity;sid:84233606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370498)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f9a2b3b7-e4bb-4417-ab7b-3bcce0af17a0.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370498/; classtype:trojan-activity;sid:84233598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370499)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/44-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370499/; classtype:trojan-activity;sid:84233599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370500)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aerea-2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370500/; classtype:trojan-activity;sid:84233600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370501)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-22-at-11.44.22-2.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370501/; classtype:trojan-activity;sid:84233601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370502)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57690_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370502/; classtype:trojan-activity;sid:84233602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370503)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3108.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370503/; classtype:trojan-activity;sid:84233603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370495)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3_20230530_115037_0002.png.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370495/; classtype:trojan-activity;sid:84233595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370496)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/712676512600.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370496/; classtype:trojan-activity;sid:84233596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370497)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdc-training-session-5.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370497/; classtype:trojan-activity;sid:84233597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370493)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/myprofile.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.66.91.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370493/; classtype:trojan-activity;sid:84233593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370494)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-09-27-at-5.50.32-pm-2.jpeg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370494/; classtype:trojan-activity;sid:84233594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370486)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryestado-de-situacion-financiera-sep-2024.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:265; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370486/; classtype:trojan-activity;sid:84233586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370487)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/purple-day-celebration-6.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370487/; classtype:trojan-activity;sid:84233587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370488)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370488/; classtype:trojan-activity;sid:84233588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59058_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370489/; classtype:trojan-activity;sid:84233589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370490)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/account-security.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"89.23.107.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370490/; classtype:trojan-activity;sid:84233590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370491)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/berlusconi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370491/; classtype:trojan-activity;sid:84233591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370492)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-francisco-bay-ferry-logo.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370492/; classtype:trojan-activity;sid:84233592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370483)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/new-products-asus-09_1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370483/; classtype:trojan-activity;sid:84233583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370484)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/913341125924.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370484/; classtype:trojan-activity;sid:84233584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370485)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/transparenta-veniturilor-salariale-la-30.09.2017.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370485/; classtype:trojan-activity;sid:84233585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370466)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/stansberry_full.txt.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"89.23.107.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370466/; classtype:trojan-activity;sid:84233566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370467)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/z4122777818346_9a90d8252d81b047d08dfc20f1a10126-2-1024x683.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370467/; classtype:trojan-activity;sid:84233567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370468)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie17.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370468/; classtype:trojan-activity;sid:84233568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370469)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370469/; classtype:trojan-activity;sid:84233569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370470)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-22-at-11.44.23-2.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370470/; classtype:trojan-activity;sid:84233570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370471)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryinstrukcja-uzytkowania-i-montazu-4701fw.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:265; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370471/; classtype:trojan-activity;sid:84233571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370472)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/orabond-3331tg-8471-article-information-europe-en.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370472/; classtype:trojan-activity;sid:84233572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370473)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-03-24-at-4.25.59-pm-1.jpeg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370473/; classtype:trojan-activity;sid:84233573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370474)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59058_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370474/; classtype:trojan-activity;sid:84233574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370475)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-22-at-11.44.23.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370475/; classtype:trojan-activity;sid:84233575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370476)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eureka-forbes-aquagaurd-1.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370476/; classtype:trojan-activity;sid:84233576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370477)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/914598709931.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370477/; classtype:trojan-activity;sid:84233577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370478)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pesca-maya-header02.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370478/; classtype:trojan-activity;sid:84233578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370479)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pesca-maya-scene12.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370479/; classtype:trojan-activity;sid:84233579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370480)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/times-square-aerial.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370480/; classtype:trojan-activity;sid:84233580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370481)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/instruction_695-18014-012_rev.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"89.23.113.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370481/; classtype:trojan-activity;sid:84233581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370482)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-134-scaled.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370482/; classtype:trojan-activity;sid:84233582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370464)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/registration_constitution.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370464/; classtype:trojan-activity;sid:84233564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370465)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_15.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370465/; classtype:trojan-activity;sid:84233565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370460)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pms-presos.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370460/; classtype:trojan-activity;sid:84233560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370461)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57363_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370461/; classtype:trojan-activity;sid:84233561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370462)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/map-a.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370462/; classtype:trojan-activity;sid:84233562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370463)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/program-audientte-dgep.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370463/; classtype:trojan-activity;sid:84233563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370455)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/campain_img.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"147.45.49.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370455/; classtype:trojan-activity;sid:84233555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370456)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e2c2314a-30ee-4124-a526-e10a1e5cf030.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370456/; classtype:trojan-activity;sid:84233556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370457)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_14.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370457/; classtype:trojan-activity;sid:84233557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370458)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6990.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370458/; classtype:trojan-activity;sid:84233558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370459)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image28_ok.jpeg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370459/; classtype:trojan-activity;sid:84233559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370453)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-15.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370453/; classtype:trojan-activity;sid:84233553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370454)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59441_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370454/; classtype:trojan-activity;sid:84233554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370450)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pesca-maya-header03.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370450/; classtype:trojan-activity;sid:84233550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370451)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryestado-de-situacion-financiera-sep-2024.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370451/; classtype:trojan-activity;sid:84233551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370452)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sffloorr.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370452/; classtype:trojan-activity;sid:84233552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370448)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3444.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370448/; classtype:trojan-activity;sid:84233548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370449)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_20.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370449/; classtype:trojan-activity;sid:84233549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370436)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pesca-maya-fish13.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370436/; classtype:trojan-activity;sid:84233536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370437)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pesca-maya-header01.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370437/; classtype:trojan-activity;sid:84233537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370438)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59058_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370438/; classtype:trojan-activity;sid:84233538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370439)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/welcome"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370439/; classtype:trojan-activity;sid:84233539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370440)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/attachment_1578521555-1024x768-1.jpeg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370440/; classtype:trojan-activity;sid:84233540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58603_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370441/; classtype:trojan-activity;sid:84233541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370442)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-355-2023-felicitar-al-licenciado-ricardo-luis-alvarez-velasquez.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370442/; classtype:trojan-activity;sid:84233542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370443)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-07-30-11-38-59.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370443/; classtype:trojan-activity;sid:84233543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370444)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370444/; classtype:trojan-activity;sid:84233544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370445)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/chromeupdate-x64.exe.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"147.45.179.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370445/; classtype:trojan-activity;sid:84233545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370446)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-supply-supreme-gas-fireplace-insert-4.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370446/; classtype:trojan-activity;sid:84233546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370447)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9.png.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370447/; classtype:trojan-activity;sid:84233547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370427)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-kitchen-gallery-image-53.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370427/; classtype:trojan-activity;sid:84233527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59441_16.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370428/; classtype:trojan-activity;sid:84233528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370429)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/weld-solution_fr_201802_web.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370429/; classtype:trojan-activity;sid:84233529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370430)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/model-statut.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370430/; classtype:trojan-activity;sid:84233530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370431)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/indice-de-topografia-corneal-en-pacientes-con-sospecha-de-queratocono.pdf.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370431/; classtype:trojan-activity;sid:84233531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370432)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2914232282974.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370432/; classtype:trojan-activity;sid:84233532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370433)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/70-amper-petlas-dgzel-ters-hyundag-3810-2.png.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370433/; classtype:trojan-activity;sid:84233533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370434)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/certificate-de-urbanism-2024-3.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370434/; classtype:trojan-activity;sid:84233534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370435)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hp-envy-13-inch-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370435/; classtype:trojan-activity;sid:84233535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370422)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aerea-4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370422/; classtype:trojan-activity;sid:84233522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370423)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/114232282930.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370423/; classtype:trojan-activity;sid:84233523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370424)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dell-alienware-m16-r2-ultra-9-185h-32gb-1tb-rtx-4070-8gb-16-qhd-240hz-1.jpg.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370424/; classtype:trojan-activity;sid:84233524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370425)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-de-convocatoria-peal-2024.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370425/; classtype:trojan-activity;sid:84233525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370426)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arden-forest-1-6-5-google.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370426/; classtype:trojan-activity;sid:84233526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370417)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-1311-curs-instructors-animadors-olesa1.doc.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370417/; classtype:trojan-activity;sid:84233517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370418)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59657_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370418/; classtype:trojan-activity;sid:84233518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370419)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2914483839926.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370419/; classtype:trojan-activity;sid:84233519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370420)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryinstrukcja-uzytkowania-i-montazu-4701fw.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370420/; classtype:trojan-activity;sid:84233520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/314404574035.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370421/; classtype:trojan-activity;sid:84233521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370415)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-1456964513482-f21a68af77ee.jpeg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370415/; classtype:trojan-activity;sid:84233515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370416)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/captain-cook-lodge01.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370416/; classtype:trojan-activity;sid:84233516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370413)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16-1046.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370413/; classtype:trojan-activity;sid:84233513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370414)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/714232282941.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370414/; classtype:trojan-activity;sid:84233514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370410)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p1261758-migliorato-nr.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370410/; classtype:trojan-activity;sid:84233510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370411)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1997.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370411/; classtype:trojan-activity;sid:84233511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370412)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57690_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370412/; classtype:trojan-activity;sid:84233512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370405)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59163_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370405/; classtype:trojan-activity;sid:84233505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370406)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/always_searching-v2-2.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370406/; classtype:trojan-activity;sid:84233506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370407)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdc-training-session-2-scaled.jpeg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370407/; classtype:trojan-activity;sid:84233507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370408)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59163_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370408/; classtype:trojan-activity;sid:84233508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370409)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-22-at-11.44.22-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370409/; classtype:trojan-activity;sid:84233509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370390)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59658_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370390/; classtype:trojan-activity;sid:84233490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370391)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a17i9813.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370391/; classtype:trojan-activity;sid:84233491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370392)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_13.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370392/; classtype:trojan-activity;sid:84233492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370393)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-kitchen-gallery-image-51.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370393/; classtype:trojan-activity;sid:84233493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370394)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/federica2.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370394/; classtype:trojan-activity;sid:84233494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370395)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a95f8ade-dd4f-4ed5-9b12-c2221d286936.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370395/; classtype:trojan-activity;sid:84233495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370396)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/mountains.jpeg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"147.45.179.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370396/; classtype:trojan-activity;sid:84233496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370397)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57690_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370397/; classtype:trojan-activity;sid:84233497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370398)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alcohawk.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370398/; classtype:trojan-activity;sid:84233498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370399)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/attachment_1585867052.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370399/; classtype:trojan-activity;sid:84233499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370400)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3_12.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370400/; classtype:trojan-activity;sid:84233500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370401)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-07-30-11-37-42.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370401/; classtype:trojan-activity;sid:84233501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370402)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2514483839926.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370402/; classtype:trojan-activity;sid:84233502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370403)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370403/; classtype:trojan-activity;sid:84233503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370404)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59058_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370404/; classtype:trojan-activity;sid:84233504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370382)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ags-team.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370382/; classtype:trojan-activity;sid:84233482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cti.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370383/; classtype:trojan-activity;sid:84233483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370384)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57690_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370384/; classtype:trojan-activity;sid:84233484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370385)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexos_congresoxvi.docx.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370385/; classtype:trojan-activity;sid:84233485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370386)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hp-pavilion-laptop-14-dv2019tu.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370386/; classtype:trojan-activity;sid:84233486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370387)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58457_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370387/; classtype:trojan-activity;sid:84233487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370388)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brazo-excavador-qc620-para-minicargador.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370388/; classtype:trojan-activity;sid:84233488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370389)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-09-16-at-23.03.14.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370389/; classtype:trojan-activity;sid:84233489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370377)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2022.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370377/; classtype:trojan-activity;sid:84233477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370378)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1312676512600.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370378/; classtype:trojan-activity;sid:84233478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370379)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370379/; classtype:trojan-activity;sid:84233479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdc-training-session-3-scaled.jpeg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370380/; classtype:trojan-activity;sid:84233480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59163_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370381/; classtype:trojan-activity;sid:84233481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370375)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/campain_image.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"147.45.49.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370375/; classtype:trojan-activity;sid:84233475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370376)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_8ff209a34f5d00aca20dff2b36a4a207.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370376/; classtype:trojan-activity;sid:84233476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370371)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59658_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370371/; classtype:trojan-activity;sid:84233471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370372)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_14.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370372/; classtype:trojan-activity;sid:84233472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370373)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/belmonte-2-1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370373/; classtype:trojan-activity;sid:84233473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370374)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/268797264_4464701176973951_1009165662824313451_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370374/; classtype:trojan-activity;sid:84233474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370365)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370365/; classtype:trojan-activity;sid:84233465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370366)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3532.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370366/; classtype:trojan-activity;sid:84233466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370367)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/912676512600.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370367/; classtype:trojan-activity;sid:84233467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370368)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58603_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370368/; classtype:trojan-activity;sid:84233468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370369)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-09-27-at-5.50.31-pm-1.jpeg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370369/; classtype:trojan-activity;sid:84233469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370370)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/job_mkt.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"147.45.49.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370370/; classtype:trojan-activity;sid:84233470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370360)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/514232282941.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370360/; classtype:trojan-activity;sid:84233460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370361)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59408_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370361/; classtype:trojan-activity;sid:84233461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370362)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58346_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370362/; classtype:trojan-activity;sid:84233462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370363)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/account_statement_2024.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"89.23.107.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370363/; classtype:trojan-activity;sid:84233463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370364)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/assainissement-1.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370364/; classtype:trojan-activity;sid:84233464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370344)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370344/; classtype:trojan-activity;sid:84233444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370345)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/914232282941.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370345/; classtype:trojan-activity;sid:84233445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370346)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/surrey-bay-dr.-benna.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370346/; classtype:trojan-activity;sid:84233446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370347)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59658_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370347/; classtype:trojan-activity;sid:84233447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370348)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58631_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370348/; classtype:trojan-activity;sid:84233448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370349)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2112676512622.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370349/; classtype:trojan-activity;sid:84233449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370350)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cookies-en.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370350/; classtype:trojan-activity;sid:84233450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370351)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/google.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370351/; classtype:trojan-activity;sid:84233451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370352)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/choc-chip-angled-art-768x768.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370352/; classtype:trojan-activity;sid:84233452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370353)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59163_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370353/; classtype:trojan-activity;sid:84233453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370354)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2714483839926.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370354/; classtype:trojan-activity;sid:84233454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370355)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wajah_lk_60-peci.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370355/; classtype:trojan-activity;sid:84233455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370356)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acer-nitro-5-ryzen-7-5800h-rtx-3050-8.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370356/; classtype:trojan-activity;sid:84233456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370357)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-fundamentals-course-instructions.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370357/; classtype:trojan-activity;sid:84233457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370358)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-09-27-at-5.50.23-pm-1-1.jpeg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370358/; classtype:trojan-activity;sid:84233458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370359)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/salida-de-vehiculos-y-pasajeros-mes-de-mayo-de-2024.xlsx.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370359/; classtype:trojan-activity;sid:84233459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370338)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370338/; classtype:trojan-activity;sid:84233438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370339)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3571.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370339/; classtype:trojan-activity;sid:84233439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370340)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57363_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370340/; classtype:trojan-activity;sid:84233440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370341)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/salidadvehipasa2017.xlsx.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370341/; classtype:trojan-activity;sid:84233441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370342)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/plinkogame.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"147.45.179.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370342/; classtype:trojan-activity;sid:84233442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59441_15.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370343/; classtype:trojan-activity;sid:84233443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370336)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tablou-elsa-film-animatie-frozen-7-albastru-2155-camera-copii-mic.jpg.webp.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370336/; classtype:trojan-activity;sid:84233436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370337)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sold-png-transparent.png.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370337/; classtype:trojan-activity;sid:84233437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370333)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/order.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"147.45.50.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370333/; classtype:trojan-activity;sid:84233433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370334)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-22-at-11.44.23-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370334/; classtype:trojan-activity;sid:84233434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370335)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/job_dgt.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"147.45.49.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370335/; classtype:trojan-activity;sid:84233435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370329)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/713341125924.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370329/; classtype:trojan-activity;sid:84233429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370330)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1112676512600.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370330/; classtype:trojan-activity;sid:84233430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370331)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2014-09-01-at-11.28.11-pm.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370331/; classtype:trojan-activity;sid:84233431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370332)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58603_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370332/; classtype:trojan-activity;sid:84233432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-kitchen-gallery-image-52.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370322/; classtype:trojan-activity;sid:84233422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370323)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presentation-synthe2525252525252525252525252525252525252525252525cc252525252525252525252525252525252525252525252581tique-pj.pdf.lnk"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370323/; classtype:trojan-activity;sid:84233423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370324)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59163_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370324/; classtype:trojan-activity;sid:84233424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370325)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57690_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370325/; classtype:trojan-activity;sid:84233425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370326)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hycr-report-secure.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370326/; classtype:trojan-activity;sid:84233426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370327)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-09-16-at-23.03.11.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370327/; classtype:trojan-activity;sid:84233427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370328)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112676512598.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370328/; classtype:trojan-activity;sid:84233428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370307)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1996.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370307/; classtype:trojan-activity;sid:84233407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370308)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tomat-dalimil.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370308/; classtype:trojan-activity;sid:84233408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370309)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/captain-cook-lodge03.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370309/; classtype:trojan-activity;sid:84233409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370310)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asusf15-3.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370310/; classtype:trojan-activity;sid:84233410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370311)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lenovo-loq-15-ryzen-7-7435hs-rtx-4060-price-in-nepal.png.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370311/; classtype:trojan-activity;sid:84233411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370312)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58457_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370312/; classtype:trojan-activity;sid:84233412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370313)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a17i6530.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370313/; classtype:trojan-activity;sid:84233413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370314)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/305165854_488778129922273_694504171644369168_n.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370314/; classtype:trojan-activity;sid:84233414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370315)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370315/; classtype:trojan-activity;sid:84233415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370316)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60047_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370316/; classtype:trojan-activity;sid:84233416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370317)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-09-27-at-5.50.35-pm-1-1.jpeg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370317/; classtype:trojan-activity;sid:84233417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370318)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370318/; classtype:trojan-activity;sid:84233418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370319)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/322695-57334.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370319/; classtype:trojan-activity;sid:84233419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370320)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_11.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370320/; classtype:trojan-activity;sid:84233420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370321)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59163_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370321/; classtype:trojan-activity;sid:84233421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370300)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-03-24-at-4.26.00-pm.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370300/; classtype:trojan-activity;sid:84233400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370301)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2bvek5p2wbdjeyve2wxdaguqdbsjcxvkt4bxwbci.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370301/; classtype:trojan-activity;sid:84233401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/durban_declaration_draft.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370302/; classtype:trojan-activity;sid:84233402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_19.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370303/; classtype:trojan-activity;sid:84233403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/l-ayak-14x14x4-beyaz.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370304/; classtype:trojan-activity;sid:84233404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370305)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carriage-03-scaled.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370305/; classtype:trojan-activity;sid:84233405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370306)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1912676512611.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370306/; classtype:trojan-activity;sid:84233406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370297)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60135_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370297/; classtype:trojan-activity;sid:84233397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370298)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-6-5-arden-forest.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370298/; classtype:trojan-activity;sid:84233398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370299)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hp-notebook-15s-5022ne.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370299/; classtype:trojan-activity;sid:84233399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370296)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/purchase"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"147.45.50.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370296/; classtype:trojan-activity;sid:84233396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370286)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xe-2-scaled.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370286/; classtype:trojan-activity;sid:84233386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370287)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_18.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370287/; classtype:trojan-activity;sid:84233387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57283_13.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370288/; classtype:trojan-activity;sid:84233388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59657_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370289/; classtype:trojan-activity;sid:84233389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370290)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-concurso-nsp.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370290/; classtype:trojan-activity;sid:84233390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370291)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/regulamentul-condominiului.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370291/; classtype:trojan-activity;sid:84233391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370292)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/acc-security.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"89.23.107.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370292/; classtype:trojan-activity;sid:84233392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370293)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/invoice8895_nov.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"89.23.107.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370293/; classtype:trojan-activity;sid:84233393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370294)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/account_security.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"89.23.107.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370294/; classtype:trojan-activity;sid:84233394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370295)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/stansberry_unsubscribed.txt.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"89.23.107.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370295/; classtype:trojan-activity;sid:84233395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370262)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img6.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370262/; classtype:trojan-activity;sid:84233362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370263)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pesca-maya-fish14.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370263/; classtype:trojan-activity;sid:84233363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370264)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landscapes-13.jpeg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370264/; classtype:trojan-activity;sid:84233364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370265)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tablou-microcip-placa-de-baza-cu-lumini-neon-rosu-negru-1654-_.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370265/; classtype:trojan-activity;sid:84233365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370266)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1712676512611.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370266/; classtype:trojan-activity;sid:84233366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370267)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59408_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370267/; classtype:trojan-activity;sid:84233367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370268)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdc-training-session-6.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370268/; classtype:trojan-activity;sid:84233368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370269)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/am-079-2022-aprobar-la-suscripcion-del-convenio-de-cooperacion-interinstitucional.pdf.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370269/; classtype:trojan-activity;sid:84233369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370270)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/transparenta-veniturilor-salariale-la-31.03.2022.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370270/; classtype:trojan-activity;sid:84233370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370271)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acer-nitro-5-_intel-core-i5-12500h-01_1_1_1_1_2.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370271/; classtype:trojan-activity;sid:84233371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370272)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aspire-3-a315-02.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370272/; classtype:trojan-activity;sid:84233372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370273)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdc-training-session.jpeg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370273/; classtype:trojan-activity;sid:84233373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370274)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cartilla-ciencia-ciudadana_v0.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370274/; classtype:trojan-activity;sid:84233374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arden-forest-1-6-4-1-8-5-a.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370275/; classtype:trojan-activity;sid:84233375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370276)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3439.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370276/; classtype:trojan-activity;sid:84233376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370277)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdc-training-session-4-scaled.jpeg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370277/; classtype:trojan-activity;sid:84233377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370278)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/assainissement.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370278/; classtype:trojan-activity;sid:84233378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370279)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie16.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370279/; classtype:trojan-activity;sid:84233379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370280)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60135_92.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370280/; classtype:trojan-activity;sid:84233380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-09-27-at-5.50.24-pm-1.jpeg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370281/; classtype:trojan-activity;sid:84233381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aerea-3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370282/; classtype:trojan-activity;sid:84233382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dispozitie-stabilire-comisie-paritara-a-orasului-targu-frumos.pdf.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370283/; classtype:trojan-activity;sid:84233383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdc-training-session-8.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370284/; classtype:trojan-activity;sid:84233384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370285)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/elemento-morto.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370285/; classtype:trojan-activity;sid:84233385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370256)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1711.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370256/; classtype:trojan-activity;sid:84233356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370257)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59058_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370257/; classtype:trojan-activity;sid:84233357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370258)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ikapi-diva-pustaka.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370258/; classtype:trojan-activity;sid:84233358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370259)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/download-1-600x300-2.png.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370259/; classtype:trojan-activity;sid:84233359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370260)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xe-1-1-scaled.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370260/; classtype:trojan-activity;sid:84233360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370261)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/autorizacion-para-el-tratamiento-de-datos-dpw.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370261/; classtype:trojan-activity;sid:84233361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370255)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/djp.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pajak.tw"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370255/; classtype:trojan-activity;sid:84233355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370254)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/djp.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pajak.tw"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370254/; classtype:trojan-activity;sid:84233354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370253/; classtype:trojan-activity;sid:84233353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.217.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370252/; classtype:trojan-activity;sid:84233352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.89.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370251/; classtype:trojan-activity;sid:84233351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370250/; classtype:trojan-activity;sid:84233350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370247/; classtype:trojan-activity;sid:84233347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.59.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370248/; classtype:trojan-activity;sid:84233348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.150.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370249/; classtype:trojan-activity;sid:84233349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370246/; classtype:trojan-activity;sid:84233346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370245/; classtype:trojan-activity;sid:84233345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370244/; classtype:trojan-activity;sid:84233344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370242/; classtype:trojan-activity;sid:84233342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370243/; classtype:trojan-activity;sid:84233343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.63.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370239/; classtype:trojan-activity;sid:84233339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.120.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370240/; classtype:trojan-activity;sid:84233340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.59.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370241/; classtype:trojan-activity;sid:84233341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.218.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370238/; classtype:trojan-activity;sid:84233338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.137.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370237/; classtype:trojan-activity;sid:84233337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370236)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ivhg.law.kimsavagelaw.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370236/; classtype:trojan-activity;sid:84233336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.149.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370235/; classtype:trojan-activity;sid:84233335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.35.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370234/; classtype:trojan-activity;sid:84233334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.223.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370233/; classtype:trojan-activity;sid:84233333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.84.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370232/; classtype:trojan-activity;sid:84233332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.178.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370231/; classtype:trojan-activity;sid:84233331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.148.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370230/; classtype:trojan-activity;sid:84233330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.212.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370229/; classtype:trojan-activity;sid:84233329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.63.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370228/; classtype:trojan-activity;sid:84233328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.242.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370227/; classtype:trojan-activity;sid:84233327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370226/; classtype:trojan-activity;sid:84233326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.149.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370225/; classtype:trojan-activity;sid:84233325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.60.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370224/; classtype:trojan-activity;sid:84233324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.15.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370222/; classtype:trojan-activity;sid:84233322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.253.80.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370223/; classtype:trojan-activity;sid:84233323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.72.166.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370221/; classtype:trojan-activity;sid:84233321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.223.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370220/; classtype:trojan-activity;sid:84233320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.35.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370219/; classtype:trojan-activity;sid:84233319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.242.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370218/; classtype:trojan-activity;sid:84233318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.239.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370217/; classtype:trojan-activity;sid:84233317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.15.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370216/; classtype:trojan-activity;sid:84233316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.171.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370215/; classtype:trojan-activity;sid:84233315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.84.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370214/; classtype:trojan-activity;sid:84233314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.208.201.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370213/; classtype:trojan-activity;sid:84233313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.6.25"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370212/; classtype:trojan-activity;sid:84233312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.178.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370211/; classtype:trojan-activity;sid:84233311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.65.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370210/; classtype:trojan-activity;sid:84233310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.46.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370209/; classtype:trojan-activity;sid:84233309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.125.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370208/; classtype:trojan-activity;sid:84233308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.222.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370207/; classtype:trojan-activity;sid:84233307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.192.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370206/; classtype:trojan-activity;sid:84233306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.26.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370205/; classtype:trojan-activity;sid:84233305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.254.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370204/; classtype:trojan-activity;sid:84233304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.6.25"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370203/; classtype:trojan-activity;sid:84233303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.11.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370202/; classtype:trojan-activity;sid:84233302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.141.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370201/; classtype:trojan-activity;sid:84233301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.54.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370199/; classtype:trojan-activity;sid:84233299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.52.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370200/; classtype:trojan-activity;sid:84233300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.255.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370197/; classtype:trojan-activity;sid:84233297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370198)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nsgs.demo.ezra-ai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370198/; classtype:trojan-activity;sid:84233298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.219.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370196/; classtype:trojan-activity;sid:84233296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.153.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370195/; classtype:trojan-activity;sid:84233295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.112.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370194/; classtype:trojan-activity;sid:84233294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.1.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370193/; classtype:trojan-activity;sid:84233293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.222.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370192/; classtype:trojan-activity;sid:84233292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.255.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370191/; classtype:trojan-activity;sid:84233291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.125.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370190/; classtype:trojan-activity;sid:84233290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.31.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370189/; classtype:trojan-activity;sid:84233289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.174.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370188/; classtype:trojan-activity;sid:84233288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.123.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370187/; classtype:trojan-activity;sid:84233287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.172.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370186/; classtype:trojan-activity;sid:84233286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.60.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370185/; classtype:trojan-activity;sid:84233285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.11.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370184/; classtype:trojan-activity;sid:84233284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.153.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370183/; classtype:trojan-activity;sid:84233283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.52.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370182/; classtype:trojan-activity;sid:84233282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.196.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370181/; classtype:trojan-activity;sid:84233281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.255.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370180/; classtype:trojan-activity;sid:84233280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.121.83.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370179/; classtype:trojan-activity;sid:84233279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370178/; classtype:trojan-activity;sid:84233278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.174.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370177/; classtype:trojan-activity;sid:84233277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.151.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370176/; classtype:trojan-activity;sid:84233276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.46.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370175/; classtype:trojan-activity;sid:84233275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.121.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370174/; classtype:trojan-activity;sid:84233274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.106.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370173/; classtype:trojan-activity;sid:84233273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.60.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370172/; classtype:trojan-activity;sid:84233272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.74.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370171/; classtype:trojan-activity;sid:84233271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.49.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370170/; classtype:trojan-activity;sid:84233270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.174.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370169/; classtype:trojan-activity;sid:84233269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.117.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370168/; classtype:trojan-activity;sid:84233268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.3.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370167/; classtype:trojan-activity;sid:84233267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370166/; classtype:trojan-activity;sid:84233266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.67.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370165/; classtype:trojan-activity;sid:84233265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.106.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370164/; classtype:trojan-activity;sid:84233264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.111.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370163/; classtype:trojan-activity;sid:84233263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.175.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370162/; classtype:trojan-activity;sid:84233262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.49.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370161/; classtype:trojan-activity;sid:84233261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.33.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370160/; classtype:trojan-activity;sid:84233260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.4.2.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370159/; classtype:trojan-activity;sid:84233259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.173.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370158/; classtype:trojan-activity;sid:84233258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.16.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370157/; classtype:trojan-activity;sid:84233257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.49.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370156/; classtype:trojan-activity;sid:84233256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.191.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370155/; classtype:trojan-activity;sid:84233255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.98.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370154/; classtype:trojan-activity;sid:84233254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.88.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370152/; classtype:trojan-activity;sid:84233252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.175.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370153/; classtype:trojan-activity;sid:84233253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.132.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370151/; classtype:trojan-activity;sid:84233251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.106.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370150/; classtype:trojan-activity;sid:84233250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.39.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370149/; classtype:trojan-activity;sid:84233249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.69.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370148/; classtype:trojan-activity;sid:84233248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370147/; classtype:trojan-activity;sid:84233247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370146/; classtype:trojan-activity;sid:84233246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.42.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370144/; classtype:trojan-activity;sid:84233244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.4.2.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370145/; classtype:trojan-activity;sid:84233245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.3.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370143/; classtype:trojan-activity;sid:84233243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.20.152"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370142/; classtype:trojan-activity;sid:84233242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.203.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370141/; classtype:trojan-activity;sid:84233241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.50.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370140/; classtype:trojan-activity;sid:84233240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370139/; classtype:trojan-activity;sid:84233239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370138/; classtype:trojan-activity;sid:84233238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.217.246.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370137/; classtype:trojan-activity;sid:84233237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.251.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370136/; classtype:trojan-activity;sid:84233236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.173.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370135/; classtype:trojan-activity;sid:84233235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.23.145.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370134/; classtype:trojan-activity;sid:84233234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370133)"; flow:established,from_client; content:"GET"; http_method; content:"/subscribeevent"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"0da30.fate.truelance.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370133/; classtype:trojan-activity;sid:84233233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.201.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370132/; classtype:trojan-activity;sid:84233232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.88.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370131/; classtype:trojan-activity;sid:84233231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370130/; classtype:trojan-activity;sid:84233230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.169.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370129/; classtype:trojan-activity;sid:84233229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370128/; classtype:trojan-activity;sid:84233228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.40.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370127/; classtype:trojan-activity;sid:84233227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.246.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370126/; classtype:trojan-activity;sid:84233226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.216.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370125/; classtype:trojan-activity;sid:84233225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.211.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370124/; classtype:trojan-activity;sid:84233224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.86.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370123/; classtype:trojan-activity;sid:84233223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370122)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.48.64.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370122/; classtype:trojan-activity;sid:84233222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.201.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370121/; classtype:trojan-activity;sid:84233221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.52.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370120/; classtype:trojan-activity;sid:84233220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.11.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370119/; classtype:trojan-activity;sid:84233219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.241.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370117/; classtype:trojan-activity;sid:84233217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370118/; classtype:trojan-activity;sid:84233218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.23.145.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370116/; classtype:trojan-activity;sid:84233216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.58.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370115/; classtype:trojan-activity;sid:84233215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.234.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370114/; classtype:trojan-activity;sid:84233214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.13.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370113/; classtype:trojan-activity;sid:84233213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.90.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370112/; classtype:trojan-activity;sid:84233212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370111/; classtype:trojan-activity;sid:84233211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.250.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370110/; classtype:trojan-activity;sid:84233210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370109/; classtype:trojan-activity;sid:84233209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.184.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370108/; classtype:trojan-activity;sid:84233208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.250.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370107/; classtype:trojan-activity;sid:84233207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.11.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370106/; classtype:trojan-activity;sid:84233206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.170.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370104/; classtype:trojan-activity;sid:84233204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370105/; classtype:trojan-activity;sid:84233205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370103)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ipimd.demo.ezra-ai.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370103/; classtype:trojan-activity;sid:84233203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370102)"; flow:established,from_client; content:"GET"; http_method; content:"/4f85e0bfc60adccc/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.219.81.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370102/; classtype:trojan-activity;sid:84233202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370096)"; flow:established,from_client; content:"GET"; http_method; content:"/4f85e0bfc60adccc/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.219.81.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370096/; classtype:trojan-activity;sid:84233196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370097)"; flow:established,from_client; content:"GET"; http_method; content:"/4f85e0bfc60adccc/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.219.81.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370097/; classtype:trojan-activity;sid:84233197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370098)"; flow:established,from_client; content:"GET"; http_method; content:"/4f85e0bfc60adccc/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.219.81.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370098/; classtype:trojan-activity;sid:84233198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370099)"; flow:established,from_client; content:"GET"; http_method; content:"/4f85e0bfc60adccc/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.219.81.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370099/; classtype:trojan-activity;sid:84233199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370100)"; flow:established,from_client; content:"GET"; http_method; content:"/4f85e0bfc60adccc/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.219.81.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370100/; classtype:trojan-activity;sid:84233200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370101)"; flow:established,from_client; content:"GET"; http_method; content:"/4f85e0bfc60adccc/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.219.81.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370101/; classtype:trojan-activity;sid:84233201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.115.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370094/; classtype:trojan-activity;sid:84233194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.254.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370095/; classtype:trojan-activity;sid:84233195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.77.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370092/; classtype:trojan-activity;sid:84233192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.96.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370093/; classtype:trojan-activity;sid:84233193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.13.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370091/; classtype:trojan-activity;sid:84233191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370090/; classtype:trojan-activity;sid:84233190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.235.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370088/; classtype:trojan-activity;sid:84233188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.177.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370089/; classtype:trojan-activity;sid:84233189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.140.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370087/; classtype:trojan-activity;sid:84233187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.2.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370086/; classtype:trojan-activity;sid:84233186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370085/; classtype:trojan-activity;sid:84233185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.117.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370084/; classtype:trojan-activity;sid:84233184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.243.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370083/; classtype:trojan-activity;sid:84233183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.19.129"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370082/; classtype:trojan-activity;sid:84233182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.224.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370081/; classtype:trojan-activity;sid:84233181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.231.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370080/; classtype:trojan-activity;sid:84233180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.2.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370079/; classtype:trojan-activity;sid:84233179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.69.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370078/; classtype:trojan-activity;sid:84233178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.66"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370077/; classtype:trojan-activity;sid:84233177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.110.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370076/; classtype:trojan-activity;sid:84233176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370075/; classtype:trojan-activity;sid:84233175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.220.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370074/; classtype:trojan-activity;sid:84233174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.252.113.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370073/; classtype:trojan-activity;sid:84233173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370070/; classtype:trojan-activity;sid:84233170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370071/; classtype:trojan-activity;sid:84233171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.178.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370072/; classtype:trojan-activity;sid:84233172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370069/; classtype:trojan-activity;sid:84233169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370066)"; flow:established,from_client; content:"GET"; http_method; content:"/kernel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"throw-shut-discuss-pirates.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370066/; classtype:trojan-activity;sid:84233166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370067)"; flow:established,from_client; content:"GET"; http_method; content:"/initd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"throw-shut-discuss-pirates.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370067/; classtype:trojan-activity;sid:84233167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370068)"; flow:established,from_client; content:"GET"; http_method; content:"/dbus"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"throw-shut-discuss-pirates.trycloudflare.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370068/; classtype:trojan-activity;sid:84233168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.255.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370065/; classtype:trojan-activity;sid:84233165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.231.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370064/; classtype:trojan-activity;sid:84233164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370063)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"xlu.demo.ezra-ai.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370063/; classtype:trojan-activity;sid:84233163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.32.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370062/; classtype:trojan-activity;sid:84233162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370061)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.13.81.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370061/; classtype:trojan-activity;sid:84233161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.6.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370060/; classtype:trojan-activity;sid:84233160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.159.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370059/; classtype:trojan-activity;sid:84233159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370057/; classtype:trojan-activity;sid:84233157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370058/; classtype:trojan-activity;sid:84233158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.255.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370056/; classtype:trojan-activity;sid:84233156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.28.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370055/; classtype:trojan-activity;sid:84233155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.216.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370054/; classtype:trojan-activity;sid:84233154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.74.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370053/; classtype:trojan-activity;sid:84233153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.31.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370051/; classtype:trojan-activity;sid:84233151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.187.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370052/; classtype:trojan-activity;sid:84233152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.146.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370050/; classtype:trojan-activity;sid:84233150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.144.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370049/; classtype:trojan-activity;sid:84233149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.254.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370048/; classtype:trojan-activity;sid:84233148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.137.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370047/; classtype:trojan-activity;sid:84233147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370046/; classtype:trojan-activity;sid:84233146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.75.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370045/; classtype:trojan-activity;sid:84233145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.193.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370043/; classtype:trojan-activity;sid:84233143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.255.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370044/; classtype:trojan-activity;sid:84233144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370041/; classtype:trojan-activity;sid:84233141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.98.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370042/; classtype:trojan-activity;sid:84233142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.166.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370040/; classtype:trojan-activity;sid:84233140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.81.82"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370039/; classtype:trojan-activity;sid:84233139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.6.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370038/; classtype:trojan-activity;sid:84233138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370037/; classtype:trojan-activity;sid:84233137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370036)"; flow:established,from_client; content:"GET"; http_method; content:"/r/muvvq/0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370036/; classtype:trojan-activity;sid:84233136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370035)"; flow:established,from_client; content:"GET"; http_method; content:"/225/enn/mniscreenthinkinggoodforentiretimegoodfotbusubessthings.hta"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"57.129.55.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370035/; classtype:trojan-activity;sid:84233135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.200.84.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370034/; classtype:trojan-activity;sid:84233134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.24.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370033/; classtype:trojan-activity;sid:84233133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.24.225"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370032/; classtype:trojan-activity;sid:84233132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.39.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370031/; classtype:trojan-activity;sid:84233131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370030)"; flow:established,from_client; content:"GET"; http_method; content:"/225/economicthingsaregoingaroundwithhusbandwithgoodnewsgreatforeverybodygiven.tif"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"57.129.55.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370030/; classtype:trojan-activity;sid:84233130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.146.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370029/; classtype:trojan-activity;sid:84233129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370028)"; flow:established,from_client; content:"GET"; http_method; content:"/stato/vskhdvzxu.mp3"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.22.121.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370028/; classtype:trojan-activity;sid:84233128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.82.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370027/; classtype:trojan-activity;sid:84233127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.74.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370026/; classtype:trojan-activity;sid:84233126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.212.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370025/; classtype:trojan-activity;sid:84233125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.137.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370024/; classtype:trojan-activity;sid:84233124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.159.176.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370023/; classtype:trojan-activity;sid:84233123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370021/; classtype:trojan-activity;sid:84233121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370022/; classtype:trojan-activity;sid:84233122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370020/; classtype:trojan-activity;sid:84233120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.119.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370019/; classtype:trojan-activity;sid:84233119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.166.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370018/; classtype:trojan-activity;sid:84233118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.241.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370017/; classtype:trojan-activity;sid:84233117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370016/; classtype:trojan-activity;sid:84233116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.23.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370015/; classtype:trojan-activity;sid:84233115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.82.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370014/; classtype:trojan-activity;sid:84233114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.156.77.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370013/; classtype:trojan-activity;sid:84233113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370012/; classtype:trojan-activity;sid:84233112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370011/; classtype:trojan-activity;sid:84233111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370010/; classtype:trojan-activity;sid:84233110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.6.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370009/; classtype:trojan-activity;sid:84233109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370008/; classtype:trojan-activity;sid:84233108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.143.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370007/; classtype:trojan-activity;sid:84233107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.207.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370006/; classtype:trojan-activity;sid:84233106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.242.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370005/; classtype:trojan-activity;sid:84233105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.124.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370004/; classtype:trojan-activity;sid:84233104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.20.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370002/; classtype:trojan-activity;sid:84233102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.174.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370003/; classtype:trojan-activity;sid:84233103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.236.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370001/; classtype:trojan-activity;sid:84233101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3370000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.152.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3370000/; classtype:trojan-activity;sid:84233100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.70.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369999/; classtype:trojan-activity;sid:84233099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369998/; classtype:trojan-activity;sid:84233098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369997/; classtype:trojan-activity;sid:84233097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.3.39"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369996/; classtype:trojan-activity;sid:84233096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.58.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369995/; classtype:trojan-activity;sid:84233095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.164.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369994/; classtype:trojan-activity;sid:84233094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.207.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369993/; classtype:trojan-activity;sid:84233093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.200.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369992/; classtype:trojan-activity;sid:84233092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.50.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369991/; classtype:trojan-activity;sid:84233091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.126.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369990/; classtype:trojan-activity;sid:84233090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369988/; classtype:trojan-activity;sid:84233088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.152.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369989/; classtype:trojan-activity;sid:84233089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369986)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnudjm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369986/; classtype:trojan-activity;sid:84233086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369987)"; flow:established,from_client; content:"GET"; http_method; content:"/js/epmtcs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369987/; classtype:trojan-activity;sid:84233087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369970)"; flow:established,from_client; content:"GET"; http_method; content:"/js/deirlj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369970/; classtype:trojan-activity;sid:84233070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369971)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lsojgh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369971/; classtype:trojan-activity;sid:84233071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369972)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hapjcf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369972/; classtype:trojan-activity;sid:84233072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369973)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdzhjl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369973/; classtype:trojan-activity;sid:84233073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369974)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idagyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369974/; classtype:trojan-activity;sid:84233074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369975)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yvetcg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369975/; classtype:trojan-activity;sid:84233075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369976)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skjpfh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369976/; classtype:trojan-activity;sid:84233076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369977)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xjkztu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369977/; classtype:trojan-activity;sid:84233077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369978)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmzwhi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369978/; classtype:trojan-activity;sid:84233078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369979)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnjvsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369979/; classtype:trojan-activity;sid:84233079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369980)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vuniot.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369980/; classtype:trojan-activity;sid:84233080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369981)"; flow:established,from_client; content:"GET"; http_method; content:"/js/athupi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369981/; classtype:trojan-activity;sid:84233081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369982)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnjwvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369982/; classtype:trojan-activity;sid:84233082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369983)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrfxqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369983/; classtype:trojan-activity;sid:84233083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369984)"; flow:established,from_client; content:"GET"; http_method; content:"/js/esagwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369984/; classtype:trojan-activity;sid:84233084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369985)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyvhof.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369985/; classtype:trojan-activity;sid:84233085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369963)"; flow:established,from_client; content:"GET"; http_method; content:"/js/surtfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369963/; classtype:trojan-activity;sid:84233063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369964)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uqayrn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369964/; classtype:trojan-activity;sid:84233064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369965)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aspngf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369965/; classtype:trojan-activity;sid:84233065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369966)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cljokq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369966/; classtype:trojan-activity;sid:84233066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369967)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dkwozi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369967/; classtype:trojan-activity;sid:84233067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369968)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qltmuz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369968/; classtype:trojan-activity;sid:84233068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369969)"; flow:established,from_client; content:"GET"; http_method; content:"/js/irmjwl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369969/; classtype:trojan-activity;sid:84233069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369962)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qatijs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369962/; classtype:trojan-activity;sid:84233062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369961)"; flow:established,from_client; content:"GET"; http_method; content:"/js/thlvcq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369961/; classtype:trojan-activity;sid:84233061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369958)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrbwyu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369958/; classtype:trojan-activity;sid:84233058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369959)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qjwnsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369959/; classtype:trojan-activity;sid:84233059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369960)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zhpgbr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369960/; classtype:trojan-activity;sid:84233060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369957)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxkipn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369957/; classtype:trojan-activity;sid:84233057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369953)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mriwqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369953/; classtype:trojan-activity;sid:84233053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369954)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvohfy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369954/; classtype:trojan-activity;sid:84233054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369955)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhpkzx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369955/; classtype:trojan-activity;sid:84233055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369956)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xirksj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369956/; classtype:trojan-activity;sid:84233056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369952)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vsmdyo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369952/; classtype:trojan-activity;sid:84233052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369950)"; flow:established,from_client; content:"GET"; http_method; content:"/js/isygcv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369950/; classtype:trojan-activity;sid:84233050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369951)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stwkqg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369951/; classtype:trojan-activity;sid:84233051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369924)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skeqhi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369924/; classtype:trojan-activity;sid:84233024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369925)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zouans.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369925/; classtype:trojan-activity;sid:84233025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369926)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cbftqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369926/; classtype:trojan-activity;sid:84233026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369927)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bftoze.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369927/; classtype:trojan-activity;sid:84233027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369928)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xeymta.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369928/; classtype:trojan-activity;sid:84233028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369929)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eucwkz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369929/; classtype:trojan-activity;sid:84233029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369930)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qemywl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369930/; classtype:trojan-activity;sid:84233030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369931)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mfzwxd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369931/; classtype:trojan-activity;sid:84233031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369932)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sghoik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369932/; classtype:trojan-activity;sid:84233032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369933)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gmrkwh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369933/; classtype:trojan-activity;sid:84233033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369934)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyxgwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369934/; classtype:trojan-activity;sid:84233034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369935)"; flow:established,from_client; content:"GET"; http_method; content:"/js/womtxr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369935/; classtype:trojan-activity;sid:84233035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369936)"; flow:established,from_client; content:"GET"; http_method; content:"/js/decqzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369936/; classtype:trojan-activity;sid:84233036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369937)"; flow:established,from_client; content:"GET"; http_method; content:"/js/womtxr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369937/; classtype:trojan-activity;sid:84233037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369938)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bzscvg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369938/; classtype:trojan-activity;sid:84233038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369939)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ivhuox.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369939/; classtype:trojan-activity;sid:84233039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369940)"; flow:established,from_client; content:"GET"; http_method; content:"/js/arfejg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369940/; classtype:trojan-activity;sid:84233040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369941)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vcanft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369941/; classtype:trojan-activity;sid:84233041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369942)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yslwup.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369942/; classtype:trojan-activity;sid:84233042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369943)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpfhym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369943/; classtype:trojan-activity;sid:84233043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369944)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnjxuw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369944/; classtype:trojan-activity;sid:84233044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369945)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xlwuak.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369945/; classtype:trojan-activity;sid:84233045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369946)"; flow:established,from_client; content:"GET"; http_method; content:"/js/conuwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369946/; classtype:trojan-activity;sid:84233046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369947)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mljgai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369947/; classtype:trojan-activity;sid:84233047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369948)"; flow:established,from_client; content:"GET"; http_method; content:"/js/akmsfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369948/; classtype:trojan-activity;sid:84233048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369949)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fsuepy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369949/; classtype:trojan-activity;sid:84233049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369917)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zjvmgx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369917/; classtype:trojan-activity;sid:84233017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369918)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyqbmx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369918/; classtype:trojan-activity;sid:84233018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369919)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fmepyv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369919/; classtype:trojan-activity;sid:84233019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369920)"; flow:established,from_client; content:"GET"; http_method; content:"/js/klydgb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369920/; classtype:trojan-activity;sid:84233020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369921)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nsvtqg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369921/; classtype:trojan-activity;sid:84233021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369922)"; flow:established,from_client; content:"GET"; http_method; content:"/js/newkcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369922/; classtype:trojan-activity;sid:84233022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369923)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tkyuqd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369923/; classtype:trojan-activity;sid:84233023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369914)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhqfza.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369914/; classtype:trojan-activity;sid:84233014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369915)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ehsail.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369915/; classtype:trojan-activity;sid:84233015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369916)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnudjm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369916/; classtype:trojan-activity;sid:84233016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369913/; classtype:trojan-activity;sid:84233013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369907)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jnfesb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369907/; classtype:trojan-activity;sid:84233007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369908)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkocxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369908/; classtype:trojan-activity;sid:84233008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369909)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hstjvf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369909/; classtype:trojan-activity;sid:84233009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369910)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kixrge.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369910/; classtype:trojan-activity;sid:84233010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369911)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbuvxf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369911/; classtype:trojan-activity;sid:84233011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369912)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/uv9rtex94bi18x6hfwnvm/runner.exe|3f|rlkey=ohh5enlv6dylr9jqxqwsffkja|7c|26|7c|dl=1"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369912/; classtype:trojan-activity;sid:84233012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369889)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bymvne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369889/; classtype:trojan-activity;sid:84232989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369890)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gzsjed.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369890/; classtype:trojan-activity;sid:84232990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369891)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hcsftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369891/; classtype:trojan-activity;sid:84232991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369892)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bftoze.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369892/; classtype:trojan-activity;sid:84232992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369893)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oaugym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369893/; classtype:trojan-activity;sid:84232993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369894)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buriep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369894/; classtype:trojan-activity;sid:84232994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369895)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buriep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369895/; classtype:trojan-activity;sid:84232995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369896)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dperay.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369896/; classtype:trojan-activity;sid:84232996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369897)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fsuepy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369897/; classtype:trojan-activity;sid:84232997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369898)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jmpion.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369898/; classtype:trojan-activity;sid:84232998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369899)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dsoayr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369899/; classtype:trojan-activity;sid:84232999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369900)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xeymta.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369900/; classtype:trojan-activity;sid:84233000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369901)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buriep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369901/; classtype:trojan-activity;sid:84233001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369902)"; flow:established,from_client; content:"GET"; http_method; content:"/js/clgkjd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369902/; classtype:trojan-activity;sid:84233002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369903)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eaqbfm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369903/; classtype:trojan-activity;sid:84233003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369904)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pzxrbd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369904/; classtype:trojan-activity;sid:84233004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369905)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eucwkz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369905/; classtype:trojan-activity;sid:84233005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369906)"; flow:established,from_client; content:"GET"; http_method; content:"/js/clwnai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369906/; classtype:trojan-activity;sid:84233006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369886)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fdujrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369886/; classtype:trojan-activity;sid:84232986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369887)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifzcar.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369887/; classtype:trojan-activity;sid:84232987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369888)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ezpqta.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369888/; classtype:trojan-activity;sid:84232988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369881)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fdujrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369881/; classtype:trojan-activity;sid:84232981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369882)"; flow:established,from_client; content:"GET"; http_method; content:"/js/txwhkb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369882/; classtype:trojan-activity;sid:84232982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369883)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lwpefs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369883/; classtype:trojan-activity;sid:84232983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369884)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fnotqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369884/; classtype:trojan-activity;sid:84232984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369885)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzbcfd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369885/; classtype:trojan-activity;sid:84232985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369879)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykznlv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369879/; classtype:trojan-activity;sid:84232979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369880)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bypvgu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369880/; classtype:trojan-activity;sid:84232980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369877)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nxritz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369877/; classtype:trojan-activity;sid:84232977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369878)"; flow:established,from_client; content:"GET"; http_method; content:"/js/logjmx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369878/; classtype:trojan-activity;sid:84232978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369876)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fkadbt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369876/; classtype:trojan-activity;sid:84232976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369875)"; flow:established,from_client; content:"GET"; http_method; content:"/js/exjfba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369875/; classtype:trojan-activity;sid:84232975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369873)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykznlv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369873/; classtype:trojan-activity;sid:84232973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369874)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qtplzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369874/; classtype:trojan-activity;sid:84232974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369866)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stbyrl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369866/; classtype:trojan-activity;sid:84232966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369867)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xgkhwm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369867/; classtype:trojan-activity;sid:84232967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369868)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jnlkap.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369868/; classtype:trojan-activity;sid:84232968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369869)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fconkp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369869/; classtype:trojan-activity;sid:84232969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369870)"; flow:established,from_client; content:"GET"; http_method; content:"/js/knpfbu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369870/; classtype:trojan-activity;sid:84232970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369871)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zljwks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369871/; classtype:trojan-activity;sid:84232971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369872)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjdkeq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369872/; classtype:trojan-activity;sid:84232972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369860)"; flow:established,from_client; content:"GET"; http_method; content:"/js/quwtdl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369860/; classtype:trojan-activity;sid:84232960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369861)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltpmzy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369861/; classtype:trojan-activity;sid:84232961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369862)"; flow:established,from_client; content:"GET"; http_method; content:"/js/diktcx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369862/; classtype:trojan-activity;sid:84232962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369863)"; flow:established,from_client; content:"GET"; http_method; content:"/js/medsqw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369863/; classtype:trojan-activity;sid:84232963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369864)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lztnfk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369864/; classtype:trojan-activity;sid:84232964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369865)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjshmy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369865/; classtype:trojan-activity;sid:84232965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369854)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jsbkec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369854/; classtype:trojan-activity;sid:84232954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369855)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bnfzji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369855/; classtype:trojan-activity;sid:84232955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369856)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whokyr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369856/; classtype:trojan-activity;sid:84232956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369857)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rjlkai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369857/; classtype:trojan-activity;sid:84232957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369858)"; flow:established,from_client; content:"GET"; http_method; content:"/js/juilvp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369858/; classtype:trojan-activity;sid:84232958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369859)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ygdluj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369859/; classtype:trojan-activity;sid:84232959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369850)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zcjdmh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369850/; classtype:trojan-activity;sid:84232950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369851)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gsrvje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369851/; classtype:trojan-activity;sid:84232951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369852)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bcvmok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369852/; classtype:trojan-activity;sid:84232952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369853)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tkyuqd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369853/; classtype:trojan-activity;sid:84232953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369847)"; flow:established,from_client; content:"GET"; http_method; content:"/js/razcsu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369847/; classtype:trojan-activity;sid:84232947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369848)"; flow:established,from_client; content:"GET"; http_method; content:"/js/srnjva.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369848/; classtype:trojan-activity;sid:84232948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369849)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdzhjl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369849/; classtype:trojan-activity;sid:84232949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369843)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pruzif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369843/; classtype:trojan-activity;sid:84232943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369844)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bzclen.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369844/; classtype:trojan-activity;sid:84232944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369845)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbvqma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369845/; classtype:trojan-activity;sid:84232945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369846)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wgsrda.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369846/; classtype:trojan-activity;sid:84232946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369841)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atjunw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369841/; classtype:trojan-activity;sid:84232941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369842)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aweqxl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369842/; classtype:trojan-activity;sid:84232942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369840)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cljokq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369840/; classtype:trojan-activity;sid:84232940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369838)"; flow:established,from_client; content:"GET"; http_method; content:"/js/suizdx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369838/; classtype:trojan-activity;sid:84232938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369839)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jsbkec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369839/; classtype:trojan-activity;sid:84232939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369837)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hufeid.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369837/; classtype:trojan-activity;sid:84232937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369835)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyqbmx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369835/; classtype:trojan-activity;sid:84232935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369836)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mriwqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369836/; classtype:trojan-activity;sid:84232936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369833)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrkfvd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369833/; classtype:trojan-activity;sid:84232933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369834)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dimekn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369834/; classtype:trojan-activity;sid:84232934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369829)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpfhym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369829/; classtype:trojan-activity;sid:84232929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369830)"; flow:established,from_client; content:"GET"; http_method; content:"/js/frcvbw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369830/; classtype:trojan-activity;sid:84232930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369831)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qcfibe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369831/; classtype:trojan-activity;sid:84232931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369832)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ctrnow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369832/; classtype:trojan-activity;sid:84232932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369825)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skhjtc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369825/; classtype:trojan-activity;sid:84232925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369826)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xnhimz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369826/; classtype:trojan-activity;sid:84232926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369827)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bpyjmd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369827/; classtype:trojan-activity;sid:84232927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369828)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxzuvb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369828/; classtype:trojan-activity;sid:84232928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369819)"; flow:established,from_client; content:"GET"; http_method; content:"/js/npukdv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369819/; classtype:trojan-activity;sid:84232919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369820)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hzsfvj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369820/; classtype:trojan-activity;sid:84232920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369821)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bzclen.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369821/; classtype:trojan-activity;sid:84232921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369822)"; flow:established,from_client; content:"GET"; http_method; content:"/js/itnuya.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369822/; classtype:trojan-activity;sid:84232922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369823)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iyjdpm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369823/; classtype:trojan-activity;sid:84232923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369824)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qsfzow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369824/; classtype:trojan-activity;sid:84232924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369816)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kelsjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369816/; classtype:trojan-activity;sid:84232916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369817)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpoikg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369817/; classtype:trojan-activity;sid:84232917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369818)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrkfvd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369818/; classtype:trojan-activity;sid:84232918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369809)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gotnlm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369809/; classtype:trojan-activity;sid:84232909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369810)"; flow:established,from_client; content:"GET"; http_method; content:"/js/emuzcj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369810/; classtype:trojan-activity;sid:84232910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369811)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wdaqet.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369811/; classtype:trojan-activity;sid:84232911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369812)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yqnoez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369812/; classtype:trojan-activity;sid:84232912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369813)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqhbyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369813/; classtype:trojan-activity;sid:84232913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369814)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bypvgu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369814/; classtype:trojan-activity;sid:84232914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369815)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vbxrsh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369815/; classtype:trojan-activity;sid:84232915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369802)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lkfpqn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369802/; classtype:trojan-activity;sid:84232902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369803)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nadbor.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369803/; classtype:trojan-activity;sid:84232903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369804)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhwepz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369804/; classtype:trojan-activity;sid:84232904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369805)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dsoayr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369805/; classtype:trojan-activity;sid:84232905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369806)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjdkeq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369806/; classtype:trojan-activity;sid:84232906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369807)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ybqour.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369807/; classtype:trojan-activity;sid:84232907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369808)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zouans.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369808/; classtype:trojan-activity;sid:84232908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369800)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ickxdv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369800/; classtype:trojan-activity;sid:84232900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369801)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idcfeg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369801/; classtype:trojan-activity;sid:84232901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369799)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fwtgdn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369799/; classtype:trojan-activity;sid:84232899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369797)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cbpzji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369797/; classtype:trojan-activity;sid:84232897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369798)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cfjrvu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369798/; classtype:trojan-activity;sid:84232898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369795)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uvkqxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369795/; classtype:trojan-activity;sid:84232895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369796)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kdoifn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369796/; classtype:trojan-activity;sid:84232896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369793)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aipojd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369793/; classtype:trojan-activity;sid:84232893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369794)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zlsyom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369794/; classtype:trojan-activity;sid:84232894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369791)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cnduef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369791/; classtype:trojan-activity;sid:84232891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369792)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxfodm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369792/; classtype:trojan-activity;sid:84232892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369787)"; flow:established,from_client; content:"GET"; http_method; content:"/js/veyrqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369787/; classtype:trojan-activity;sid:84232887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369788)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qltmuz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369788/; classtype:trojan-activity;sid:84232888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369789)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ydhrfe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369789/; classtype:trojan-activity;sid:84232889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369790)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkerly.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369790/; classtype:trojan-activity;sid:84232890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369777)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sfxnlu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369777/; classtype:trojan-activity;sid:84232877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369778)"; flow:established,from_client; content:"GET"; http_method; content:"/js/razcsu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369778/; classtype:trojan-activity;sid:84232878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369779)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zhpgbr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369779/; classtype:trojan-activity;sid:84232879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369780)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kynazr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369780/; classtype:trojan-activity;sid:84232880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369781)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vyiwbf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369781/; classtype:trojan-activity;sid:84232881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369782)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbofah.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369782/; classtype:trojan-activity;sid:84232882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369783)"; flow:established,from_client; content:"GET"; http_method; content:"/js/datkuq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369783/; classtype:trojan-activity;sid:84232883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369784)"; flow:established,from_client; content:"GET"; http_method; content:"/js/csqhyv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369784/; classtype:trojan-activity;sid:84232884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369785)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dhkuol.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369785/; classtype:trojan-activity;sid:84232885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369786)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmzwhi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369786/; classtype:trojan-activity;sid:84232886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369769)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jmpion.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369769/; classtype:trojan-activity;sid:84232869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369770)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zjvmgx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369770/; classtype:trojan-activity;sid:84232870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369771)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bgwdlq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369771/; classtype:trojan-activity;sid:84232871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369772)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glkovy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369772/; classtype:trojan-activity;sid:84232872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369773)"; flow:established,from_client; content:"GET"; http_method; content:"/js/veyrqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369773/; classtype:trojan-activity;sid:84232873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369774)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chvjrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369774/; classtype:trojan-activity;sid:84232874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369775)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hufeid.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369775/; classtype:trojan-activity;sid:84232875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369776)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idcbzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369776/; classtype:trojan-activity;sid:84232876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369764)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pgbokr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369764/; classtype:trojan-activity;sid:84232864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369765)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ulvson.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369765/; classtype:trojan-activity;sid:84232865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369766)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jetyiw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369766/; classtype:trojan-activity;sid:84232866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369767)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ogimzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369767/; classtype:trojan-activity;sid:84232867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369768)"; flow:established,from_client; content:"GET"; http_method; content:"/js/decqzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369768/; classtype:trojan-activity;sid:84232868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369763)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wrdyti.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369763/; classtype:trojan-activity;sid:84232863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369760)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jewltz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369760/; classtype:trojan-activity;sid:84232860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369761)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tkyuqd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369761/; classtype:trojan-activity;sid:84232861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369762)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uejzgw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369762/; classtype:trojan-activity;sid:84232862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369757)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ukfjeq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369757/; classtype:trojan-activity;sid:84232857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369758)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ncmzei.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369758/; classtype:trojan-activity;sid:84232858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369759)"; flow:established,from_client; content:"GET"; http_method; content:"/js/frcvbw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369759/; classtype:trojan-activity;sid:84232859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369756)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmzwhi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369756/; classtype:trojan-activity;sid:84232856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369754)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taljsu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369754/; classtype:trojan-activity;sid:84232854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369755)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pykqbg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369755/; classtype:trojan-activity;sid:84232855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369753)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fsxjnk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369753/; classtype:trojan-activity;sid:84232853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369752)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aqbves.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369752/; classtype:trojan-activity;sid:84232852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369749)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hitguk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369749/; classtype:trojan-activity;sid:84232849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369750)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mkughj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369750/; classtype:trojan-activity;sid:84232850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369751)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gsrvje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369751/; classtype:trojan-activity;sid:84232851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369743)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kawmyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369743/; classtype:trojan-activity;sid:84232843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369744)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xanfzm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369744/; classtype:trojan-activity;sid:84232844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369745)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gotnlm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369745/; classtype:trojan-activity;sid:84232845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369746)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hvporw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369746/; classtype:trojan-activity;sid:84232846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369747)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uidphw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369747/; classtype:trojan-activity;sid:84232847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369748)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mevbzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369748/; classtype:trojan-activity;sid:84232848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369734)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cusemi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369734/; classtype:trojan-activity;sid:84232834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369735)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cagesr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369735/; classtype:trojan-activity;sid:84232835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369736)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kfqilh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369736/; classtype:trojan-activity;sid:84232836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369737)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sjqmxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369737/; classtype:trojan-activity;sid:84232837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369738)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uidphw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369738/; classtype:trojan-activity;sid:84232838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369739)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hamefz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369739/; classtype:trojan-activity;sid:84232839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369740)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zceyxg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369740/; classtype:trojan-activity;sid:84232840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369741)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfpukb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369741/; classtype:trojan-activity;sid:84232841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369742)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bsuyhj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369742/; classtype:trojan-activity;sid:84232842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369727)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kldhuq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369727/; classtype:trojan-activity;sid:84232827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369728)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wquabs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369728/; classtype:trojan-activity;sid:84232828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369729)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eaqbfm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369729/; classtype:trojan-activity;sid:84232829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369730)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gansqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369730/; classtype:trojan-activity;sid:84232830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369731)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mapjte.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369731/; classtype:trojan-activity;sid:84232831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369732)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkympx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369732/; classtype:trojan-activity;sid:84232832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369733)"; flow:established,from_client; content:"GET"; http_method; content:"/js/conuwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369733/; classtype:trojan-activity;sid:84232833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369721)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uejzgw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369721/; classtype:trojan-activity;sid:84232821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369722)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mljgai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369722/; classtype:trojan-activity;sid:84232822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369723)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cirunm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369723/; classtype:trojan-activity;sid:84232823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369724)"; flow:established,from_client; content:"GET"; http_method; content:"/js/otlsbz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369724/; classtype:trojan-activity;sid:84232824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369725)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fljxes.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369725/; classtype:trojan-activity;sid:84232825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369726)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yqnoez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369726/; classtype:trojan-activity;sid:84232826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369719)"; flow:established,from_client; content:"GET"; http_method; content:"/js/infbzq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369719/; classtype:trojan-activity;sid:84232819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369720)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pzxrbd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369720/; classtype:trojan-activity;sid:84232820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369718)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mptsrb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369718/; classtype:trojan-activity;sid:84232818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369716)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djtukm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369716/; classtype:trojan-activity;sid:84232816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369717)"; flow:established,from_client; content:"GET"; http_method; content:"/js/patlqx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369717/; classtype:trojan-activity;sid:84232817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369715)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gvqkyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369715/; classtype:trojan-activity;sid:84232815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369714)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sbdgnc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369714/; classtype:trojan-activity;sid:84232814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369713)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bypvgu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369713/; classtype:trojan-activity;sid:84232813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369708)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ygdluj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369708/; classtype:trojan-activity;sid:84232808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369709)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpglbq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369709/; classtype:trojan-activity;sid:84232809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369710)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jnlkap.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369710/; classtype:trojan-activity;sid:84232810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369711)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uhbnzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369711/; classtype:trojan-activity;sid:84232811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369712)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gjhoua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369712/; classtype:trojan-activity;sid:84232812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369701)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idcbzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369701/; classtype:trojan-activity;sid:84232801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369702)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnpqdk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369702/; classtype:trojan-activity;sid:84232802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369703)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmcsue.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369703/; classtype:trojan-activity;sid:84232803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369704)"; flow:established,from_client; content:"GET"; http_method; content:"/js/adchfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369704/; classtype:trojan-activity;sid:84232804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369705)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eicbgw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369705/; classtype:trojan-activity;sid:84232805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369706)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idagyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369706/; classtype:trojan-activity;sid:84232806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369707)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qemywl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369707/; classtype:trojan-activity;sid:84232807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369696)"; flow:established,from_client; content:"GET"; http_method; content:"/js/quwtdl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369696/; classtype:trojan-activity;sid:84232796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369697)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gsaqhu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369697/; classtype:trojan-activity;sid:84232797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369698)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vsxmok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369698/; classtype:trojan-activity;sid:84232798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369699)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ktxayf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369699/; classtype:trojan-activity;sid:84232799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369700)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hmdwoj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369700/; classtype:trojan-activity;sid:84232800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369690)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wjqosp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369690/; classtype:trojan-activity;sid:84232790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369691)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cbpzji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369691/; classtype:trojan-activity;sid:84232791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369692)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrkfvd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369692/; classtype:trojan-activity;sid:84232792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369693)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sfxnlu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369693/; classtype:trojan-activity;sid:84232793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369694)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uhbnzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369694/; classtype:trojan-activity;sid:84232794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369695)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbkyud.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369695/; classtype:trojan-activity;sid:84232795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369687)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hrtncs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369687/; classtype:trojan-activity;sid:84232787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369688)"; flow:established,from_client; content:"GET"; http_method; content:"/js/deirlj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369688/; classtype:trojan-activity;sid:84232788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369689)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkympx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369689/; classtype:trojan-activity;sid:84232789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369683)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vbxrsh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369683/; classtype:trojan-activity;sid:84232783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369684)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wzuigr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369684/; classtype:trojan-activity;sid:84232784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369685)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ghksto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369685/; classtype:trojan-activity;sid:84232785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369686)"; flow:established,from_client; content:"GET"; http_method; content:"/js/muwtfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369686/; classtype:trojan-activity;sid:84232786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369682)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xirksj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369682/; classtype:trojan-activity;sid:84232782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369679)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yobune.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369679/; classtype:trojan-activity;sid:84232779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369680)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbhwft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369680/; classtype:trojan-activity;sid:84232780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369681)"; flow:established,from_client; content:"GET"; http_method; content:"/js/voagtx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369681/; classtype:trojan-activity;sid:84232781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369676)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zcjdmh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369676/; classtype:trojan-activity;sid:84232776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369677)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rscwtp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369677/; classtype:trojan-activity;sid:84232777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369678)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vlxcgi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369678/; classtype:trojan-activity;sid:84232778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369674)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aweqxl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369674/; classtype:trojan-activity;sid:84232774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369675)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbvqma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369675/; classtype:trojan-activity;sid:84232775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369672)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zljwks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369672/; classtype:trojan-activity;sid:84232772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369673)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vyiwbf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369673/; classtype:trojan-activity;sid:84232773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369664)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atjunw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369664/; classtype:trojan-activity;sid:84232764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369665)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xuzens.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369665/; classtype:trojan-activity;sid:84232765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369666)"; flow:established,from_client; content:"GET"; http_method; content:"/js/logjmx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369666/; classtype:trojan-activity;sid:84232766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369667)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpytjb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369667/; classtype:trojan-activity;sid:84232767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369668)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mierfl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369668/; classtype:trojan-activity;sid:84232768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369669)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djiowm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369669/; classtype:trojan-activity;sid:84232769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369670)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skjpfh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369670/; classtype:trojan-activity;sid:84232770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369671)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fymvkc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369671/; classtype:trojan-activity;sid:84232771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369657)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gzsjed.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369657/; classtype:trojan-activity;sid:84232757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369658)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aspngf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369658/; classtype:trojan-activity;sid:84232758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369659)"; flow:established,from_client; content:"GET"; http_method; content:"/js/thlvcq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369659/; classtype:trojan-activity;sid:84232759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369660)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbkyud.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369660/; classtype:trojan-activity;sid:84232760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369661)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dnbuqz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369661/; classtype:trojan-activity;sid:84232761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369662)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvzyka.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369662/; classtype:trojan-activity;sid:84232762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369663)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mapjte.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369663/; classtype:trojan-activity;sid:84232763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369654)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mfpwko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369654/; classtype:trojan-activity;sid:84232754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369655)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gipart.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369655/; classtype:trojan-activity;sid:84232755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369656)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnviot.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369656/; classtype:trojan-activity;sid:84232756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369647)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cljokq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369647/; classtype:trojan-activity;sid:84232747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369648)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fdujrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369648/; classtype:trojan-activity;sid:84232748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369649)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvrqtl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369649/; classtype:trojan-activity;sid:84232749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369650)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ulvson.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369650/; classtype:trojan-activity;sid:84232750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369651)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ujaemc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369651/; classtype:trojan-activity;sid:84232751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369652)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yitvba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369652/; classtype:trojan-activity;sid:84232752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369653)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qldugb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369653/; classtype:trojan-activity;sid:84232753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369645)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atrpjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369645/; classtype:trojan-activity;sid:84232745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369646)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xevfyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369646/; classtype:trojan-activity;sid:84232746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369644)"; flow:established,from_client; content:"GET"; http_method; content:"/js/clgkjd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369644/; classtype:trojan-activity;sid:84232744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369642)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ptmnwy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369642/; classtype:trojan-activity;sid:84232742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369643)"; flow:established,from_client; content:"GET"; http_method; content:"/js/unpwzy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369643/; classtype:trojan-activity;sid:84232743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369640)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lafizx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369640/; classtype:trojan-activity;sid:84232740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369641)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifzcar.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369641/; classtype:trojan-activity;sid:84232741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369638)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmcsue.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369638/; classtype:trojan-activity;sid:84232738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369639)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vrdwne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369639/; classtype:trojan-activity;sid:84232739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369635)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfbxjn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369635/; classtype:trojan-activity;sid:84232735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369636)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yslwup.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369636/; classtype:trojan-activity;sid:84232736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369637)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wdaqet.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369637/; classtype:trojan-activity;sid:84232737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369634)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glkovy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369634/; classtype:trojan-activity;sid:84232734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369623)"; flow:established,from_client; content:"GET"; http_method; content:"/js/josfaz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369623/; classtype:trojan-activity;sid:84232723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369624)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ipcfyq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369624/; classtype:trojan-activity;sid:84232724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369625)"; flow:established,from_client; content:"GET"; http_method; content:"/js/elqgwv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369625/; classtype:trojan-activity;sid:84232725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369626)"; flow:established,from_client; content:"GET"; http_method; content:"/js/owzlim.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369626/; classtype:trojan-activity;sid:84232726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369627)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rlmkdy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369627/; classtype:trojan-activity;sid:84232727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369628)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mierfl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369628/; classtype:trojan-activity;sid:84232728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369629)"; flow:established,from_client; content:"GET"; http_method; content:"/js/juvwhm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369629/; classtype:trojan-activity;sid:84232729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369630)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znqsod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369630/; classtype:trojan-activity;sid:84232730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369631)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ndarqe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369631/; classtype:trojan-activity;sid:84232731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369632)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zceyxg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369632/; classtype:trojan-activity;sid:84232732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369633)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xzngir.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369633/; classtype:trojan-activity;sid:84232733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369619)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znqsod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369619/; classtype:trojan-activity;sid:84232719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369620)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sdfjyu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369620/; classtype:trojan-activity;sid:84232720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369621)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixveou.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369621/; classtype:trojan-activity;sid:84232721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369622)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hegofv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369622/; classtype:trojan-activity;sid:84232722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369615)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wzuigr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369615/; classtype:trojan-activity;sid:84232715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369616)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znqsod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369616/; classtype:trojan-activity;sid:84232716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369617)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kshmaz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369617/; classtype:trojan-activity;sid:84232717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369618)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dmhjua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369618/; classtype:trojan-activity;sid:84232718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369612)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bsuyhj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369612/; classtype:trojan-activity;sid:84232712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369613)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ehsail.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369613/; classtype:trojan-activity;sid:84232713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369614)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jktxoq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369614/; classtype:trojan-activity;sid:84232714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369609)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zmpafn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369609/; classtype:trojan-activity;sid:84232709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369610)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tfezuo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369610/; classtype:trojan-activity;sid:84232710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369611)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bjewxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369611/; classtype:trojan-activity;sid:84232711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369607)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kvjcwu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369607/; classtype:trojan-activity;sid:84232707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369608)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kwuisd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369608/; classtype:trojan-activity;sid:84232708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369605)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apwisr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369605/; classtype:trojan-activity;sid:84232705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369606)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vwqcpe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369606/; classtype:trojan-activity;sid:84232706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369603)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkocxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369603/; classtype:trojan-activity;sid:84232703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369604)"; flow:established,from_client; content:"GET"; http_method; content:"/js/epmtcs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369604/; classtype:trojan-activity;sid:84232704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.236.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369597/; classtype:trojan-activity;sid:84232697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369598)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nmoyjz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369598/; classtype:trojan-activity;sid:84232698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369599)"; flow:established,from_client; content:"GET"; http_method; content:"/js/grwsed.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369599/; classtype:trojan-activity;sid:84232699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369600)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vgzdto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369600/; classtype:trojan-activity;sid:84232700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369601)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmexdh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369601/; classtype:trojan-activity;sid:84232701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369602)"; flow:established,from_client; content:"GET"; http_method; content:"/js/arpufx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369602/; classtype:trojan-activity;sid:84232702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369596)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kdoifn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369596/; classtype:trojan-activity;sid:84232696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369595)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bymvne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369595/; classtype:trojan-activity;sid:84232695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369590)"; flow:established,from_client; content:"GET"; http_method; content:"/js/datkuq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369590/; classtype:trojan-activity;sid:84232690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369591)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hstjvf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369591/; classtype:trojan-activity;sid:84232691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369592)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhrnse.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369592/; classtype:trojan-activity;sid:84232692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369593)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtnlzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369593/; classtype:trojan-activity;sid:84232693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369594)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fljxes.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369594/; classtype:trojan-activity;sid:84232694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369586)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nsvtqg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369586/; classtype:trojan-activity;sid:84232686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369587)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fnotqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369587/; classtype:trojan-activity;sid:84232687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369588)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbofah.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369588/; classtype:trojan-activity;sid:84232688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369589)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sghoik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369589/; classtype:trojan-activity;sid:84232689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369580)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ymqxsp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369580/; classtype:trojan-activity;sid:84232680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369581)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xskyft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369581/; classtype:trojan-activity;sid:84232681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369582)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ezpqta.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369582/; classtype:trojan-activity;sid:84232682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369583)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kfqilh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369583/; classtype:trojan-activity;sid:84232683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369584)"; flow:established,from_client; content:"GET"; http_method; content:"/js/datkuq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369584/; classtype:trojan-activity;sid:84232684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369585)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzdvkx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369585/; classtype:trojan-activity;sid:84232685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369573)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnviot.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369573/; classtype:trojan-activity;sid:84232673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369574)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yamlwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369574/; classtype:trojan-activity;sid:84232674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369575)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qgjoih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369575/; classtype:trojan-activity;sid:84232675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369576)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yvetcg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369576/; classtype:trojan-activity;sid:84232676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369577)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gsaqhu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369577/; classtype:trojan-activity;sid:84232677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369578)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftnyxj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369578/; classtype:trojan-activity;sid:84232678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369579)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hcgzyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369579/; classtype:trojan-activity;sid:84232679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369571)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gevhks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369571/; classtype:trojan-activity;sid:84232671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369572)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cafshz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369572/; classtype:trojan-activity;sid:84232672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369569)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jpwtkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369569/; classtype:trojan-activity;sid:84232669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369570)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ujaemc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369570/; classtype:trojan-activity;sid:84232670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369562)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dzayik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369562/; classtype:trojan-activity;sid:84232662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369563)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrdywl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369563/; classtype:trojan-activity;sid:84232663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369564)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qpszhk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369564/; classtype:trojan-activity;sid:84232664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369565)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gansqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369565/; classtype:trojan-activity;sid:84232665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369566)"; flow:established,from_client; content:"GET"; http_method; content:"/js/itnuya.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369566/; classtype:trojan-activity;sid:84232666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369567)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mfpwko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369567/; classtype:trojan-activity;sid:84232667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369568)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ypevoz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369568/; classtype:trojan-activity;sid:84232668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369561)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkympx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369561/; classtype:trojan-activity;sid:84232661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369558)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnmyqi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369558/; classtype:trojan-activity;sid:84232658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369559)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skeqhi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369559/; classtype:trojan-activity;sid:84232659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369560)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yamlwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369560/; classtype:trojan-activity;sid:84232660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369557)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tmgdkz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369557/; classtype:trojan-activity;sid:84232657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369554)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmfoys.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369554/; classtype:trojan-activity;sid:84232654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369555)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bcertv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369555/; classtype:trojan-activity;sid:84232655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369556)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gsaqhu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369556/; classtype:trojan-activity;sid:84232656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369553)"; flow:established,from_client; content:"GET"; http_method; content:"/js/suizdx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369553/; classtype:trojan-activity;sid:84232653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369552)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dperay.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369552/; classtype:trojan-activity;sid:84232652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369547)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atbmcv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369547/; classtype:trojan-activity;sid:84232647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369548)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kshmaz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369548/; classtype:trojan-activity;sid:84232648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369549)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xyijec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369549/; classtype:trojan-activity;sid:84232649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369550)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zibajo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369550/; classtype:trojan-activity;sid:84232650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369551)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxnzvl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369551/; classtype:trojan-activity;sid:84232651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369539)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jetyiw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369539/; classtype:trojan-activity;sid:84232639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369540)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qeklsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369540/; classtype:trojan-activity;sid:84232640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369541)"; flow:established,from_client; content:"GET"; http_method; content:"/js/shaovt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369541/; classtype:trojan-activity;sid:84232641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369542)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ghksto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369542/; classtype:trojan-activity;sid:84232642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369543)"; flow:established,from_client; content:"GET"; http_method; content:"/js/womtxr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369543/; classtype:trojan-activity;sid:84232643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369544)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gmrkwh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369544/; classtype:trojan-activity;sid:84232644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369545)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykznlv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369545/; classtype:trojan-activity;sid:84232645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369546)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kdoifn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369546/; classtype:trojan-activity;sid:84232646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369532)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uregky.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369532/; classtype:trojan-activity;sid:84232632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369533)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qasuzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369533/; classtype:trojan-activity;sid:84232633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369534)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gsrvje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369534/; classtype:trojan-activity;sid:84232634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369535)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sghoik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369535/; classtype:trojan-activity;sid:84232635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369536)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xlgyhf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369536/; classtype:trojan-activity;sid:84232636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369537)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqhbyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369537/; classtype:trojan-activity;sid:84232637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369538)"; flow:established,from_client; content:"GET"; http_method; content:"/js/othnqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369538/; classtype:trojan-activity;sid:84232638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369527)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qatijs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369527/; classtype:trojan-activity;sid:84232627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369528)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ickxdv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369528/; classtype:trojan-activity;sid:84232628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369529)"; flow:established,from_client; content:"GET"; http_method; content:"/js/suizdx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369529/; classtype:trojan-activity;sid:84232629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369530)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yamlwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369530/; classtype:trojan-activity;sid:84232630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369531)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ewfshl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369531/; classtype:trojan-activity;sid:84232631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369524)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rbgovl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369524/; classtype:trojan-activity;sid:84232624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369525)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cexirv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369525/; classtype:trojan-activity;sid:84232625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369526)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idagyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369526/; classtype:trojan-activity;sid:84232626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369520)"; flow:established,from_client; content:"GET"; http_method; content:"/js/piwvzg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369520/; classtype:trojan-activity;sid:84232620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369521)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qldugb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369521/; classtype:trojan-activity;sid:84232621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369522)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xevfyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369522/; classtype:trojan-activity;sid:84232622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369523)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lozwub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369523/; classtype:trojan-activity;sid:84232623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369519)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ldwnqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369519/; classtype:trojan-activity;sid:84232619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369515)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qsfzow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369515/; classtype:trojan-activity;sid:84232615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369516)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vgzdto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369516/; classtype:trojan-activity;sid:84232616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369517)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jtnebv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369517/; classtype:trojan-activity;sid:84232617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369518)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qgjoih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369518/; classtype:trojan-activity;sid:84232618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369513)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtapwo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369513/; classtype:trojan-activity;sid:84232613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369514)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jpwtkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369514/; classtype:trojan-activity;sid:84232614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369511)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aybfme.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369511/; classtype:trojan-activity;sid:84232611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369512)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfpukb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369512/; classtype:trojan-activity;sid:84232612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369510)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qltmuz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369510/; classtype:trojan-activity;sid:84232610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369507)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqyaix.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369507/; classtype:trojan-activity;sid:84232607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369508)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mgfldi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369508/; classtype:trojan-activity;sid:84232608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369509)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nkdqcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369509/; classtype:trojan-activity;sid:84232609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369500)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ehwdpq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369500/; classtype:trojan-activity;sid:84232600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369501)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hcsftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369501/; classtype:trojan-activity;sid:84232601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369502)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cirunm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369502/; classtype:trojan-activity;sid:84232602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369503)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fymvkc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369503/; classtype:trojan-activity;sid:84232603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369504)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fenjvr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369504/; classtype:trojan-activity;sid:84232604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369505)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zvhmne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369505/; classtype:trojan-activity;sid:84232605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369506)"; flow:established,from_client; content:"GET"; http_method; content:"/js/juilvp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369506/; classtype:trojan-activity;sid:84232606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369491)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uhbnzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369491/; classtype:trojan-activity;sid:84232591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369492)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnxjiu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369492/; classtype:trojan-activity;sid:84232592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369493)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjshmy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369493/; classtype:trojan-activity;sid:84232593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369494)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fenxkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369494/; classtype:trojan-activity;sid:84232594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369495)"; flow:established,from_client; content:"GET"; http_method; content:"/js/voagtx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369495/; classtype:trojan-activity;sid:84232595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369496)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifnvqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369496/; classtype:trojan-activity;sid:84232596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369497)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcqjbh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369497/; classtype:trojan-activity;sid:84232597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369498)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ivhuox.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369498/; classtype:trojan-activity;sid:84232598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369499)"; flow:established,from_client; content:"GET"; http_method; content:"/js/smabhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369499/; classtype:trojan-activity;sid:84232599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369488)"; flow:established,from_client; content:"GET"; http_method; content:"/js/clwnai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369488/; classtype:trojan-activity;sid:84232588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369489)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kshmaz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369489/; classtype:trojan-activity;sid:84232589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369490)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pruzif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369490/; classtype:trojan-activity;sid:84232590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369483)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pgbokr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369483/; classtype:trojan-activity;sid:84232583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369484)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atbmcv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369484/; classtype:trojan-activity;sid:84232584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369485)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uszyql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369485/; classtype:trojan-activity;sid:84232585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369486)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jyhdca.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369486/; classtype:trojan-activity;sid:84232586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369487)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dmhjua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369487/; classtype:trojan-activity;sid:84232587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369481)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifnvqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369481/; classtype:trojan-activity;sid:84232581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369482)"; flow:established,from_client; content:"GET"; http_method; content:"/js/athupi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369482/; classtype:trojan-activity;sid:84232582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369479)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bazydn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369479/; classtype:trojan-activity;sid:84232579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369480)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftgiow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369480/; classtype:trojan-activity;sid:84232580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369478)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bcertv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369478/; classtype:trojan-activity;sid:84232578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369476)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qfaxth.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369476/; classtype:trojan-activity;sid:84232576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369477)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hljwts.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369477/; classtype:trojan-activity;sid:84232577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369471)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uilxhz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369471/; classtype:trojan-activity;sid:84232571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369472)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hjpgor.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369472/; classtype:trojan-activity;sid:84232572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369473)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjukql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369473/; classtype:trojan-activity;sid:84232573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369474)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aspngf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369474/; classtype:trojan-activity;sid:84232574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369475)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gjhoua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369475/; classtype:trojan-activity;sid:84232575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369468)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jyochl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369468/; classtype:trojan-activity;sid:84232568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369469)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxnzvl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369469/; classtype:trojan-activity;sid:84232569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369470)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rjlkai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369470/; classtype:trojan-activity;sid:84232570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369464)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrwyvs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369464/; classtype:trojan-activity;sid:84232564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369465)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xnhimz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369465/; classtype:trojan-activity;sid:84232565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369466)"; flow:established,from_client; content:"GET"; http_method; content:"/js/arpufx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369466/; classtype:trojan-activity;sid:84232566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369467)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ovnfdt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369467/; classtype:trojan-activity;sid:84232567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369458)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fgkiep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369458/; classtype:trojan-activity;sid:84232558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369459)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yxkdji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369459/; classtype:trojan-activity;sid:84232559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369460)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ydsuwj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369460/; classtype:trojan-activity;sid:84232560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369461)"; flow:established,from_client; content:"GET"; http_method; content:"/js/finksa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369461/; classtype:trojan-activity;sid:84232561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369462)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cexudy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369462/; classtype:trojan-activity;sid:84232562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369463)"; flow:established,from_client; content:"GET"; http_method; content:"/js/akmsfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369463/; classtype:trojan-activity;sid:84232563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369452)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xevfyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369452/; classtype:trojan-activity;sid:84232552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369453)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xanfzm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369453/; classtype:trojan-activity;sid:84232553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369454)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chvjrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369454/; classtype:trojan-activity;sid:84232554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369455)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jeighd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369455/; classtype:trojan-activity;sid:84232555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369456)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fwtgdn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369456/; classtype:trojan-activity;sid:84232556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369457)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mkughj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369457/; classtype:trojan-activity;sid:84232557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369449)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taypgl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369449/; classtype:trojan-activity;sid:84232549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369450)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jgukrx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369450/; classtype:trojan-activity;sid:84232550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369451)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wdgbif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369451/; classtype:trojan-activity;sid:84232551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369444)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kjdzyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369444/; classtype:trojan-activity;sid:84232544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369445)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixveou.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369445/; classtype:trojan-activity;sid:84232545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369446)"; flow:established,from_client; content:"GET"; http_method; content:"/js/enhozf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369446/; classtype:trojan-activity;sid:84232546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369447)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kawmyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369447/; classtype:trojan-activity;sid:84232547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369448)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mevbzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369448/; classtype:trojan-activity;sid:84232548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369440)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zqugpa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369440/; classtype:trojan-activity;sid:84232540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369441)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbvqma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369441/; classtype:trojan-activity;sid:84232541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369442)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cbpzji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369442/; classtype:trojan-activity;sid:84232542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369443)"; flow:established,from_client; content:"GET"; http_method; content:"/js/twymph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369443/; classtype:trojan-activity;sid:84232543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369438)"; flow:established,from_client; content:"GET"; http_method; content:"/js/decqzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369438/; classtype:trojan-activity;sid:84232538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369439)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbuvxf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369439/; classtype:trojan-activity;sid:84232539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369437)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glzfjk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369437/; classtype:trojan-activity;sid:84232537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369434)"; flow:established,from_client; content:"GET"; http_method; content:"/js/isygcv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369434/; classtype:trojan-activity;sid:84232534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369435)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrfxqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369435/; classtype:trojan-activity;sid:84232535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369436)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rbgovl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369436/; classtype:trojan-activity;sid:84232536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369433)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vyiwbf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369433/; classtype:trojan-activity;sid:84232533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369427)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bqpmtr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369427/; classtype:trojan-activity;sid:84232527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369428)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfbxjn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369428/; classtype:trojan-activity;sid:84232528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369429)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ogimzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369429/; classtype:trojan-activity;sid:84232529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369430)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucanwd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369430/; classtype:trojan-activity;sid:84232530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369431)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhpkzx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369431/; classtype:trojan-activity;sid:84232531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369432)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qycavu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369432/; classtype:trojan-activity;sid:84232532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369420)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cexudy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369420/; classtype:trojan-activity;sid:84232520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369421)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hzsfvj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369421/; classtype:trojan-activity;sid:84232521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369422)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnpqdk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369422/; classtype:trojan-activity;sid:84232522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369423)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mfzwxd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369423/; classtype:trojan-activity;sid:84232523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369424)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lkfpqn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369424/; classtype:trojan-activity;sid:84232524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369425)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glebqm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369425/; classtype:trojan-activity;sid:84232525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369426)"; flow:established,from_client; content:"GET"; http_method; content:"/js/inkxgs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369426/; classtype:trojan-activity;sid:84232526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369412)"; flow:established,from_client; content:"GET"; http_method; content:"/js/josfaz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369412/; classtype:trojan-activity;sid:84232512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369413)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cagesr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369413/; classtype:trojan-activity;sid:84232513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369414)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dkwozi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369414/; classtype:trojan-activity;sid:84232514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369415)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftnyxj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369415/; classtype:trojan-activity;sid:84232515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369416)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uvkqxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369416/; classtype:trojan-activity;sid:84232516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369417)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lhdswc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369417/; classtype:trojan-activity;sid:84232517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369418)"; flow:established,from_client; content:"GET"; http_method; content:"/js/alzgdf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369418/; classtype:trojan-activity;sid:84232518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369419)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhqfza.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369419/; classtype:trojan-activity;sid:84232519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369407)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pecfql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369407/; classtype:trojan-activity;sid:84232507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369408)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bzscvg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369408/; classtype:trojan-activity;sid:84232508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369409)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ivhuox.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369409/; classtype:trojan-activity;sid:84232509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369410)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jnfesb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369410/; classtype:trojan-activity;sid:84232510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369411)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mgfldi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369411/; classtype:trojan-activity;sid:84232511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369405)"; flow:established,from_client; content:"GET"; http_method; content:"/js/efcwnv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369405/; classtype:trojan-activity;sid:84232505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369406)"; flow:established,from_client; content:"GET"; http_method; content:"/js/szoujy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369406/; classtype:trojan-activity;sid:84232506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369401)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vgzdto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369401/; classtype:trojan-activity;sid:84232501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369402)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jbougr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369402/; classtype:trojan-activity;sid:84232502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369403)"; flow:established,from_client; content:"GET"; http_method; content:"/js/othnqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369403/; classtype:trojan-activity;sid:84232503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369404)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucvlao.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369404/; classtype:trojan-activity;sid:84232504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369398)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lknfyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369398/; classtype:trojan-activity;sid:84232498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369399)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkerly.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369399/; classtype:trojan-activity;sid:84232499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369400)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fsxjnk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369400/; classtype:trojan-activity;sid:84232500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369397)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kelsjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369397/; classtype:trojan-activity;sid:84232497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369395)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kyxnuf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369395/; classtype:trojan-activity;sid:84232495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369396)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eyxpjz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369396/; classtype:trojan-activity;sid:84232496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369394)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znxswu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369394/; classtype:trojan-activity;sid:84232494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369389)"; flow:established,from_client; content:"GET"; http_method; content:"/js/priola.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369389/; classtype:trojan-activity;sid:84232489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369390)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbrvxl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369390/; classtype:trojan-activity;sid:84232490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369391)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hstjvf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369391/; classtype:trojan-activity;sid:84232491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369392)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fltyha.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369392/; classtype:trojan-activity;sid:84232492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369393)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zceyxg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369393/; classtype:trojan-activity;sid:84232493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369380)"; flow:established,from_client; content:"GET"; http_method; content:"/js/exjfba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369380/; classtype:trojan-activity;sid:84232480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369381)"; flow:established,from_client; content:"GET"; http_method; content:"/js/infbzq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369381/; classtype:trojan-activity;sid:84232481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369382)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aqbves.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369382/; classtype:trojan-activity;sid:84232482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369383)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbkyud.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369383/; classtype:trojan-activity;sid:84232483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369384)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whokyr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369384/; classtype:trojan-activity;sid:84232484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369385)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zcjdmh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369385/; classtype:trojan-activity;sid:84232485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369386)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfbxjn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369386/; classtype:trojan-activity;sid:84232486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369387)"; flow:established,from_client; content:"GET"; http_method; content:"/js/emuzcj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369387/; classtype:trojan-activity;sid:84232487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369388)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qsfzow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369388/; classtype:trojan-activity;sid:84232488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369373)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnjwvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369373/; classtype:trojan-activity;sid:84232473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369374)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jyhdca.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369374/; classtype:trojan-activity;sid:84232474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369375)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtapwo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369375/; classtype:trojan-activity;sid:84232475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369376)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lknfyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369376/; classtype:trojan-activity;sid:84232476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369377)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cdazps.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369377/; classtype:trojan-activity;sid:84232477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369378)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qtplzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369378/; classtype:trojan-activity;sid:84232478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369379)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rufnbo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369379/; classtype:trojan-activity;sid:84232479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369369)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uilxhz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369369/; classtype:trojan-activity;sid:84232469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369370)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hmdwoj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369370/; classtype:trojan-activity;sid:84232470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369371)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nkdqcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369371/; classtype:trojan-activity;sid:84232471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369372)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vdqlnz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369372/; classtype:trojan-activity;sid:84232472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369368)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pqxyjc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369368/; classtype:trojan-activity;sid:84232468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369364)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jktxoq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369364/; classtype:trojan-activity;sid:84232464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369365)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nyovtk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369365/; classtype:trojan-activity;sid:84232465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369366)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sezmlk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369366/; classtype:trojan-activity;sid:84232466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369367)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jktxoq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369367/; classtype:trojan-activity;sid:84232467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369362)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrwyvs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369362/; classtype:trojan-activity;sid:84232462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369363)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lczntq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369363/; classtype:trojan-activity;sid:84232463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369359)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqyaix.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369359/; classtype:trojan-activity;sid:84232459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369360)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mdlnqa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369360/; classtype:trojan-activity;sid:84232460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369361)"; flow:established,from_client; content:"GET"; http_method; content:"/js/twymph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369361/; classtype:trojan-activity;sid:84232461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369357)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qfthvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369357/; classtype:trojan-activity;sid:84232457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369358)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zjvmgx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369358/; classtype:trojan-activity;sid:84232458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369356)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lkfpqn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369356/; classtype:trojan-activity;sid:84232456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369353)"; flow:established,from_client; content:"GET"; http_method; content:"/js/foskub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369353/; classtype:trojan-activity;sid:84232453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369354)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pgbokr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369354/; classtype:trojan-activity;sid:84232454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369355)"; flow:established,from_client; content:"GET"; http_method; content:"/js/enhozf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369355/; classtype:trojan-activity;sid:84232455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369351)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qtplzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369351/; classtype:trojan-activity;sid:84232451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369352)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lneyjh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369352/; classtype:trojan-activity;sid:84232452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369348)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fuedsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369348/; classtype:trojan-activity;sid:84232448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369349)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjovbi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369349/; classtype:trojan-activity;sid:84232449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369350)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ydsuwj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369350/; classtype:trojan-activity;sid:84232450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369343)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zvqgph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369343/; classtype:trojan-activity;sid:84232443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369344)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpoikg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369344/; classtype:trojan-activity;sid:84232444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369345)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fzcobw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369345/; classtype:trojan-activity;sid:84232445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369346)"; flow:established,from_client; content:"GET"; http_method; content:"/js/diktcx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369346/; classtype:trojan-activity;sid:84232446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369347)"; flow:established,from_client; content:"GET"; http_method; content:"/js/smabhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369347/; classtype:trojan-activity;sid:84232447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369337)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vsmdyo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369337/; classtype:trojan-activity;sid:84232437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369338)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znrmco.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369338/; classtype:trojan-activity;sid:84232438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369339)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftgiow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369339/; classtype:trojan-activity;sid:84232439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369340)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ptvnkh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369340/; classtype:trojan-activity;sid:84232440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369341)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpytjb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369341/; classtype:trojan-activity;sid:84232441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369342)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykxupl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369342/; classtype:trojan-activity;sid:84232442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369331)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpfhym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369331/; classtype:trojan-activity;sid:84232431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369332)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aqbves.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369332/; classtype:trojan-activity;sid:84232432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369333)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftpido.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369333/; classtype:trojan-activity;sid:84232433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369334)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tozpxi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369334/; classtype:trojan-activity;sid:84232434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369335)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ypevoz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369335/; classtype:trojan-activity;sid:84232435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369336)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tfezuo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369336/; classtype:trojan-activity;sid:84232436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369327)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ptvnkh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369327/; classtype:trojan-activity;sid:84232427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369328)"; flow:established,from_client; content:"GET"; http_method; content:"/js/surtfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369328/; classtype:trojan-activity;sid:84232428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369329)"; flow:established,from_client; content:"GET"; http_method; content:"/js/npukdv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369329/; classtype:trojan-activity;sid:84232429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369330)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skeqhi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369330/; classtype:trojan-activity;sid:84232430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369326)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fenjvr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369326/; classtype:trojan-activity;sid:84232426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369323)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fzcobw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369323/; classtype:trojan-activity;sid:84232423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369324)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cafshz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369324/; classtype:trojan-activity;sid:84232424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369325)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kemhaw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369325/; classtype:trojan-activity;sid:84232425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369322)"; flow:established,from_client; content:"GET"; http_method; content:"/js/epmtcs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369322/; classtype:trojan-activity;sid:84232422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369317)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wmlxpy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369317/; classtype:trojan-activity;sid:84232417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369318)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lknfyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369318/; classtype:trojan-activity;sid:84232418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369319)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uqayrn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369319/; classtype:trojan-activity;sid:84232419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369320)"; flow:established,from_client; content:"GET"; http_method; content:"/js/msiucg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369320/; classtype:trojan-activity;sid:84232420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369321)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fkadbt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369321/; classtype:trojan-activity;sid:84232421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369314)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucanwd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369314/; classtype:trojan-activity;sid:84232414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369315)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glzfjk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369315/; classtype:trojan-activity;sid:84232415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369316)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xlwuak.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369316/; classtype:trojan-activity;sid:84232416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369311)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vsmdyo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369311/; classtype:trojan-activity;sid:84232411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369312)"; flow:established,from_client; content:"GET"; http_method; content:"/js/smabhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369312/; classtype:trojan-activity;sid:84232412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369313)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qldugb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369313/; classtype:trojan-activity;sid:84232413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369309)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ewfshl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369309/; classtype:trojan-activity;sid:84232409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369310)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xlgyhf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369310/; classtype:trojan-activity;sid:84232410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369307)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tmgdkz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369307/; classtype:trojan-activity;sid:84232407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369308)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xyijec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369308/; classtype:trojan-activity;sid:84232408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369303)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykxupl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369303/; classtype:trojan-activity;sid:84232403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369304)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lhdswc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369304/; classtype:trojan-activity;sid:84232404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369305)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lfsniz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369305/; classtype:trojan-activity;sid:84232405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369306)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hljwts.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369306/; classtype:trojan-activity;sid:84232406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369295)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hcgzyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369295/; classtype:trojan-activity;sid:84232395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369296)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nmsujh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369296/; classtype:trojan-activity;sid:84232396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369297)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pysbgm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369297/; classtype:trojan-activity;sid:84232397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369298)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idcbzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369298/; classtype:trojan-activity;sid:84232398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369299)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aybfme.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369299/; classtype:trojan-activity;sid:84232399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369300)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ehwdpq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369300/; classtype:trojan-activity;sid:84232400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369301)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xyijec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369301/; classtype:trojan-activity;sid:84232401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369302)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbhpnc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369302/; classtype:trojan-activity;sid:84232402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369291)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atrpjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369291/; classtype:trojan-activity;sid:84232391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369292)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vuniot.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369292/; classtype:trojan-activity;sid:84232392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369293)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qfthvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369293/; classtype:trojan-activity;sid:84232393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369294)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhvgrs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369294/; classtype:trojan-activity;sid:84232394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369286)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifzcar.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369286/; classtype:trojan-activity;sid:84232386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369287)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uregky.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369287/; classtype:trojan-activity;sid:84232387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369288)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucorwt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369288/; classtype:trojan-activity;sid:84232388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369289)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pykqbg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369289/; classtype:trojan-activity;sid:84232389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369290)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rbgovl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369290/; classtype:trojan-activity;sid:84232390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369284)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xgkhwm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369284/; classtype:trojan-activity;sid:84232384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369285)"; flow:established,from_client; content:"GET"; http_method; content:"/js/josfaz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369285/; classtype:trojan-activity;sid:84232385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369283)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gbqisj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369283/; classtype:trojan-activity;sid:84232383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369281)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xjkztu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369281/; classtype:trojan-activity;sid:84232381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369282)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kltrfy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369282/; classtype:trojan-activity;sid:84232382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369279)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nfimsr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369279/; classtype:trojan-activity;sid:84232379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369280)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vlxcgi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369280/; classtype:trojan-activity;sid:84232380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369275)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vexzha.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369275/; classtype:trojan-activity;sid:84232375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369276)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqyaix.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369276/; classtype:trojan-activity;sid:84232376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369277)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uejzgw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369277/; classtype:trojan-activity;sid:84232377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369278)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vrdwne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369278/; classtype:trojan-activity;sid:84232378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369273)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jfwdec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369273/; classtype:trojan-activity;sid:84232373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369274)"; flow:established,from_client; content:"GET"; http_method; content:"/js/msfkoe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369274/; classtype:trojan-activity;sid:84232374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369272)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ewfshl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369272/; classtype:trojan-activity;sid:84232372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369268)"; flow:established,from_client; content:"GET"; http_method; content:"/js/klydgb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369268/; classtype:trojan-activity;sid:84232368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369269)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kxcqzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369269/; classtype:trojan-activity;sid:84232369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369270)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eyxpjz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369270/; classtype:trojan-activity;sid:84232370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369271)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rqopna.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369271/; classtype:trojan-activity;sid:84232371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369263)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjdkeq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369263/; classtype:trojan-activity;sid:84232363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369264)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dhkuol.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369264/; classtype:trojan-activity;sid:84232364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369265)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnpqdk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369265/; classtype:trojan-activity;sid:84232365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369266)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yobune.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369266/; classtype:trojan-activity;sid:84232366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369267)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykxupl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369267/; classtype:trojan-activity;sid:84232367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369257)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrwyvs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369257/; classtype:trojan-activity;sid:84232357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369258)"; flow:established,from_client; content:"GET"; http_method; content:"/js/okmnjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369258/; classtype:trojan-activity;sid:84232358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369259)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zawmxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369259/; classtype:trojan-activity;sid:84232359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369260)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyvhof.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369260/; classtype:trojan-activity;sid:84232360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369261)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bnfzji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369261/; classtype:trojan-activity;sid:84232361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369262)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnudjm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369262/; classtype:trojan-activity;sid:84232362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369253)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhvuqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369253/; classtype:trojan-activity;sid:84232353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369254)"; flow:established,from_client; content:"GET"; http_method; content:"/js/godukp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369254/; classtype:trojan-activity;sid:84232354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369255)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvzyka.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369255/; classtype:trojan-activity;sid:84232355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369256)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xzinom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369256/; classtype:trojan-activity;sid:84232356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369248)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dimekn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369248/; classtype:trojan-activity;sid:84232348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369249)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pysbgm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369249/; classtype:trojan-activity;sid:84232349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369250)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wdgbif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369250/; classtype:trojan-activity;sid:84232350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369251)"; flow:established,from_client; content:"GET"; http_method; content:"/js/adchfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369251/; classtype:trojan-activity;sid:84232351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369252)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xzngir.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369252/; classtype:trojan-activity;sid:84232352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369245)"; flow:established,from_client; content:"GET"; http_method; content:"/js/clgkjd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369245/; classtype:trojan-activity;sid:84232345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369246)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hsalxw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369246/; classtype:trojan-activity;sid:84232346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369247)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cexirv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369247/; classtype:trojan-activity;sid:84232347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369242)"; flow:established,from_client; content:"GET"; http_method; content:"/js/afmjqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369242/; classtype:trojan-activity;sid:84232342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369243)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrfxqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369243/; classtype:trojan-activity;sid:84232343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369244)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mriwqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369244/; classtype:trojan-activity;sid:84232344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369239)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dperay.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369239/; classtype:trojan-activity;sid:84232339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369240)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kfqilh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369240/; classtype:trojan-activity;sid:84232340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369241)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhrnse.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369241/; classtype:trojan-activity;sid:84232341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369236)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cagesr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369236/; classtype:trojan-activity;sid:84232336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369237)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wjqosp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369237/; classtype:trojan-activity;sid:84232337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369238)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cirunm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369238/; classtype:trojan-activity;sid:84232338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369233)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vcanft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369233/; classtype:trojan-activity;sid:84232333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369234)"; flow:established,from_client; content:"GET"; http_method; content:"/js/finksa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369234/; classtype:trojan-activity;sid:84232334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369235)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ctrnow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369235/; classtype:trojan-activity;sid:84232335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369229)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yrnebj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369229/; classtype:trojan-activity;sid:84232329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369230)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chepkx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369230/; classtype:trojan-activity;sid:84232330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369231)"; flow:established,from_client; content:"GET"; http_method; content:"/js/voagtx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369231/; classtype:trojan-activity;sid:84232331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369232)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ehsail.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369232/; classtype:trojan-activity;sid:84232332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369226)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zlsyom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369226/; classtype:trojan-activity;sid:84232326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369227)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ymqxsp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369227/; classtype:trojan-activity;sid:84232327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369228)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnjwvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369228/; classtype:trojan-activity;sid:84232328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369225)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbomky.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369225/; classtype:trojan-activity;sid:84232325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369224)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aipojd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369224/; classtype:trojan-activity;sid:84232324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369220)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hjpgor.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369220/; classtype:trojan-activity;sid:84232320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369221)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qpszhk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369221/; classtype:trojan-activity;sid:84232321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369222)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mqufva.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369222/; classtype:trojan-activity;sid:84232322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369223)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zqugpa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369223/; classtype:trojan-activity;sid:84232323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369217)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ygdluj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369217/; classtype:trojan-activity;sid:84232317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369218)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ptvnkh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369218/; classtype:trojan-activity;sid:84232318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369219)"; flow:established,from_client; content:"GET"; http_method; content:"/js/afmjqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369219/; classtype:trojan-activity;sid:84232319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369215)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhvuqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369215/; classtype:trojan-activity;sid:84232315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369216)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbaylw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369216/; classtype:trojan-activity;sid:84232316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369213)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yjwuhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369213/; classtype:trojan-activity;sid:84232313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369214)"; flow:established,from_client; content:"GET"; http_method; content:"/js/afmjqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369214/; classtype:trojan-activity;sid:84232314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369209)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wbsoxk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369209/; classtype:trojan-activity;sid:84232309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369210)"; flow:established,from_client; content:"GET"; http_method; content:"/js/unpwzy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369210/; classtype:trojan-activity;sid:84232310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369211)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sezmlk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369211/; classtype:trojan-activity;sid:84232311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369212)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xskyft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369212/; classtype:trojan-activity;sid:84232312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369203)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wbsoxk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369203/; classtype:trojan-activity;sid:84232303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369204)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xeymta.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369204/; classtype:trojan-activity;sid:84232304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369205)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ypevoz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369205/; classtype:trojan-activity;sid:84232305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369206)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gjhoua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369206/; classtype:trojan-activity;sid:84232306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369207)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpdjln.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369207/; classtype:trojan-activity;sid:84232307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369208)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mfzwxd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369208/; classtype:trojan-activity;sid:84232308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369200)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wobhfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369200/; classtype:trojan-activity;sid:84232300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369201)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xskyft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369201/; classtype:trojan-activity;sid:84232301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369202)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mevbzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369202/; classtype:trojan-activity;sid:84232302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369194)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nsvtqg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369194/; classtype:trojan-activity;sid:84232294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369195)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yitvba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369195/; classtype:trojan-activity;sid:84232295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369196)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lfsniz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369196/; classtype:trojan-activity;sid:84232296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369197)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kixrge.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369197/; classtype:trojan-activity;sid:84232297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369198)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcqidx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369198/; classtype:trojan-activity;sid:84232298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369199)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hwpagq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369199/; classtype:trojan-activity;sid:84232299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369188)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hcsftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369188/; classtype:trojan-activity;sid:84232288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369189)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rjlkai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369189/; classtype:trojan-activity;sid:84232289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369190)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wzuigr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369190/; classtype:trojan-activity;sid:84232290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369191)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aybfme.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369191/; classtype:trojan-activity;sid:84232291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369192)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuvshm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369192/; classtype:trojan-activity;sid:84232292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369193)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zibajo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369193/; classtype:trojan-activity;sid:84232293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369186)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idcfeg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369186/; classtype:trojan-activity;sid:84232286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369187)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnjxuw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369187/; classtype:trojan-activity;sid:84232287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369182)"; flow:established,from_client; content:"GET"; http_method; content:"/js/odtvmg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369182/; classtype:trojan-activity;sid:84232282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369183)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ncmzei.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369183/; classtype:trojan-activity;sid:84232283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369184)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eivhfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369184/; classtype:trojan-activity;sid:84232284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369185)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjshmy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369185/; classtype:trojan-activity;sid:84232285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369181)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ydsuwj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369181/; classtype:trojan-activity;sid:84232281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369179)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuvshm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369179/; classtype:trojan-activity;sid:84232279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369180)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gbmctf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369180/; classtype:trojan-activity;sid:84232280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369178)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbhwft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369178/; classtype:trojan-activity;sid:84232278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369176)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jfwdec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369176/; classtype:trojan-activity;sid:84232276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369177)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znxswu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369177/; classtype:trojan-activity;sid:84232277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369175)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dhkuol.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369175/; classtype:trojan-activity;sid:84232275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369171)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cdazps.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369171/; classtype:trojan-activity;sid:84232271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369172)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fenxkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369172/; classtype:trojan-activity;sid:84232272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369173)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wrdyti.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369173/; classtype:trojan-activity;sid:84232273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369174)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ktxayf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369174/; classtype:trojan-activity;sid:84232274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369164)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eicbgw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369164/; classtype:trojan-activity;sid:84232264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369165)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bksnzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369165/; classtype:trojan-activity;sid:84232265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369166)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fsxjnk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369166/; classtype:trojan-activity;sid:84232266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369167)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whokyr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369167/; classtype:trojan-activity;sid:84232267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369168)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhvgrs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369168/; classtype:trojan-activity;sid:84232268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369169)"; flow:established,from_client; content:"GET"; http_method; content:"/js/odtvmg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369169/; classtype:trojan-activity;sid:84232269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369170)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftnyxj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369170/; classtype:trojan-activity;sid:84232270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369159)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eaqbfm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369159/; classtype:trojan-activity;sid:84232259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369160)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jetyiw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369160/; classtype:trojan-activity;sid:84232260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369161)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eivhfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369161/; classtype:trojan-activity;sid:84232261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369162)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cafshz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369162/; classtype:trojan-activity;sid:84232262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369163)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wdgbif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369163/; classtype:trojan-activity;sid:84232263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369157)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bftoze.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369157/; classtype:trojan-activity;sid:84232257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369158)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lczntq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369158/; classtype:trojan-activity;sid:84232258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369155)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hvporw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369155/; classtype:trojan-activity;sid:84232255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369156)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gbmctf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369156/; classtype:trojan-activity;sid:84232256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369149)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yhszqf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369149/; classtype:trojan-activity;sid:84232249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369150)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ldwnqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369150/; classtype:trojan-activity;sid:84232250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369151)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hegofv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369151/; classtype:trojan-activity;sid:84232251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369152)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fenxkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369152/; classtype:trojan-activity;sid:84232252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369153)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qeklsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369153/; classtype:trojan-activity;sid:84232253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369154)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mqufva.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369154/; classtype:trojan-activity;sid:84232254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369146)"; flow:established,from_client; content:"GET"; http_method; content:"/js/flehbm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369146/; classtype:trojan-activity;sid:84232246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369147)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qeklsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369147/; classtype:trojan-activity;sid:84232247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369148)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dsoayr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369148/; classtype:trojan-activity;sid:84232248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369143)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yvetcg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369143/; classtype:trojan-activity;sid:84232243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369144)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wobhfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369144/; classtype:trojan-activity;sid:84232244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369145)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rufnbo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369145/; classtype:trojan-activity;sid:84232245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369141)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lsojgh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369141/; classtype:trojan-activity;sid:84232241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369142)"; flow:established,from_client; content:"GET"; http_method; content:"/js/athupi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369142/; classtype:trojan-activity;sid:84232242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369139)"; flow:established,from_client; content:"GET"; http_method; content:"/js/retcab.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369139/; classtype:trojan-activity;sid:84232239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369140)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wquabs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369140/; classtype:trojan-activity;sid:84232240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369138)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hsalxw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369138/; classtype:trojan-activity;sid:84232238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369133)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdzhjl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369133/; classtype:trojan-activity;sid:84232233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369134)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jbougr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369134/; classtype:trojan-activity;sid:84232234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369135)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuvoxq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369135/; classtype:trojan-activity;sid:84232235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369136)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpytjb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369136/; classtype:trojan-activity;sid:84232236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369137)"; flow:established,from_client; content:"GET"; http_method; content:"/js/esagwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369137/; classtype:trojan-activity;sid:84232237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369131)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xuzens.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369131/; classtype:trojan-activity;sid:84232231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369132)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lhdswc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369132/; classtype:trojan-activity;sid:84232232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369124)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lozwub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369124/; classtype:trojan-activity;sid:84232224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369125)"; flow:established,from_client; content:"GET"; http_method; content:"/js/irmjwl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369125/; classtype:trojan-activity;sid:84232225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369126)"; flow:established,from_client; content:"GET"; http_method; content:"/js/shaovt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369126/; classtype:trojan-activity;sid:84232226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369127)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wdaqet.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369127/; classtype:trojan-activity;sid:84232227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369128)"; flow:established,from_client; content:"GET"; http_method; content:"/js/efcwnv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369128/; classtype:trojan-activity;sid:84232228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369129)"; flow:established,from_client; content:"GET"; http_method; content:"/js/knpfbu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369129/; classtype:trojan-activity;sid:84232229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369130)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnmyqi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369130/; classtype:trojan-activity;sid:84232230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369119)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xpqyub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369119/; classtype:trojan-activity;sid:84232219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369120)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glzfjk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369120/; classtype:trojan-activity;sid:84232220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369121)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fconkp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369121/; classtype:trojan-activity;sid:84232221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369122)"; flow:established,from_client; content:"GET"; http_method; content:"/js/enhozf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369122/; classtype:trojan-activity;sid:84232222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369123)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnjxuw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369123/; classtype:trojan-activity;sid:84232223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369117)"; flow:established,from_client; content:"GET"; http_method; content:"/js/akmsfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369117/; classtype:trojan-activity;sid:84232217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369118)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kyxnuf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369118/; classtype:trojan-activity;sid:84232218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369116)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zhpgbr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369116/; classtype:trojan-activity;sid:84232216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369112)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stwkqg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369112/; classtype:trojan-activity;sid:84232212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369113)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnvzbd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369113/; classtype:trojan-activity;sid:84232213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369114)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hapjcf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369114/; classtype:trojan-activity;sid:84232214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369115)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idcfeg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369115/; classtype:trojan-activity;sid:84232215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369108)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hjpgor.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369108/; classtype:trojan-activity;sid:84232208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369109)"; flow:established,from_client; content:"GET"; http_method; content:"/js/foskub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369109/; classtype:trojan-activity;sid:84232209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369110)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rqopna.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369110/; classtype:trojan-activity;sid:84232210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369111)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vsxmok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369111/; classtype:trojan-activity;sid:84232211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369105)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hmoqtp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369105/; classtype:trojan-activity;sid:84232205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369106)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wobhfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369106/; classtype:trojan-activity;sid:84232206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369107)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vrdwne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369107/; classtype:trojan-activity;sid:84232207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369103)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdmvrk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369103/; classtype:trojan-activity;sid:84232203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369104)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vbxrsh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369104/; classtype:trojan-activity;sid:84232204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369100)"; flow:established,from_client; content:"GET"; http_method; content:"/js/drgftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369100/; classtype:trojan-activity;sid:84232200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369101)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bazydn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369101/; classtype:trojan-activity;sid:84232201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369102)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hamefz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369102/; classtype:trojan-activity;sid:84232202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369098)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmfoys.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369098/; classtype:trojan-activity;sid:84232198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369099)"; flow:established,from_client; content:"GET"; http_method; content:"/js/umzebq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369099/; classtype:trojan-activity;sid:84232199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369096)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kltrfy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369096/; classtype:trojan-activity;sid:84232196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369097)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skjpfh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369097/; classtype:trojan-activity;sid:84232197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369091)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gfsplo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369091/; classtype:trojan-activity;sid:84232191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369092)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hwpagq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369092/; classtype:trojan-activity;sid:84232192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369093)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jyochl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369093/; classtype:trojan-activity;sid:84232193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369094)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zljwks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369094/; classtype:trojan-activity;sid:84232194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369095)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qcfibe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369095/; classtype:trojan-activity;sid:84232195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369089)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxzuvb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369089/; classtype:trojan-activity;sid:84232189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369090)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cnduef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369090/; classtype:trojan-activity;sid:84232190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369079)"; flow:established,from_client; content:"GET"; http_method; content:"/js/twymph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369079/; classtype:trojan-activity;sid:84232179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369080)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gzsjed.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369080/; classtype:trojan-activity;sid:84232180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369081)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkocxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369081/; classtype:trojan-activity;sid:84232181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369082)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnmyqi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369082/; classtype:trojan-activity;sid:84232182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369083)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fuedsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369083/; classtype:trojan-activity;sid:84232183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369084)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bqpmtr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369084/; classtype:trojan-activity;sid:84232184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369085)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pqxyjc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369085/; classtype:trojan-activity;sid:84232185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369086)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jsbkec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369086/; classtype:trojan-activity;sid:84232186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369087)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltdnki.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369087/; classtype:trojan-activity;sid:84232187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369088)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cusemi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369088/; classtype:trojan-activity;sid:84232188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369076)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dmhjua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369076/; classtype:trojan-activity;sid:84232176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369077)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kjdzyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369077/; classtype:trojan-activity;sid:84232177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369078)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pruzif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369078/; classtype:trojan-activity;sid:84232178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369074)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kvjcwu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369074/; classtype:trojan-activity;sid:84232174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369075)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cdazps.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369075/; classtype:trojan-activity;sid:84232175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369071)"; flow:established,from_client; content:"GET"; http_method; content:"/js/exnwkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369071/; classtype:trojan-activity;sid:84232171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369072)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gbqisj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369072/; classtype:trojan-activity;sid:84232172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369073)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zlsyom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369073/; classtype:trojan-activity;sid:84232173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369070)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atbmcv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369070/; classtype:trojan-activity;sid:84232170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369069)"; flow:established,from_client; content:"GET"; http_method; content:"/js/frcvbw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369069/; classtype:trojan-activity;sid:84232169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369068)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ovnfdt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369068/; classtype:trojan-activity;sid:84232168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369065)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dzayik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369065/; classtype:trojan-activity;sid:84232165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369066)"; flow:established,from_client; content:"GET"; http_method; content:"/js/szoujy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369066/; classtype:trojan-activity;sid:84232166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369067)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykgnts.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369067/; classtype:trojan-activity;sid:84232167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369064)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdmvrk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369064/; classtype:trojan-activity;sid:84232164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369063)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuvoxq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369063/; classtype:trojan-activity;sid:84232163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369062)"; flow:established,from_client; content:"GET"; http_method; content:"/js/okmnjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369062/; classtype:trojan-activity;sid:84232162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369059)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftpido.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369059/; classtype:trojan-activity;sid:84232159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369060)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnvzbd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369060/; classtype:trojan-activity;sid:84232160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369061)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mgfldi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369061/; classtype:trojan-activity;sid:84232161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369056)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ipcfyq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369056/; classtype:trojan-activity;sid:84232156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369057)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bnfzji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369057/; classtype:trojan-activity;sid:84232157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369058)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lsovum.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369058/; classtype:trojan-activity;sid:84232158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369049)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpdjln.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369049/; classtype:trojan-activity;sid:84232149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369050)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kwuisd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369050/; classtype:trojan-activity;sid:84232150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369051)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucvlao.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369051/; classtype:trojan-activity;sid:84232151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369052)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xotpfa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369052/; classtype:trojan-activity;sid:84232152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369053)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nyovtk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369053/; classtype:trojan-activity;sid:84232153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369054)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyxudg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369054/; classtype:trojan-activity;sid:84232154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369055)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xlgyhf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369055/; classtype:trojan-activity;sid:84232155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369044)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vzenut.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369044/; classtype:trojan-activity;sid:84232144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369045)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lwpefs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369045/; classtype:trojan-activity;sid:84232145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369046)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jmpion.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369046/; classtype:trojan-activity;sid:84232146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369047)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djtukm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369047/; classtype:trojan-activity;sid:84232147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369048)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcqidx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369048/; classtype:trojan-activity;sid:84232148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369042)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ctrnow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369042/; classtype:trojan-activity;sid:84232142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369043)"; flow:established,from_client; content:"GET"; http_method; content:"/js/muwtfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369043/; classtype:trojan-activity;sid:84232143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369036)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kixrge.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369036/; classtype:trojan-activity;sid:84232136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369037)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znrmco.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369037/; classtype:trojan-activity;sid:84232137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369038)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bgwdlq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369038/; classtype:trojan-activity;sid:84232138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369039)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skhjtc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369039/; classtype:trojan-activity;sid:84232139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369040)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mptsrb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369040/; classtype:trojan-activity;sid:84232140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369041)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftgiow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369041/; classtype:trojan-activity;sid:84232141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369033)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpdjln.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369033/; classtype:trojan-activity;sid:84232133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369034)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvwent.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369034/; classtype:trojan-activity;sid:84232134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369035)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bksnzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369035/; classtype:trojan-activity;sid:84232135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369031)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whtjex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369031/; classtype:trojan-activity;sid:84232131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369032)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fenjvr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369032/; classtype:trojan-activity;sid:84232132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369027)"; flow:established,from_client; content:"GET"; http_method; content:"/js/piwvzg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369027/; classtype:trojan-activity;sid:84232127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369028)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bymvne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369028/; classtype:trojan-activity;sid:84232128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369029)"; flow:established,from_client; content:"GET"; http_method; content:"/js/alzgdf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369029/; classtype:trojan-activity;sid:84232129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369030)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gmrkwh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369030/; classtype:trojan-activity;sid:84232130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369025)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skrbil.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369025/; classtype:trojan-activity;sid:84232125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369026)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kemhaw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369026/; classtype:trojan-activity;sid:84232126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369024)"; flow:established,from_client; content:"GET"; http_method; content:"/js/quwtdl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369024/; classtype:trojan-activity;sid:84232124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369021)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnxjiu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369021/; classtype:trojan-activity;sid:84232121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369022)"; flow:established,from_client; content:"GET"; http_method; content:"/js/newkcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369022/; classtype:trojan-activity;sid:84232122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369023)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mkughj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369023/; classtype:trojan-activity;sid:84232123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369020)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jbougr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369020/; classtype:trojan-activity;sid:84232120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369016)"; flow:established,from_client; content:"GET"; http_method; content:"/js/grwsed.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369016/; classtype:trojan-activity;sid:84232116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369017)"; flow:established,from_client; content:"GET"; http_method; content:"/js/okmnjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369017/; classtype:trojan-activity;sid:84232117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369018)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apwisr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369018/; classtype:trojan-activity;sid:84232118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369019)"; flow:established,from_client; content:"GET"; http_method; content:"/js/knpfbu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369019/; classtype:trojan-activity;sid:84232119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369014)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bpyjmd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369014/; classtype:trojan-activity;sid:84232114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369015)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hljwts.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369015/; classtype:trojan-activity;sid:84232115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369006)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fltyha.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369006/; classtype:trojan-activity;sid:84232106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369007)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjukql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369007/; classtype:trojan-activity;sid:84232107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369008)"; flow:established,from_client; content:"GET"; http_method; content:"/js/medsqw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369008/; classtype:trojan-activity;sid:84232108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369009)"; flow:established,from_client; content:"GET"; http_method; content:"/js/shaovt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369009/; classtype:trojan-activity;sid:84232109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369010)"; flow:established,from_client; content:"GET"; http_method; content:"/js/otlsbz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369010/; classtype:trojan-activity;sid:84232110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369011)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jnfesb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369011/; classtype:trojan-activity;sid:84232111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369012)"; flow:established,from_client; content:"GET"; http_method; content:"/js/patlqx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369012/; classtype:trojan-activity;sid:84232112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369013)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lozwub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369013/; classtype:trojan-activity;sid:84232113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369000)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qpszhk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369000/; classtype:trojan-activity;sid:84232100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369001)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gansqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369001/; classtype:trojan-activity;sid:84232101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369002)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bpyjmd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369002/; classtype:trojan-activity;sid:84232102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369003)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bjewxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369003/; classtype:trojan-activity;sid:84232103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369004)"; flow:established,from_client; content:"GET"; http_method; content:"/js/surtfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369004/; classtype:trojan-activity;sid:84232104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3369005)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jeighd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3369005/; classtype:trojan-activity;sid:84232105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368996)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sdfjyu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368996/; classtype:trojan-activity;sid:84232096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368997)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ybqour.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368997/; classtype:trojan-activity;sid:84232097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368998)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bzclen.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368998/; classtype:trojan-activity;sid:84232098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368999)"; flow:established,from_client; content:"GET"; http_method; content:"/js/owzlim.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368999/; classtype:trojan-activity;sid:84232099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368992)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glkovy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368992/; classtype:trojan-activity;sid:84232092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368993)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxfodm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368993/; classtype:trojan-activity;sid:84232093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368994)"; flow:established,from_client; content:"GET"; http_method; content:"/js/srnjva.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368994/; classtype:trojan-activity;sid:84232094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368995)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bzscvg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368995/; classtype:trojan-activity;sid:84232095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368990)"; flow:established,from_client; content:"GET"; http_method; content:"/js/piwvzg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368990/; classtype:trojan-activity;sid:84232090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368991)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glebqm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368991/; classtype:trojan-activity;sid:84232091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368988)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kyxnuf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368988/; classtype:trojan-activity;sid:84232088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368989)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpglbq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368989/; classtype:trojan-activity;sid:84232089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368987)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gvqkyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368987/; classtype:trojan-activity;sid:84232087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368985)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpoikg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368985/; classtype:trojan-activity;sid:84232085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368986)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yhszqf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368986/; classtype:trojan-activity;sid:84232086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368984)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nmoyjz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368984/; classtype:trojan-activity;sid:84232084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368982)"; flow:established,from_client; content:"GET"; http_method; content:"/js/patlqx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368982/; classtype:trojan-activity;sid:84232082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368983)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fzcobw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368983/; classtype:trojan-activity;sid:84232083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368974)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cfjrvu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368974/; classtype:trojan-activity;sid:84232074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368975)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zyhfex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368975/; classtype:trojan-activity;sid:84232075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368976)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mcoftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368976/; classtype:trojan-activity;sid:84232076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368977)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvwent.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368977/; classtype:trojan-activity;sid:84232077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368978)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dcwanm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368978/; classtype:trojan-activity;sid:84232078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368979)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrbwyu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368979/; classtype:trojan-activity;sid:84232079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368980)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znxswu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368980/; classtype:trojan-activity;sid:84232080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368981)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vexzha.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368981/; classtype:trojan-activity;sid:84232081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368967)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nmsujh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368967/; classtype:trojan-activity;sid:84232067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368968)"; flow:established,from_client; content:"GET"; http_method; content:"/js/arpufx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368968/; classtype:trojan-activity;sid:84232068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368969)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyxgwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368969/; classtype:trojan-activity;sid:84232069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368970)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uszyql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368970/; classtype:trojan-activity;sid:84232070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368971)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltdnki.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368971/; classtype:trojan-activity;sid:84232071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368972)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bcertv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368972/; classtype:trojan-activity;sid:84232072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368973)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iyjdpm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368973/; classtype:trojan-activity;sid:84232073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368962)"; flow:established,from_client; content:"GET"; http_method; content:"/js/clwnai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368962/; classtype:trojan-activity;sid:84232062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368963)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fkadbt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368963/; classtype:trojan-activity;sid:84232063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368964)"; flow:established,from_client; content:"GET"; http_method; content:"/js/isygcv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368964/; classtype:trojan-activity;sid:84232064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368965)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nadbor.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368965/; classtype:trojan-activity;sid:84232065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368966)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcqjbh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368966/; classtype:trojan-activity;sid:84232066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368957)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucorwt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368957/; classtype:trojan-activity;sid:84232057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368958)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jyochl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368958/; classtype:trojan-activity;sid:84232058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368959)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rscwtp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368959/; classtype:trojan-activity;sid:84232059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368960)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uilxhz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368960/; classtype:trojan-activity;sid:84232060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368961)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhvuqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368961/; classtype:trojan-activity;sid:84232061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368952)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbhvcm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368952/; classtype:trojan-activity;sid:84232052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368953)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gfsplo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368953/; classtype:trojan-activity;sid:84232053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368954)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yqnoez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368954/; classtype:trojan-activity;sid:84232054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368955)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tgivra.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368955/; classtype:trojan-activity;sid:84232055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368956)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvohfy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368956/; classtype:trojan-activity;sid:84232056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368950)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tozpxi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368950/; classtype:trojan-activity;sid:84232050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368951)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrdywl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368951/; classtype:trojan-activity;sid:84232051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368948)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxbgma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368948/; classtype:trojan-activity;sid:84232048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368949)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wmlxpy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368949/; classtype:trojan-activity;sid:84232049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368947)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbuvxf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368947/; classtype:trojan-activity;sid:84232047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368945)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hvporw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368945/; classtype:trojan-activity;sid:84232045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368946)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yxkdji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368946/; classtype:trojan-activity;sid:84232046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368941)"; flow:established,from_client; content:"GET"; http_method; content:"/js/msfkoe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368941/; classtype:trojan-activity;sid:84232041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368942)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kxcqzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368942/; classtype:trojan-activity;sid:84232042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368943)"; flow:established,from_client; content:"GET"; http_method; content:"/js/infbzq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368943/; classtype:trojan-activity;sid:84232043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368944)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gipart.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368944/; classtype:trojan-activity;sid:84232044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368937)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvzyka.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368937/; classtype:trojan-activity;sid:84232037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368938)"; flow:established,from_client; content:"GET"; http_method; content:"/js/szoujy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368938/; classtype:trojan-activity;sid:84232038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368939)"; flow:established,from_client; content:"GET"; http_method; content:"/js/elqgwv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368939/; classtype:trojan-activity;sid:84232039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368940)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bcvmok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368940/; classtype:trojan-activity;sid:84232040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368935)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jfwdec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368935/; classtype:trojan-activity;sid:84232035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368936)"; flow:established,from_client; content:"GET"; http_method; content:"/js/logjmx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368936/; classtype:trojan-activity;sid:84232036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368932)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lafizx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368932/; classtype:trojan-activity;sid:84232032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368933)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lwpefs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368933/; classtype:trojan-activity;sid:84232033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368934)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dimekn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368934/; classtype:trojan-activity;sid:84232034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368926)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hufeid.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368926/; classtype:trojan-activity;sid:84232026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368927)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fltyha.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368927/; classtype:trojan-activity;sid:84232027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368928)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtnlzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368928/; classtype:trojan-activity;sid:84232028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368929)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbrvxl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368929/; classtype:trojan-activity;sid:84232029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368930)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eytofc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368930/; classtype:trojan-activity;sid:84232030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368931)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvwent.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368931/; classtype:trojan-activity;sid:84232031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368919)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aweqxl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368919/; classtype:trojan-activity;sid:84232019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368920)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcqjbh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368920/; classtype:trojan-activity;sid:84232020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368921)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rqopna.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368921/; classtype:trojan-activity;sid:84232021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368922)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zvhmne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368922/; classtype:trojan-activity;sid:84232022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368923)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhvgrs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368923/; classtype:trojan-activity;sid:84232023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368924)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qasuzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368924/; classtype:trojan-activity;sid:84232024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368925)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ukfjeq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368925/; classtype:trojan-activity;sid:84232025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368916)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbomky.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368916/; classtype:trojan-activity;sid:84232016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368917)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aivfhm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368917/; classtype:trojan-activity;sid:84232017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368918)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dfrwix.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368918/; classtype:trojan-activity;sid:84232018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368913)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kemhaw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368913/; classtype:trojan-activity;sid:84232013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368914)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xzinom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368914/; classtype:trojan-activity;sid:84232014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368915)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yxkdji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368915/; classtype:trojan-activity;sid:84232015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368910)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxzuvb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368910/; classtype:trojan-activity;sid:84232010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368911)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zqgfeo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368911/; classtype:trojan-activity;sid:84232011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368912)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cfjrvu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368912/; classtype:trojan-activity;sid:84232012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368909)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zqgfeo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368909/; classtype:trojan-activity;sid:84232009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368908)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnjvsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368908/; classtype:trojan-activity;sid:84232008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368907)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bmcrfh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368907/; classtype:trojan-activity;sid:84232007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368906)"; flow:established,from_client; content:"GET"; http_method; content:"/js/txwhkb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368906/; classtype:trojan-activity;sid:84232006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368905)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wquabs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368905/; classtype:trojan-activity;sid:84232005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368901)"; flow:established,from_client; content:"GET"; http_method; content:"/js/muwtfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368901/; classtype:trojan-activity;sid:84232001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368902)"; flow:established,from_client; content:"GET"; http_method; content:"/js/csqhyv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368902/; classtype:trojan-activity;sid:84232002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368903)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jewltz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368903/; classtype:trojan-activity;sid:84232003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368904)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bcvmok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368904/; classtype:trojan-activity;sid:84232004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368899)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yrnebj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368899/; classtype:trojan-activity;sid:84231999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368900)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vwqcpe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368900/; classtype:trojan-activity;sid:84232000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368893)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmszvh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368893/; classtype:trojan-activity;sid:84231993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368894)"; flow:established,from_client; content:"GET"; http_method; content:"/js/diktcx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368894/; classtype:trojan-activity;sid:84231994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368895)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pykqbg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368895/; classtype:trojan-activity;sid:84231995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368896)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zmpafn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368896/; classtype:trojan-activity;sid:84231996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368897)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vkbxyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368897/; classtype:trojan-activity;sid:84231997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368898)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xrwuby.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368898/; classtype:trojan-activity;sid:84231998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368885)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjovbi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368885/; classtype:trojan-activity;sid:84231985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368886)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ulvson.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368886/; classtype:trojan-activity;sid:84231986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368887)"; flow:established,from_client; content:"GET"; http_method; content:"/js/msfkoe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368887/; classtype:trojan-activity;sid:84231987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368888)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wmlxpy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368888/; classtype:trojan-activity;sid:84231988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368889)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyxudg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368889/; classtype:trojan-activity;sid:84231989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368890)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rscwtp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368890/; classtype:trojan-activity;sid:84231990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368891)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuvoxq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368891/; classtype:trojan-activity;sid:84231991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368892)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yrnebj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368892/; classtype:trojan-activity;sid:84231992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368879)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nmoyjz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368879/; classtype:trojan-activity;sid:84231979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368880)"; flow:established,from_client; content:"GET"; http_method; content:"/js/msiucg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368880/; classtype:trojan-activity;sid:84231980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368881)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djiowm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368881/; classtype:trojan-activity;sid:84231981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368882)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lsovum.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368882/; classtype:trojan-activity;sid:84231982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368883)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vnmizb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368883/; classtype:trojan-activity;sid:84231983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368884)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxfodm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368884/; classtype:trojan-activity;sid:84231984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368875)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vwqcpe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368875/; classtype:trojan-activity;sid:84231975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368876)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jeighd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368876/; classtype:trojan-activity;sid:84231976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368877)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xnhimz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368877/; classtype:trojan-activity;sid:84231977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368878)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ydhrfe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368878/; classtype:trojan-activity;sid:84231978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368870)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fgkiep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368870/; classtype:trojan-activity;sid:84231970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368871)"; flow:established,from_client; content:"GET"; http_method; content:"/js/exnwkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368871/; classtype:trojan-activity;sid:84231971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368872)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bsuyhj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368872/; classtype:trojan-activity;sid:84231972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368873)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zqugpa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368873/; classtype:trojan-activity;sid:84231973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368874)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xpqyub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368874/; classtype:trojan-activity;sid:84231974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368867)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stwkqg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368867/; classtype:trojan-activity;sid:84231967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368868)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhrnse.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368868/; classtype:trojan-activity;sid:84231968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368869)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ezpqta.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368869/; classtype:trojan-activity;sid:84231969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368862)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qcfibe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368862/; classtype:trojan-activity;sid:84231962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368863)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cexudy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368863/; classtype:trojan-activity;sid:84231963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368864)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qfaxth.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368864/; classtype:trojan-activity;sid:84231964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368865)"; flow:established,from_client; content:"GET"; http_method; content:"/js/drgftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368865/; classtype:trojan-activity;sid:84231965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368866)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kldhuq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368866/; classtype:trojan-activity;sid:84231966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.116.218.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368861/; classtype:trojan-activity;sid:84231961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368859)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uxqhds.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368859/; classtype:trojan-activity;sid:84231959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368860)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mqufva.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368860/; classtype:trojan-activity;sid:84231960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368856)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tmgdkz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368856/; classtype:trojan-activity;sid:84231956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368857)"; flow:established,from_client; content:"GET"; http_method; content:"/js/odtvmg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368857/; classtype:trojan-activity;sid:84231957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368858)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mierfl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368858/; classtype:trojan-activity;sid:84231958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368852)"; flow:established,from_client; content:"GET"; http_method; content:"/js/owzlim.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368852/; classtype:trojan-activity;sid:84231952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368853)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mljgai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368853/; classtype:trojan-activity;sid:84231953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368854)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fuedsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368854/; classtype:trojan-activity;sid:84231954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368855)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wbsoxk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368855/; classtype:trojan-activity;sid:84231955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368848)"; flow:established,from_client; content:"GET"; http_method; content:"/js/otlsbz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368848/; classtype:trojan-activity;sid:84231948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368849)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uidphw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368849/; classtype:trojan-activity;sid:84231949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368850)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvrqtl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368850/; classtype:trojan-activity;sid:84231950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368851)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zawmxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368851/; classtype:trojan-activity;sid:84231951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368841)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmsnvu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368841/; classtype:trojan-activity;sid:84231941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368842)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kynazr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368842/; classtype:trojan-activity;sid:84231942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368843)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vzenut.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368843/; classtype:trojan-activity;sid:84231943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368844)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iyjdpm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368844/; classtype:trojan-activity;sid:84231944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368845)"; flow:established,from_client; content:"GET"; http_method; content:"/js/umzebq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368845/; classtype:trojan-activity;sid:84231945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368846)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xirksj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368846/; classtype:trojan-activity;sid:84231946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368847)"; flow:established,from_client; content:"GET"; http_method; content:"/js/juilvp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368847/; classtype:trojan-activity;sid:84231947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368834)"; flow:established,from_client; content:"GET"; http_method; content:"/js/inkxgs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368834/; classtype:trojan-activity;sid:84231934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368835)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxbgma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368835/; classtype:trojan-activity;sid:84231935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368836)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hegofv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368836/; classtype:trojan-activity;sid:84231936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368837)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qjwnsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368837/; classtype:trojan-activity;sid:84231937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368838)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vdqlnz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368838/; classtype:trojan-activity;sid:84231938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368839)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hapjcf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368839/; classtype:trojan-activity;sid:84231939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368840)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gvqkyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368840/; classtype:trojan-activity;sid:84231940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368832)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fljxes.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368832/; classtype:trojan-activity;sid:84231932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368833)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kjdzyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368833/; classtype:trojan-activity;sid:84231933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368827)"; flow:established,from_client; content:"GET"; http_method; content:"/js/srnjva.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368827/; classtype:trojan-activity;sid:84231927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368828)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xlwuak.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368828/; classtype:trojan-activity;sid:84231928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368829)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pnocqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368829/; classtype:trojan-activity;sid:84231929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368830)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gotnlm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368830/; classtype:trojan-activity;sid:84231930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368831)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbrvxl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368831/; classtype:trojan-activity;sid:84231931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368821)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rufnbo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368821/; classtype:trojan-activity;sid:84231921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368822)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbhwft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368822/; classtype:trojan-activity;sid:84231922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368823)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ndarqe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368823/; classtype:trojan-activity;sid:84231923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368824)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmsnvu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368824/; classtype:trojan-activity;sid:84231924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368825)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znrmco.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368825/; classtype:trojan-activity;sid:84231925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368826)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chvjrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368826/; classtype:trojan-activity;sid:84231926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368818)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bmcrfh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368818/; classtype:trojan-activity;sid:84231918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368819)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qatijs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368819/; classtype:trojan-activity;sid:84231919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368820)"; flow:established,from_client; content:"GET"; http_method; content:"/js/csqhyv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368820/; classtype:trojan-activity;sid:84231920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368816)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kwuisd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368816/; classtype:trojan-activity;sid:84231916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368817)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzbcfd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368817/; classtype:trojan-activity;sid:84231917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368814)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lafizx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368814/; classtype:trojan-activity;sid:84231914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368815)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gbqisj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368815/; classtype:trojan-activity;sid:84231915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368811)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tozpxi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368811/; classtype:trojan-activity;sid:84231911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368812)"; flow:established,from_client; content:"GET"; http_method; content:"/js/emuzcj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368812/; classtype:trojan-activity;sid:84231912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368813)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mcoftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368813/; classtype:trojan-activity;sid:84231913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368801)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eyxpjz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368801/; classtype:trojan-activity;sid:84231901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368802)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tgivra.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368802/; classtype:trojan-activity;sid:84231902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368803)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzxdwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368803/; classtype:trojan-activity;sid:84231903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368804)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nmsujh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368804/; classtype:trojan-activity;sid:84231904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368805)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzdvkx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368805/; classtype:trojan-activity;sid:84231905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368806)"; flow:established,from_client; content:"GET"; http_method; content:"/js/npukdv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368806/; classtype:trojan-activity;sid:84231906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368807)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xuzens.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368807/; classtype:trojan-activity;sid:84231907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368808)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhwepz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368808/; classtype:trojan-activity;sid:84231908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368809)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pqxyjc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368809/; classtype:trojan-activity;sid:84231909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368810)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zmpafn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368810/; classtype:trojan-activity;sid:84231910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368799)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dawgjr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368799/; classtype:trojan-activity;sid:84231899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368800)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mfpwko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368800/; classtype:trojan-activity;sid:84231900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368794)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmszvh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368794/; classtype:trojan-activity;sid:84231894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368795)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kjnidy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368795/; classtype:trojan-activity;sid:84231895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368796)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eytofc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368796/; classtype:trojan-activity;sid:84231896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368797)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmyijc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368797/; classtype:trojan-activity;sid:84231897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368798)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dkwozi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368798/; classtype:trojan-activity;sid:84231898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368792)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifnvqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368792/; classtype:trojan-activity;sid:84231892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368793)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltdnki.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368793/; classtype:trojan-activity;sid:84231893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368790)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qemywl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368790/; classtype:trojan-activity;sid:84231890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368791)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcqidx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368791/; classtype:trojan-activity;sid:84231891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368784)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyvhof.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368784/; classtype:trojan-activity;sid:84231884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368785)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stbyrl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368785/; classtype:trojan-activity;sid:84231885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368786)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buzpag.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368786/; classtype:trojan-activity;sid:84231886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368787)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnviot.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368787/; classtype:trojan-activity;sid:84231887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368788)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wgsrda.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368788/; classtype:trojan-activity;sid:84231888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368789)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uxqhds.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368789/; classtype:trojan-activity;sid:84231889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368782)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ndarqe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368782/; classtype:trojan-activity;sid:84231882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368783)"; flow:established,from_client; content:"GET"; http_method; content:"/js/deirlj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368783/; classtype:trojan-activity;sid:84231883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368780)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jnlkap.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368780/; classtype:trojan-activity;sid:84231880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368781)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hmdwoj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368781/; classtype:trojan-activity;sid:84231881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368774)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hsalxw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368774/; classtype:trojan-activity;sid:84231874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368775)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bmcrfh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368775/; classtype:trojan-activity;sid:84231875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368776)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnjvsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368776/; classtype:trojan-activity;sid:84231876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368777)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtapwo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368777/; classtype:trojan-activity;sid:84231877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368778)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gipart.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368778/; classtype:trojan-activity;sid:84231878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368779)"; flow:established,from_client; content:"GET"; http_method; content:"/js/unpwzy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368779/; classtype:trojan-activity;sid:84231879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368768)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taypgl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368768/; classtype:trojan-activity;sid:84231868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368769)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvrqtl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368769/; classtype:trojan-activity;sid:84231869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368770)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mdlnqa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368770/; classtype:trojan-activity;sid:84231870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368771)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vnmizb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368771/; classtype:trojan-activity;sid:84231871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368772)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gevhks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368772/; classtype:trojan-activity;sid:84231872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368773)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nadbor.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368773/; classtype:trojan-activity;sid:84231873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368763)"; flow:established,from_client; content:"GET"; http_method; content:"/js/esagwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368763/; classtype:trojan-activity;sid:84231863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368764)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bqpmtr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368764/; classtype:trojan-activity;sid:84231864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368765)"; flow:established,from_client; content:"GET"; http_method; content:"/js/irmjwl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368765/; classtype:trojan-activity;sid:84231865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368766)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ptmnwy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368766/; classtype:trojan-activity;sid:84231866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368767)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aivfhm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368767/; classtype:trojan-activity;sid:84231867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368759)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dnbuqz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368759/; classtype:trojan-activity;sid:84231859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368760)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apwisr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368760/; classtype:trojan-activity;sid:84231860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368761)"; flow:established,from_client; content:"GET"; http_method; content:"/js/arfejg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368761/; classtype:trojan-activity;sid:84231861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368762)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kjnidy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368762/; classtype:trojan-activity;sid:84231862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368757)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xkafls.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368757/; classtype:trojan-activity;sid:84231857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368758)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sbdgnc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368758/; classtype:trojan-activity;sid:84231858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368756)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhqfza.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368756/; classtype:trojan-activity;sid:84231856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368751)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eucwkz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368751/; classtype:trojan-activity;sid:84231851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368752)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dnbuqz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368752/; classtype:trojan-activity;sid:84231852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368753)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vuniot.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368753/; classtype:trojan-activity;sid:84231853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368754)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aipojd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368754/; classtype:trojan-activity;sid:84231854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368755)"; flow:established,from_client; content:"GET"; http_method; content:"/js/othnqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368755/; classtype:trojan-activity;sid:84231855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368746)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zawmxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368746/; classtype:trojan-activity;sid:84231846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368747)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whtjex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368747/; classtype:trojan-activity;sid:84231847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368748)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyxgwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368748/; classtype:trojan-activity;sid:84231848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368749)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mapjte.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368749/; classtype:trojan-activity;sid:84231849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368750)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uregky.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368750/; classtype:trojan-activity;sid:84231850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368743)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pysbgm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368743/; classtype:trojan-activity;sid:84231843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368744)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xpqyub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368744/; classtype:trojan-activity;sid:84231844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368745)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbofah.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368745/; classtype:trojan-activity;sid:84231845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368738)"; flow:established,from_client; content:"GET"; http_method; content:"/js/alzgdf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368738/; classtype:trojan-activity;sid:84231838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368739)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oaugym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368739/; classtype:trojan-activity;sid:84231839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368740)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmszvh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368740/; classtype:trojan-activity;sid:84231840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368741)"; flow:established,from_client; content:"GET"; http_method; content:"/js/paifct.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368741/; classtype:trojan-activity;sid:84231841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368742)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jtnebv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368742/; classtype:trojan-activity;sid:84231842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368732)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jgukrx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368732/; classtype:trojan-activity;sid:84231832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368733)"; flow:established,from_client; content:"GET"; http_method; content:"/js/juvwhm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368733/; classtype:trojan-activity;sid:84231833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368734)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jyhdca.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368734/; classtype:trojan-activity;sid:84231834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368735)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kltrfy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368735/; classtype:trojan-activity;sid:84231835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368736)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ktxayf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368736/; classtype:trojan-activity;sid:84231836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368737)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gevhks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368737/; classtype:trojan-activity;sid:84231837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368731)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skhjtc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368731/; classtype:trojan-activity;sid:84231831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368727)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yhszqf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368727/; classtype:trojan-activity;sid:84231827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368728)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vzenut.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368728/; classtype:trojan-activity;sid:84231828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368729)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltpmzy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368729/; classtype:trojan-activity;sid:84231829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368730)"; flow:established,from_client; content:"GET"; http_method; content:"/js/newkcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368730/; classtype:trojan-activity;sid:84231830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368721)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nfimsr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368721/; classtype:trojan-activity;sid:84231821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368722)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhwepz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368722/; classtype:trojan-activity;sid:84231822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368723)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxbgma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368723/; classtype:trojan-activity;sid:84231823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368724)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hitguk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368724/; classtype:trojan-activity;sid:84231824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368725)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skrbil.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368725/; classtype:trojan-activity;sid:84231825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368726)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xkafls.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368726/; classtype:trojan-activity;sid:84231826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368716)"; flow:established,from_client; content:"GET"; http_method; content:"/js/retcab.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368716/; classtype:trojan-activity;sid:84231816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368717)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ghksto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368717/; classtype:trojan-activity;sid:84231817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368718)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kawmyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368718/; classtype:trojan-activity;sid:84231818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368719)"; flow:established,from_client; content:"GET"; http_method; content:"/js/drgftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368719/; classtype:trojan-activity;sid:84231819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368720)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykgnts.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368720/; classtype:trojan-activity;sid:84231820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368715)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucvlao.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368715/; classtype:trojan-activity;sid:84231815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368713)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hrtncs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368713/; classtype:trojan-activity;sid:84231813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368714)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ehwdpq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368714/; classtype:trojan-activity;sid:84231814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368712)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qjwnsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368712/; classtype:trojan-activity;sid:84231812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368706)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kjnidy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368706/; classtype:trojan-activity;sid:84231806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368707)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uvkqxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368707/; classtype:trojan-activity;sid:84231807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368708)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gfsplo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368708/; classtype:trojan-activity;sid:84231808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368709)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zvqgph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368709/; classtype:trojan-activity;sid:84231809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368710)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hamefz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368710/; classtype:trojan-activity;sid:84231810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368711)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sezmlk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368711/; classtype:trojan-activity;sid:84231811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368704)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qycavu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368704/; classtype:trojan-activity;sid:84231804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368705)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lneyjh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368705/; classtype:trojan-activity;sid:84231805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368698)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cnduef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368698/; classtype:trojan-activity;sid:84231798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368699)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stejwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368699/; classtype:trojan-activity;sid:84231799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368700)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vkbxyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368700/; classtype:trojan-activity;sid:84231800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368701)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zouans.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368701/; classtype:trojan-activity;sid:84231801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368702)"; flow:established,from_client; content:"GET"; http_method; content:"/js/msiucg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368702/; classtype:trojan-activity;sid:84231802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368703)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lczntq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368703/; classtype:trojan-activity;sid:84231803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368690)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zvhmne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368690/; classtype:trojan-activity;sid:84231790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368691)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyxudg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368691/; classtype:trojan-activity;sid:84231791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368692)"; flow:established,from_client; content:"GET"; http_method; content:"/js/priola.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368692/; classtype:trojan-activity;sid:84231792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368693)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lfsniz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368693/; classtype:trojan-activity;sid:84231793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368694)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djiowm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368694/; classtype:trojan-activity;sid:84231794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368695)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ipcfyq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368695/; classtype:trojan-activity;sid:84231795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368696)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hrtncs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368696/; classtype:trojan-activity;sid:84231796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368697)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xrwuby.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368697/; classtype:trojan-activity;sid:84231797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368688)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dawgjr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368688/; classtype:trojan-activity;sid:84231788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368689)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zyhfex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368689/; classtype:trojan-activity;sid:84231789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368685)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvohfy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368685/; classtype:trojan-activity;sid:84231785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368686)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbomky.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368686/; classtype:trojan-activity;sid:84231786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368687)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hzsfvj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368687/; classtype:trojan-activity;sid:84231787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368681)"; flow:established,from_client; content:"GET"; http_method; content:"/js/medsqw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368681/; classtype:trojan-activity;sid:84231781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368682)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taljsu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368682/; classtype:trojan-activity;sid:84231782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368683)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buzpag.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368683/; classtype:trojan-activity;sid:84231783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368684)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xanfzm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368684/; classtype:trojan-activity;sid:84231784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368679)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pnocqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368679/; classtype:trojan-activity;sid:84231779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368680)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuvshm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368680/; classtype:trojan-activity;sid:84231780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368676)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pzxrbd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368676/; classtype:trojan-activity;sid:84231776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368677)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kvjcwu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368677/; classtype:trojan-activity;sid:84231777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368678)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qycavu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368678/; classtype:trojan-activity;sid:84231778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368674)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xrwuby.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368674/; classtype:trojan-activity;sid:84231774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368675)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmexdh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368675/; classtype:trojan-activity;sid:84231775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368673)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xotpfa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368673/; classtype:trojan-activity;sid:84231773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368672)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cexirv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368672/; classtype:trojan-activity;sid:84231772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368666)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fmepyv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368666/; classtype:trojan-activity;sid:84231766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368667)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxkipn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368667/; classtype:trojan-activity;sid:84231767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368668)"; flow:established,from_client; content:"GET"; http_method; content:"/js/flehbm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368668/; classtype:trojan-activity;sid:84231768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368669)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wjqosp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368669/; classtype:trojan-activity;sid:84231769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368670)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kelsjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368670/; classtype:trojan-activity;sid:84231770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.67.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368671/; classtype:trojan-activity;sid:84231771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368657)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hwpagq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368657/; classtype:trojan-activity;sid:84231757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368658)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yitvba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368658/; classtype:trojan-activity;sid:84231758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368659)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vlxcgi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368659/; classtype:trojan-activity;sid:84231759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368660)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbhvcm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368660/; classtype:trojan-activity;sid:84231760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368661)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qgjoih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368661/; classtype:trojan-activity;sid:84231761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368662)"; flow:established,from_client; content:"GET"; http_method; content:"/js/flehbm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368662/; classtype:trojan-activity;sid:84231762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368663)"; flow:established,from_client; content:"GET"; http_method; content:"/js/exnwkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368663/; classtype:trojan-activity;sid:84231763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368664)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dfrwix.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368664/; classtype:trojan-activity;sid:84231764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368665)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xjkztu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368665/; classtype:trojan-activity;sid:84231765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368649)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ldwnqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368649/; classtype:trojan-activity;sid:84231749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368650)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ukfjeq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368650/; classtype:trojan-activity;sid:84231750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368651)"; flow:established,from_client; content:"GET"; http_method; content:"/js/priola.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368651/; classtype:trojan-activity;sid:84231751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368652)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nxritz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368652/; classtype:trojan-activity;sid:84231752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368653)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mcoftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368653/; classtype:trojan-activity;sid:84231753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368654)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnxjiu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368654/; classtype:trojan-activity;sid:84231754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368655)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uszyql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368655/; classtype:trojan-activity;sid:84231755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368656)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jtnebv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368656/; classtype:trojan-activity;sid:84231756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368646)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdmvrk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368646/; classtype:trojan-activity;sid:84231746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368647)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ogimzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368647/; classtype:trojan-activity;sid:84231747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368648)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xgkhwm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368648/; classtype:trojan-activity;sid:84231748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368644)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djtukm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368644/; classtype:trojan-activity;sid:84231744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368645)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sdfjyu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368645/; classtype:trojan-activity;sid:84231745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368641)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bgwdlq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368641/; classtype:trojan-activity;sid:84231741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368642)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyqbmx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368642/; classtype:trojan-activity;sid:84231742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368643)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sbdgnc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368643/; classtype:trojan-activity;sid:84231743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368640)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftpido.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368640/; classtype:trojan-activity;sid:84231740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.106.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368638/; classtype:trojan-activity;sid:84231738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368639)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oaugym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368639/; classtype:trojan-activity;sid:84231739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368635)"; flow:established,from_client; content:"GET"; http_method; content:"/js/grwsed.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368635/; classtype:trojan-activity;sid:84231735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368636)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltpmzy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368636/; classtype:trojan-activity;sid:84231736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368637)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fconkp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368637/; classtype:trojan-activity;sid:84231737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368633)"; flow:established,from_client; content:"GET"; http_method; content:"/js/foskub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368633/; classtype:trojan-activity;sid:84231733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368634)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ybqour.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368634/; classtype:trojan-activity;sid:84231734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368628)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jgukrx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368628/; classtype:trojan-activity;sid:84231728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368629)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ptmnwy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368629/; classtype:trojan-activity;sid:84231729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368630)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzxdwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368630/; classtype:trojan-activity;sid:84231730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368631)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nkdqcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368631/; classtype:trojan-activity;sid:84231731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368632)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkerly.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368632/; classtype:trojan-activity;sid:84231732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368623)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qasuzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368623/; classtype:trojan-activity;sid:84231723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368624)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uxqhds.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368624/; classtype:trojan-activity;sid:84231724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368625)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vkbxyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368625/; classtype:trojan-activity;sid:84231725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368626)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nxritz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368626/; classtype:trojan-activity;sid:84231726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368627)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ickxdv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368627/; classtype:trojan-activity;sid:84231727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368620)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ncmzei.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368620/; classtype:trojan-activity;sid:84231720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368621)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixveou.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368621/; classtype:trojan-activity;sid:84231721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368622)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vnmizb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368622/; classtype:trojan-activity;sid:84231722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368614)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atjunw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368614/; classtype:trojan-activity;sid:84231714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368615)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmfoys.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368615/; classtype:trojan-activity;sid:84231715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368616)"; flow:established,from_client; content:"GET"; http_method; content:"/js/elqgwv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368616/; classtype:trojan-activity;sid:84231716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368617)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sfxnlu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368617/; classtype:trojan-activity;sid:84231717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368618)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ovnfdt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368618/; classtype:trojan-activity;sid:84231718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368619)"; flow:established,from_client; content:"GET"; http_method; content:"/js/godukp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368619/; classtype:trojan-activity;sid:84231719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368604)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmcsue.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368604/; classtype:trojan-activity;sid:84231704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368605)"; flow:established,from_client; content:"GET"; http_method; content:"/js/godukp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368605/; classtype:trojan-activity;sid:84231705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368606)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fsuepy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368606/; classtype:trojan-activity;sid:84231706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368607)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atrpjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368607/; classtype:trojan-activity;sid:84231707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368608)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lztnfk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368608/; classtype:trojan-activity;sid:84231708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368609)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbhpnc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368609/; classtype:trojan-activity;sid:84231709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368610)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sjqmxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368610/; classtype:trojan-activity;sid:84231710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368611)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taljsu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368611/; classtype:trojan-activity;sid:84231711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.80.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368612/; classtype:trojan-activity;sid:84231712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368613)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vsxmok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368613/; classtype:trojan-activity;sid:84231713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368599)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jlmaci.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368599/; classtype:trojan-activity;sid:84231699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368600)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zvqgph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368600/; classtype:trojan-activity;sid:84231700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368601)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cbftqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368601/; classtype:trojan-activity;sid:84231701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368602)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chepkx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368602/; classtype:trojan-activity;sid:84231702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368603)"; flow:established,from_client; content:"GET"; http_method; content:"/js/exjfba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368603/; classtype:trojan-activity;sid:84231703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368597)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zyhfex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368597/; classtype:trojan-activity;sid:84231697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368598)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xotpfa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368598/; classtype:trojan-activity;sid:84231698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368594)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vcanft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368594/; classtype:trojan-activity;sid:84231694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368595)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ujaemc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368595/; classtype:trojan-activity;sid:84231695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368596)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xzinom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368596/; classtype:trojan-activity;sid:84231696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368593)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nfimsr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368593/; classtype:trojan-activity;sid:84231693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368590)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mdlnqa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368590/; classtype:trojan-activity;sid:84231690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368591)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqhbyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368591/; classtype:trojan-activity;sid:84231691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368592)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmsnvu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368592/; classtype:trojan-activity;sid:84231692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368583)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tgivra.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368583/; classtype:trojan-activity;sid:84231683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368584)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bksnzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368584/; classtype:trojan-activity;sid:84231684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368585)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vdqlnz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368585/; classtype:trojan-activity;sid:84231685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368586)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmexdh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368586/; classtype:trojan-activity;sid:84231686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368587)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbhvcm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368587/; classtype:trojan-activity;sid:84231687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368588)"; flow:established,from_client; content:"GET"; http_method; content:"/js/klydgb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368588/; classtype:trojan-activity;sid:84231688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368589)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stejwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368589/; classtype:trojan-activity;sid:84231689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368578)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzbcfd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368578/; classtype:trojan-activity;sid:84231678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368579)"; flow:established,from_client; content:"GET"; http_method; content:"/js/finksa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368579/; classtype:trojan-activity;sid:84231679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368580)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjovbi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368580/; classtype:trojan-activity;sid:84231680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368581)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eytofc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368581/; classtype:trojan-activity;sid:84231681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368582)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dawgjr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368582/; classtype:trojan-activity;sid:84231682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368570)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xzngir.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368570/; classtype:trojan-activity;sid:84231670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368571)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yslwup.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368571/; classtype:trojan-activity;sid:84231671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368572)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xkafls.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368572/; classtype:trojan-activity;sid:84231672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368573)"; flow:established,from_client; content:"GET"; http_method; content:"/js/thlvcq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368573/; classtype:trojan-activity;sid:84231673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368574)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjukql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368574/; classtype:trojan-activity;sid:84231674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368575)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uqayrn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368575/; classtype:trojan-activity;sid:84231675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368576)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hitguk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368576/; classtype:trojan-activity;sid:84231676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368577)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mptsrb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368577/; classtype:trojan-activity;sid:84231677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368563)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wgsrda.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368563/; classtype:trojan-activity;sid:84231663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368564)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rlmkdy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368564/; classtype:trojan-activity;sid:84231664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368565)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrdywl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368565/; classtype:trojan-activity;sid:84231665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368566)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bazydn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368566/; classtype:trojan-activity;sid:84231666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368567)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sjqmxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368567/; classtype:trojan-activity;sid:84231667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368568)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cusemi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368568/; classtype:trojan-activity;sid:84231668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368569)"; flow:established,from_client; content:"GET"; http_method; content:"/js/inkxgs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368569/; classtype:trojan-activity;sid:84231669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368558)"; flow:established,from_client; content:"GET"; http_method; content:"/js/conuwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368558/; classtype:trojan-activity;sid:84231658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368559)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dfrwix.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368559/; classtype:trojan-activity;sid:84231659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368560)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jpwtkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368560/; classtype:trojan-activity;sid:84231660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368561)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vexzha.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368561/; classtype:trojan-activity;sid:84231661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368562)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kynazr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368562/; classtype:trojan-activity;sid:84231662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368556)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yjwuhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368556/; classtype:trojan-activity;sid:84231656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368557)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jlmaci.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368557/; classtype:trojan-activity;sid:84231657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368555)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gbmctf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368555/; classtype:trojan-activity;sid:84231655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368553)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hmoqtp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368553/; classtype:trojan-activity;sid:84231653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368554)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pecfql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368554/; classtype:trojan-activity;sid:84231654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368551)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucorwt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368551/; classtype:trojan-activity;sid:84231651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368552)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fwtgdn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368552/; classtype:trojan-activity;sid:84231652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368547)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jlmaci.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368547/; classtype:trojan-activity;sid:84231647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368548)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhpkzx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368548/; classtype:trojan-activity;sid:84231648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368549)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmyijc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368549/; classtype:trojan-activity;sid:84231649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368550)"; flow:established,from_client; content:"GET"; http_method; content:"/js/arfejg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368550/; classtype:trojan-activity;sid:84231650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368530)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cbftqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368530/; classtype:trojan-activity;sid:84231630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368531)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbaylw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368531/; classtype:trojan-activity;sid:84231631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368532)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lztnfk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368532/; classtype:trojan-activity;sid:84231632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368533)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skrbil.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368533/; classtype:trojan-activity;sid:84231633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368534)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzxdwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368534/; classtype:trojan-activity;sid:84231634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368535)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzdvkx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368535/; classtype:trojan-activity;sid:84231635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368536)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stbyrl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368536/; classtype:trojan-activity;sid:84231636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368537)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpglbq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368537/; classtype:trojan-activity;sid:84231637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368538)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hcgzyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368538/; classtype:trojan-activity;sid:84231638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368539)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ymqxsp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368539/; classtype:trojan-activity;sid:84231639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368540)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bjewxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368540/; classtype:trojan-activity;sid:84231640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368541)"; flow:established,from_client; content:"GET"; http_method; content:"/js/txwhkb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368541/; classtype:trojan-activity;sid:84231641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368542)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dcwanm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368542/; classtype:trojan-activity;sid:84231642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368543)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hmoqtp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368543/; classtype:trojan-activity;sid:84231643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368544)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrbwyu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368544/; classtype:trojan-activity;sid:84231644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368545)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rlmkdy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368545/; classtype:trojan-activity;sid:84231645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368546)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nyovtk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368546/; classtype:trojan-activity;sid:84231646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368521)"; flow:established,from_client; content:"GET"; http_method; content:"/js/juvwhm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368521/; classtype:trojan-activity;sid:84231621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368522)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glebqm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368522/; classtype:trojan-activity;sid:84231622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368523)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kxcqzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368523/; classtype:trojan-activity;sid:84231623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368524)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fnotqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368524/; classtype:trojan-activity;sid:84231624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368525)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zqgfeo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368525/; classtype:trojan-activity;sid:84231625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368526)"; flow:established,from_client; content:"GET"; http_method; content:"/js/razcsu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368526/; classtype:trojan-activity;sid:84231626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368527)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfpukb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368527/; classtype:trojan-activity;sid:84231627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368528)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lsovum.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368528/; classtype:trojan-activity;sid:84231628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368529)"; flow:established,from_client; content:"GET"; http_method; content:"/js/paifct.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368529/; classtype:trojan-activity;sid:84231629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368519)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lneyjh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368519/; classtype:trojan-activity;sid:84231619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368520)"; flow:established,from_client; content:"GET"; http_method; content:"/js/itnuya.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368520/; classtype:trojan-activity;sid:84231620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368518)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbaylw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368518/; classtype:trojan-activity;sid:84231618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368517)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmyijc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368517/; classtype:trojan-activity;sid:84231617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368512)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbhpnc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368512/; classtype:trojan-activity;sid:84231612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368513)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fmepyv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368513/; classtype:trojan-activity;sid:84231613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368514)"; flow:established,from_client; content:"GET"; http_method; content:"/js/paifct.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368514/; classtype:trojan-activity;sid:84231614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368515)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnvzbd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368515/; classtype:trojan-activity;sid:84231615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368516)"; flow:established,from_client; content:"GET"; http_method; content:"/js/umzebq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368516/; classtype:trojan-activity;sid:84231616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368498)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buzpag.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368498/; classtype:trojan-activity;sid:84231598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368499)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxkipn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368499/; classtype:trojan-activity;sid:84231599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368500)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kldhuq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368500/; classtype:trojan-activity;sid:84231600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368501)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dcwanm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368501/; classtype:trojan-activity;sid:84231601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368502)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qfthvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368502/; classtype:trojan-activity;sid:84231602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368503)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zibajo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368503/; classtype:trojan-activity;sid:84231603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368504)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eivhfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368504/; classtype:trojan-activity;sid:84231604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368505)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fymvkc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368505/; classtype:trojan-activity;sid:84231605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368506)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aivfhm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368506/; classtype:trojan-activity;sid:84231606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368507)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chepkx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368507/; classtype:trojan-activity;sid:84231607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368508)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pnocqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368508/; classtype:trojan-activity;sid:84231608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368509)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taypgl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368509/; classtype:trojan-activity;sid:84231609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368510)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eicbgw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368510/; classtype:trojan-activity;sid:84231610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368511)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jewltz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368511/; classtype:trojan-activity;sid:84231611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368491)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stejwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368491/; classtype:trojan-activity;sid:84231591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368492)"; flow:established,from_client; content:"GET"; http_method; content:"/js/retcab.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368492/; classtype:trojan-activity;sid:84231592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368493)"; flow:established,from_client; content:"GET"; http_method; content:"/js/adchfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368493/; classtype:trojan-activity;sid:84231593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368494)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tfezuo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368494/; classtype:trojan-activity;sid:84231594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368495)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ydhrfe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368495/; classtype:trojan-activity;sid:84231595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368496)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucanwd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368496/; classtype:trojan-activity;sid:84231596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368497)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dzayik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herunterladen-spark.alesia.cloud"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368497/; classtype:trojan-activity;sid:84231597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368479)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fgkiep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368479/; classtype:trojan-activity;sid:84231579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368480)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yjwuhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368480/; classtype:trojan-activity;sid:84231580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368481)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whtjex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368481/; classtype:trojan-activity;sid:84231581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368482)"; flow:established,from_client; content:"GET"; http_method; content:"/js/veyrqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368482/; classtype:trojan-activity;sid:84231582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368483)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pecfql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368483/; classtype:trojan-activity;sid:84231583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368484)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtnlzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368484/; classtype:trojan-activity;sid:84231584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368485)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wrdyti.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368485/; classtype:trojan-activity;sid:84231585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368486)"; flow:established,from_client; content:"GET"; http_method; content:"/js/efcwnv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368486/; classtype:trojan-activity;sid:84231586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368487)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yobune.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368487/; classtype:trojan-activity;sid:84231587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368488)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lsojgh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368488/; classtype:trojan-activity;sid:84231588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368489)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykgnts.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368489/; classtype:trojan-activity;sid:84231589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368490)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxnzvl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368490/; classtype:trojan-activity;sid:84231590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368478)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qfaxth.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368478/; classtype:trojan-activity;sid:84231578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368477)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skjpfh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368477/; classtype:trojan-activity;sid:84231577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368470)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qfthvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368470/; classtype:trojan-activity;sid:84231570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368471)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jnfesb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368471/; classtype:trojan-activity;sid:84231571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368472)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vuniot.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368472/; classtype:trojan-activity;sid:84231572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368473)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idagyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368473/; classtype:trojan-activity;sid:84231573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368474)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhqfza.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368474/; classtype:trojan-activity;sid:84231574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368475)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jpwtkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368475/; classtype:trojan-activity;sid:84231575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368476)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jnlkap.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368476/; classtype:trojan-activity;sid:84231576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368467)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apwisr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368467/; classtype:trojan-activity;sid:84231567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368468)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lfsniz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368468/; classtype:trojan-activity;sid:84231568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368469)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ydhrfe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368469/; classtype:trojan-activity;sid:84231569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368462)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skhjtc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368462/; classtype:trojan-activity;sid:84231562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368463)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eaqbfm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368463/; classtype:trojan-activity;sid:84231563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368464)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idagyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368464/; classtype:trojan-activity;sid:84231564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368465)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hvporw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368465/; classtype:trojan-activity;sid:84231565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368466)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fltyha.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368466/; classtype:trojan-activity;sid:84231566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368459)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjshmy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368459/; classtype:trojan-activity;sid:84231559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368460)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qycavu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368460/; classtype:trojan-activity;sid:84231560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368461)"; flow:established,from_client; content:"GET"; http_method; content:"/js/godukp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368461/; classtype:trojan-activity;sid:84231561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368456)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bsuyhj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368456/; classtype:trojan-activity;sid:84231556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368457)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yvetcg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368457/; classtype:trojan-activity;sid:84231557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368458)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gmrkwh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368458/; classtype:trojan-activity;sid:84231558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368440)"; flow:established,from_client; content:"GET"; http_method; content:"/js/esagwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368440/; classtype:trojan-activity;sid:84231540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368441)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrwyvs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368441/; classtype:trojan-activity;sid:84231541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368442)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yqnoez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368442/; classtype:trojan-activity;sid:84231542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368443)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vcanft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368443/; classtype:trojan-activity;sid:84231543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368444)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xjkztu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368444/; classtype:trojan-activity;sid:84231544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368445)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjdkeq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368445/; classtype:trojan-activity;sid:84231545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368446)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ujaemc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368446/; classtype:trojan-activity;sid:84231546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368447)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sbdgnc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368447/; classtype:trojan-activity;sid:84231547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368448)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wgsrda.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368448/; classtype:trojan-activity;sid:84231548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368449)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mfzwxd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368449/; classtype:trojan-activity;sid:84231549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368450)"; flow:established,from_client; content:"GET"; http_method; content:"/js/srnjva.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368450/; classtype:trojan-activity;sid:84231550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368451)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xpqyub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368451/; classtype:trojan-activity;sid:84231551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368452)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qatijs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368452/; classtype:trojan-activity;sid:84231552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368453)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhrnse.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368453/; classtype:trojan-activity;sid:84231553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368454)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eyxpjz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368454/; classtype:trojan-activity;sid:84231554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368455)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbhpnc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368455/; classtype:trojan-activity;sid:84231555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368427)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdmvrk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368427/; classtype:trojan-activity;sid:84231527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368428)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zvhmne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368428/; classtype:trojan-activity;sid:84231528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368429)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gevhks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368429/; classtype:trojan-activity;sid:84231529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368430)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iyjdpm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368430/; classtype:trojan-activity;sid:84231530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368431)"; flow:established,from_client; content:"GET"; http_method; content:"/js/enhozf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368431/; classtype:trojan-activity;sid:84231531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368432)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzdvkx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368432/; classtype:trojan-activity;sid:84231532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368433)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqyaix.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368433/; classtype:trojan-activity;sid:84231533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368434)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fsxjnk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368434/; classtype:trojan-activity;sid:84231534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368435)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ybqour.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368435/; classtype:trojan-activity;sid:84231535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368436)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oaugym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368436/; classtype:trojan-activity;sid:84231536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368437)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pnocqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368437/; classtype:trojan-activity;sid:84231537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368438)"; flow:established,from_client; content:"GET"; http_method; content:"/js/msiucg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368438/; classtype:trojan-activity;sid:84231538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368439)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kemhaw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368439/; classtype:trojan-activity;sid:84231539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368425)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hsalxw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368425/; classtype:trojan-activity;sid:84231525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368426)"; flow:established,from_client; content:"GET"; http_method; content:"/js/surtfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368426/; classtype:trojan-activity;sid:84231526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368419)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqhbyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368419/; classtype:trojan-activity;sid:84231519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368420)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nmsujh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368420/; classtype:trojan-activity;sid:84231520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368421)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eivhfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368421/; classtype:trojan-activity;sid:84231521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368422)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dawgjr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368422/; classtype:trojan-activity;sid:84231522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368423)"; flow:established,from_client; content:"GET"; http_method; content:"/js/juvwhm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368423/; classtype:trojan-activity;sid:84231523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368424)"; flow:established,from_client; content:"GET"; http_method; content:"/js/txwhkb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368424/; classtype:trojan-activity;sid:84231524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368406)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pnocqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368406/; classtype:trojan-activity;sid:84231506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368407)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kixrge.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368407/; classtype:trojan-activity;sid:84231507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368408)"; flow:established,from_client; content:"GET"; http_method; content:"/js/npukdv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368408/; classtype:trojan-activity;sid:84231508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368409)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lsovum.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368409/; classtype:trojan-activity;sid:84231509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368410)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhwepz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368410/; classtype:trojan-activity;sid:84231510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368411)"; flow:established,from_client; content:"GET"; http_method; content:"/js/unpwzy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368411/; classtype:trojan-activity;sid:84231511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368412)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zceyxg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368412/; classtype:trojan-activity;sid:84231512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368413)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyxudg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368413/; classtype:trojan-activity;sid:84231513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368414)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kwuisd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368414/; classtype:trojan-activity;sid:84231514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368415)"; flow:established,from_client; content:"GET"; http_method; content:"/js/quwtdl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368415/; classtype:trojan-activity;sid:84231515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368416)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mljgai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368416/; classtype:trojan-activity;sid:84231516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368417)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bgwdlq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368417/; classtype:trojan-activity;sid:84231517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368418)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qemywl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368418/; classtype:trojan-activity;sid:84231518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368390)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qasuzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368390/; classtype:trojan-activity;sid:84231490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368391)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvohfy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368391/; classtype:trojan-activity;sid:84231491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368392)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wmlxpy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368392/; classtype:trojan-activity;sid:84231492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368393)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhrnse.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368393/; classtype:trojan-activity;sid:84231493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368394)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qtplzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368394/; classtype:trojan-activity;sid:84231494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368395)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fymvkc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368395/; classtype:trojan-activity;sid:84231495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368396)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skeqhi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368396/; classtype:trojan-activity;sid:84231496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368397)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhrnse.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368397/; classtype:trojan-activity;sid:84231497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368398)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkerly.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368398/; classtype:trojan-activity;sid:84231498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368399)"; flow:established,from_client; content:"GET"; http_method; content:"/js/retcab.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368399/; classtype:trojan-activity;sid:84231499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368400)"; flow:established,from_client; content:"GET"; http_method; content:"/js/clwnai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368400/; classtype:trojan-activity;sid:84231500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368401)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xirksj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368401/; classtype:trojan-activity;sid:84231501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368402)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnmyqi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368402/; classtype:trojan-activity;sid:84231502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368403)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmexdh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368403/; classtype:trojan-activity;sid:84231503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368404)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cexirv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368404/; classtype:trojan-activity;sid:84231504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368405)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bsuyhj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368405/; classtype:trojan-activity;sid:84231505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368385)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rlmkdy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368385/; classtype:trojan-activity;sid:84231485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368386)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbkyud.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368386/; classtype:trojan-activity;sid:84231486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368387)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uilxhz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368387/; classtype:trojan-activity;sid:84231487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368388)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stbyrl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368388/; classtype:trojan-activity;sid:84231488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368389)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jetyiw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368389/; classtype:trojan-activity;sid:84231489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368380)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lozwub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368380/; classtype:trojan-activity;sid:84231480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368381)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lwpefs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368381/; classtype:trojan-activity;sid:84231481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368382)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxnzvl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368382/; classtype:trojan-activity;sid:84231482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368383)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zyhfex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368383/; classtype:trojan-activity;sid:84231483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368384)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmcsue.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368384/; classtype:trojan-activity;sid:84231484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368379)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxbgma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368379/; classtype:trojan-activity;sid:84231479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368375)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stwkqg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368375/; classtype:trojan-activity;sid:84231475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368376)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fdujrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368376/; classtype:trojan-activity;sid:84231476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368377)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aipojd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368377/; classtype:trojan-activity;sid:84231477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368378)"; flow:established,from_client; content:"GET"; http_method; content:"/js/epmtcs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368378/; classtype:trojan-activity;sid:84231478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368353)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tmgdkz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368353/; classtype:trojan-activity;sid:84231453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368354)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nsvtqg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368354/; classtype:trojan-activity;sid:84231454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368355)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkympx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368355/; classtype:trojan-activity;sid:84231455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368356)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jewltz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368356/; classtype:trojan-activity;sid:84231456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368357)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pqxyjc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368357/; classtype:trojan-activity;sid:84231457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368358)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wzuigr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368358/; classtype:trojan-activity;sid:84231458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368359)"; flow:established,from_client; content:"GET"; http_method; content:"/js/twymph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368359/; classtype:trojan-activity;sid:84231459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368360)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pecfql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368360/; classtype:trojan-activity;sid:84231460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368361)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vuniot.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368361/; classtype:trojan-activity;sid:84231461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368362)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qcfibe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368362/; classtype:trojan-activity;sid:84231462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368363)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bymvne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368363/; classtype:trojan-activity;sid:84231463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368364)"; flow:established,from_client; content:"GET"; http_method; content:"/js/logjmx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368364/; classtype:trojan-activity;sid:84231464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368365)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ypevoz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368365/; classtype:trojan-activity;sid:84231465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368366)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yitvba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368366/; classtype:trojan-activity;sid:84231466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368367)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eytofc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368367/; classtype:trojan-activity;sid:84231467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368368)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kynazr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368368/; classtype:trojan-activity;sid:84231468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368369)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnviot.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368369/; classtype:trojan-activity;sid:84231469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368370)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gsrvje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368370/; classtype:trojan-activity;sid:84231470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368371)"; flow:established,from_client; content:"GET"; http_method; content:"/js/grwsed.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368371/; classtype:trojan-activity;sid:84231471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368372)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atbmcv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368372/; classtype:trojan-activity;sid:84231472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368373)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mapjte.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368373/; classtype:trojan-activity;sid:84231473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368374)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bgwdlq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368374/; classtype:trojan-activity;sid:84231474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368347)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rbgovl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368347/; classtype:trojan-activity;sid:84231447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368348)"; flow:established,from_client; content:"GET"; http_method; content:"/js/klydgb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368348/; classtype:trojan-activity;sid:84231448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368349)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hmdwoj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368349/; classtype:trojan-activity;sid:84231449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368350)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wgsrda.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368350/; classtype:trojan-activity;sid:84231450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368351)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dnbuqz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368351/; classtype:trojan-activity;sid:84231451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368352)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpoikg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368352/; classtype:trojan-activity;sid:84231452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368341)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bnfzji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368341/; classtype:trojan-activity;sid:84231441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368342)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifnvqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368342/; classtype:trojan-activity;sid:84231442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368343)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pgbokr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368343/; classtype:trojan-activity;sid:84231443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368344)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tkyuqd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368344/; classtype:trojan-activity;sid:84231444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368345)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hwpagq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368345/; classtype:trojan-activity;sid:84231445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368346)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stbyrl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368346/; classtype:trojan-activity;sid:84231446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368339)"; flow:established,from_client; content:"GET"; http_method; content:"/js/thlvcq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368339/; classtype:trojan-activity;sid:84231439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368340)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jeighd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368340/; classtype:trojan-activity;sid:84231440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368337)"; flow:established,from_client; content:"GET"; http_method; content:"/js/elqgwv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368337/; classtype:trojan-activity;sid:84231437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368338)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jfwdec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368338/; classtype:trojan-activity;sid:84231438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368320)"; flow:established,from_client; content:"GET"; http_method; content:"/js/odtvmg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368320/; classtype:trojan-activity;sid:84231420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368321)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vyiwbf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368321/; classtype:trojan-activity;sid:84231421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368322)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ehwdpq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368322/; classtype:trojan-activity;sid:84231422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368323)"; flow:established,from_client; content:"GET"; http_method; content:"/js/itnuya.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368323/; classtype:trojan-activity;sid:84231423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368324)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pysbgm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368324/; classtype:trojan-activity;sid:84231424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368325)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fkadbt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368325/; classtype:trojan-activity;sid:84231425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368326)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skeqhi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368326/; classtype:trojan-activity;sid:84231426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368327)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmsnvu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368327/; classtype:trojan-activity;sid:84231427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368328)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nfimsr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368328/; classtype:trojan-activity;sid:84231428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368329)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xkafls.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368329/; classtype:trojan-activity;sid:84231429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368330)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hmoqtp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368330/; classtype:trojan-activity;sid:84231430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368331)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yitvba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368331/; classtype:trojan-activity;sid:84231431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368332)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uejzgw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368332/; classtype:trojan-activity;sid:84231432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368333)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uhbnzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368333/; classtype:trojan-activity;sid:84231433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368334)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ipcfyq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368334/; classtype:trojan-activity;sid:84231434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368335)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jktxoq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368335/; classtype:trojan-activity;sid:84231435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368336)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hstjvf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368336/; classtype:trojan-activity;sid:84231436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368308)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sghoik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368308/; classtype:trojan-activity;sid:84231408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368309)"; flow:established,from_client; content:"GET"; http_method; content:"/js/josfaz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368309/; classtype:trojan-activity;sid:84231409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368310)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stejwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368310/; classtype:trojan-activity;sid:84231410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368311)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vzenut.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368311/; classtype:trojan-activity;sid:84231411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368312)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ybqour.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368312/; classtype:trojan-activity;sid:84231412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368313)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zvqgph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368313/; classtype:trojan-activity;sid:84231413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368314)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nadbor.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368314/; classtype:trojan-activity;sid:84231414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368315)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrwyvs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368315/; classtype:trojan-activity;sid:84231415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368316)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrkfvd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368316/; classtype:trojan-activity;sid:84231416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368317)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftgiow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368317/; classtype:trojan-activity;sid:84231417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368318)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idcfeg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368318/; classtype:trojan-activity;sid:84231418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368319)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtapwo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368319/; classtype:trojan-activity;sid:84231419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368304)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uhbnzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368304/; classtype:trojan-activity;sid:84231404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368305)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glebqm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368305/; classtype:trojan-activity;sid:84231405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368306)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bftoze.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368306/; classtype:trojan-activity;sid:84231406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368307)"; flow:established,from_client; content:"GET"; http_method; content:"/js/decqzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368307/; classtype:trojan-activity;sid:84231407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368299)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltpmzy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368299/; classtype:trojan-activity;sid:84231399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368300)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lczntq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368300/; classtype:trojan-activity;sid:84231400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368301)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gsrvje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368301/; classtype:trojan-activity;sid:84231401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368302)"; flow:established,from_client; content:"GET"; http_method; content:"/js/logjmx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368302/; classtype:trojan-activity;sid:84231402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368303)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bcvmok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368303/; classtype:trojan-activity;sid:84231403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368295)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qsfzow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368295/; classtype:trojan-activity;sid:84231395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368296)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dcwanm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368296/; classtype:trojan-activity;sid:84231396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368297)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sezmlk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368297/; classtype:trojan-activity;sid:84231397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368298)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbaylw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368298/; classtype:trojan-activity;sid:84231398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368271)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kldhuq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368271/; classtype:trojan-activity;sid:84231371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368272)"; flow:established,from_client; content:"GET"; http_method; content:"/js/isygcv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368272/; classtype:trojan-activity;sid:84231372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368273)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yobune.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368273/; classtype:trojan-activity;sid:84231373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368274)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bftoze.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368274/; classtype:trojan-activity;sid:84231374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368275)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbomky.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368275/; classtype:trojan-activity;sid:84231375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368276)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hrtncs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368276/; classtype:trojan-activity;sid:84231376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368277)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xnhimz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368277/; classtype:trojan-activity;sid:84231377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368278)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzbcfd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368278/; classtype:trojan-activity;sid:84231378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368279)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hitguk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368279/; classtype:trojan-activity;sid:84231379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368280)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuvoxq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368280/; classtype:trojan-activity;sid:84231380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368281)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djtukm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368281/; classtype:trojan-activity;sid:84231381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368282)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hmoqtp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368282/; classtype:trojan-activity;sid:84231382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368283)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glzfjk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368283/; classtype:trojan-activity;sid:84231383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368284)"; flow:established,from_client; content:"GET"; http_method; content:"/js/smabhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368284/; classtype:trojan-activity;sid:84231384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368285)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vcanft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368285/; classtype:trojan-activity;sid:84231385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368286)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hljwts.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368286/; classtype:trojan-activity;sid:84231386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368287)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuvshm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368287/; classtype:trojan-activity;sid:84231387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368288)"; flow:established,from_client; content:"GET"; http_method; content:"/js/frcvbw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368288/; classtype:trojan-activity;sid:84231388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368289)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hzsfvj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368289/; classtype:trojan-activity;sid:84231389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368290)"; flow:established,from_client; content:"GET"; http_method; content:"/js/okmnjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368290/; classtype:trojan-activity;sid:84231390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368291)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uregky.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368291/; classtype:trojan-activity;sid:84231391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368292)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bzscvg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368292/; classtype:trojan-activity;sid:84231392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368293)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xkafls.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368293/; classtype:trojan-activity;sid:84231393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368294)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bqpmtr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368294/; classtype:trojan-activity;sid:84231394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368266)"; flow:established,from_client; content:"GET"; http_method; content:"/js/inkxgs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368266/; classtype:trojan-activity;sid:84231366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368267)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cafshz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368267/; classtype:trojan-activity;sid:84231367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368268)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuvoxq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368268/; classtype:trojan-activity;sid:84231368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368269)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fzcobw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368269/; classtype:trojan-activity;sid:84231369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368270)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ptmnwy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368270/; classtype:trojan-activity;sid:84231370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368259)"; flow:established,from_client; content:"GET"; http_method; content:"/js/paifct.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368259/; classtype:trojan-activity;sid:84231359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368260)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ipcfyq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368260/; classtype:trojan-activity;sid:84231360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368261)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rlmkdy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368261/; classtype:trojan-activity;sid:84231361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368262)"; flow:established,from_client; content:"GET"; http_method; content:"/js/adchfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368262/; classtype:trojan-activity;sid:84231362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368263)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vuniot.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368263/; classtype:trojan-activity;sid:84231363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368264)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qsfzow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368264/; classtype:trojan-activity;sid:84231364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368265)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xuzens.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368265/; classtype:trojan-activity;sid:84231365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368258)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yslwup.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368258/; classtype:trojan-activity;sid:84231358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368236)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eaqbfm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368236/; classtype:trojan-activity;sid:84231336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368237)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbrvxl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368237/; classtype:trojan-activity;sid:84231337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368238)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ghksto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368238/; classtype:trojan-activity;sid:84231338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368239)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bksnzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368239/; classtype:trojan-activity;sid:84231339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368240)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbofah.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368240/; classtype:trojan-activity;sid:84231340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368241)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjovbi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368241/; classtype:trojan-activity;sid:84231341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368242)"; flow:established,from_client; content:"GET"; http_method; content:"/js/surtfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368242/; classtype:trojan-activity;sid:84231342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368243)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qldugb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368243/; classtype:trojan-activity;sid:84231343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368244)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xyijec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368244/; classtype:trojan-activity;sid:84231344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368245)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hrtncs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368245/; classtype:trojan-activity;sid:84231345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368246)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pykqbg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368246/; classtype:trojan-activity;sid:84231346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368247)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vexzha.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368247/; classtype:trojan-activity;sid:84231347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368248)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvzyka.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368248/; classtype:trojan-activity;sid:84231348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368249)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wrdyti.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368249/; classtype:trojan-activity;sid:84231349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368250)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xzngir.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368250/; classtype:trojan-activity;sid:84231350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368251)"; flow:established,from_client; content:"GET"; http_method; content:"/js/csqhyv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368251/; classtype:trojan-activity;sid:84231351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368252)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zhpgbr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368252/; classtype:trojan-activity;sid:84231352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368253)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uxqhds.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368253/; classtype:trojan-activity;sid:84231353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368254)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zqgfeo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368254/; classtype:trojan-activity;sid:84231354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368255)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sfxnlu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368255/; classtype:trojan-activity;sid:84231355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368256)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wdaqet.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368256/; classtype:trojan-activity;sid:84231356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368257)"; flow:established,from_client; content:"GET"; http_method; content:"/js/conuwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368257/; classtype:trojan-activity;sid:84231357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368226)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wmlxpy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368226/; classtype:trojan-activity;sid:84231326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368227)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cexudy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368227/; classtype:trojan-activity;sid:84231327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368228)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aivfhm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368228/; classtype:trojan-activity;sid:84231328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368229)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ydhrfe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368229/; classtype:trojan-activity;sid:84231329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368230)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkympx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368230/; classtype:trojan-activity;sid:84231330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368231)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cbftqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368231/; classtype:trojan-activity;sid:84231331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368232)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gsaqhu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368232/; classtype:trojan-activity;sid:84231332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368233)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chepkx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368233/; classtype:trojan-activity;sid:84231333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368234)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ghksto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368234/; classtype:trojan-activity;sid:84231334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368235)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifzcar.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368235/; classtype:trojan-activity;sid:84231335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368221)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bazydn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368221/; classtype:trojan-activity;sid:84231321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368222)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxkipn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368222/; classtype:trojan-activity;sid:84231322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368223)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qjwnsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368223/; classtype:trojan-activity;sid:84231323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368224)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lztnfk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368224/; classtype:trojan-activity;sid:84231324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368225)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vnmizb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368225/; classtype:trojan-activity;sid:84231325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368219)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mptsrb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368219/; classtype:trojan-activity;sid:84231319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368220)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ujaemc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368220/; classtype:trojan-activity;sid:84231320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368201)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpfhym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368201/; classtype:trojan-activity;sid:84231301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368202)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmyijc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368202/; classtype:trojan-activity;sid:84231302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368203)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrbwyu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368203/; classtype:trojan-activity;sid:84231303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368204)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ickxdv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368204/; classtype:trojan-activity;sid:84231304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368205)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ujaemc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368205/; classtype:trojan-activity;sid:84231305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368206)"; flow:established,from_client; content:"GET"; http_method; content:"/js/othnqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368206/; classtype:trojan-activity;sid:84231306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368207)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ygdluj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368207/; classtype:trojan-activity;sid:84231307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368208)"; flow:established,from_client; content:"GET"; http_method; content:"/js/josfaz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368208/; classtype:trojan-activity;sid:84231308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368209)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cnduef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368209/; classtype:trojan-activity;sid:84231309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368210)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uszyql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368210/; classtype:trojan-activity;sid:84231310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368211)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ivhuox.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368211/; classtype:trojan-activity;sid:84231311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368212)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zmpafn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368212/; classtype:trojan-activity;sid:84231312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368213)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rjlkai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368213/; classtype:trojan-activity;sid:84231313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368214)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbomky.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368214/; classtype:trojan-activity;sid:84231314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368215)"; flow:established,from_client; content:"GET"; http_method; content:"/js/quwtdl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368215/; classtype:trojan-activity;sid:84231315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368216)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kshmaz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368216/; classtype:trojan-activity;sid:84231316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368217)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pqxyjc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368217/; classtype:trojan-activity;sid:84231317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368218)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hcsftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368218/; classtype:trojan-activity;sid:84231318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368189)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ehsail.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368189/; classtype:trojan-activity;sid:84231289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368190)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xeymta.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368190/; classtype:trojan-activity;sid:84231290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368191)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fljxes.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368191/; classtype:trojan-activity;sid:84231291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368192)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yvetcg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368192/; classtype:trojan-activity;sid:84231292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368193)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mqufva.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368193/; classtype:trojan-activity;sid:84231293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368194)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gbqisj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368194/; classtype:trojan-activity;sid:84231294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368195)"; flow:established,from_client; content:"GET"; http_method; content:"/js/akmsfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368195/; classtype:trojan-activity;sid:84231295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368196)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eucwkz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368196/; classtype:trojan-activity;sid:84231296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368197)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wobhfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368197/; classtype:trojan-activity;sid:84231297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368198)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbhpnc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368198/; classtype:trojan-activity;sid:84231298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368199)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xskyft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368199/; classtype:trojan-activity;sid:84231299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368200)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tfezuo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368200/; classtype:trojan-activity;sid:84231300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368184)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kemhaw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368184/; classtype:trojan-activity;sid:84231284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368185)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jlmaci.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368185/; classtype:trojan-activity;sid:84231285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368186)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aweqxl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368186/; classtype:trojan-activity;sid:84231286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368187)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ncmzei.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368187/; classtype:trojan-activity;sid:84231287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368188)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ptmnwy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368188/; classtype:trojan-activity;sid:84231288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368179)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cljokq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368179/; classtype:trojan-activity;sid:84231279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368180)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kynazr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368180/; classtype:trojan-activity;sid:84231280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368181)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gfsplo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368181/; classtype:trojan-activity;sid:84231281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368182)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fymvkc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368182/; classtype:trojan-activity;sid:84231282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368183)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ogimzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368183/; classtype:trojan-activity;sid:84231283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368170)"; flow:established,from_client; content:"GET"; http_method; content:"/js/irmjwl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368170/; classtype:trojan-activity;sid:84231270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368171)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uregky.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368171/; classtype:trojan-activity;sid:84231271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368172)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hegofv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368172/; classtype:trojan-activity;sid:84231272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368173)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wrdyti.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368173/; classtype:trojan-activity;sid:84231273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368174)"; flow:established,from_client; content:"GET"; http_method; content:"/js/npukdv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368174/; classtype:trojan-activity;sid:84231274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368175)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cdazps.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368175/; classtype:trojan-activity;sid:84231275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368176)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpdjln.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368176/; classtype:trojan-activity;sid:84231276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368177)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xjkztu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368177/; classtype:trojan-activity;sid:84231277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368178)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnjvsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368178/; classtype:trojan-activity;sid:84231278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368163)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gotnlm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368163/; classtype:trojan-activity;sid:84231263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368164)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yhszqf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368164/; classtype:trojan-activity;sid:84231264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368165)"; flow:established,from_client; content:"GET"; http_method; content:"/js/odtvmg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368165/; classtype:trojan-activity;sid:84231265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368166)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stwkqg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368166/; classtype:trojan-activity;sid:84231266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368167)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykgnts.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368167/; classtype:trojan-activity;sid:84231267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368168)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fymvkc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368168/; classtype:trojan-activity;sid:84231268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368169)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bzscvg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368169/; classtype:trojan-activity;sid:84231269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368153)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rqopna.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368153/; classtype:trojan-activity;sid:84231253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368154)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lneyjh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368154/; classtype:trojan-activity;sid:84231254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368155)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jpwtkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368155/; classtype:trojan-activity;sid:84231255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368156)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wobhfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368156/; classtype:trojan-activity;sid:84231256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368157)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lozwub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368157/; classtype:trojan-activity;sid:84231257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368158)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hamefz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368158/; classtype:trojan-activity;sid:84231258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368159)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hegofv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368159/; classtype:trojan-activity;sid:84231259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368160)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jtnebv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368160/; classtype:trojan-activity;sid:84231260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368161)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lafizx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368161/; classtype:trojan-activity;sid:84231261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368162)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ypevoz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368162/; classtype:trojan-activity;sid:84231262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368146)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gipart.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368146/; classtype:trojan-activity;sid:84231246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368147)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rjlkai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368147/; classtype:trojan-activity;sid:84231247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368148)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taljsu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368148/; classtype:trojan-activity;sid:84231248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368149)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xanfzm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368149/; classtype:trojan-activity;sid:84231249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368150)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tozpxi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368150/; classtype:trojan-activity;sid:84231250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368151)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jeighd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368151/; classtype:trojan-activity;sid:84231251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368152)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zawmxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368152/; classtype:trojan-activity;sid:84231252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368144)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stwkqg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368144/; classtype:trojan-activity;sid:84231244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368145)"; flow:established,from_client; content:"GET"; http_method; content:"/js/clgkjd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368145/; classtype:trojan-activity;sid:84231245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368140)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uidphw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368140/; classtype:trojan-activity;sid:84231240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368141)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ptmnwy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368141/; classtype:trojan-activity;sid:84231241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368142)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cexirv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368142/; classtype:trojan-activity;sid:84231242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368143)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zmpafn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368143/; classtype:trojan-activity;sid:84231243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368139)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bftoze.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368139/; classtype:trojan-activity;sid:84231239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368135)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nsvtqg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368135/; classtype:trojan-activity;sid:84231235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368136)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dzayik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368136/; classtype:trojan-activity;sid:84231236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368137)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mierfl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368137/; classtype:trojan-activity;sid:84231237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368138)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pruzif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368138/; classtype:trojan-activity;sid:84231238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368133)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ehwdpq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368133/; classtype:trojan-activity;sid:84231233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368134)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cusemi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368134/; classtype:trojan-activity;sid:84231234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368128)"; flow:established,from_client; content:"GET"; http_method; content:"/js/newkcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368128/; classtype:trojan-activity;sid:84231228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368129)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atjunw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368129/; classtype:trojan-activity;sid:84231229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368130)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glebqm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368130/; classtype:trojan-activity;sid:84231230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368131)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxzuvb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368131/; classtype:trojan-activity;sid:84231231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368132)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ulvson.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368132/; classtype:trojan-activity;sid:84231232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368119)"; flow:established,from_client; content:"GET"; http_method; content:"/js/deirlj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368119/; classtype:trojan-activity;sid:84231219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368120)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrbwyu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368120/; classtype:trojan-activity;sid:84231220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368121)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ygdluj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368121/; classtype:trojan-activity;sid:84231221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368122)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kfqilh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368122/; classtype:trojan-activity;sid:84231222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368123)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sjqmxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368123/; classtype:trojan-activity;sid:84231223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368124)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oaugym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368124/; classtype:trojan-activity;sid:84231224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368125)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyxgwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368125/; classtype:trojan-activity;sid:84231225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368126)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nyovtk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368126/; classtype:trojan-activity;sid:84231226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368127)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnudjm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368127/; classtype:trojan-activity;sid:84231227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368114)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmszvh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368114/; classtype:trojan-activity;sid:84231214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368115)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzdvkx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368115/; classtype:trojan-activity;sid:84231215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368116)"; flow:established,from_client; content:"GET"; http_method; content:"/js/decqzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368116/; classtype:trojan-activity;sid:84231216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368117)"; flow:established,from_client; content:"GET"; http_method; content:"/js/juilvp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368117/; classtype:trojan-activity;sid:84231217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368118)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jmpion.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368118/; classtype:trojan-activity;sid:84231218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368108)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hsalxw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368108/; classtype:trojan-activity;sid:84231208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368109)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fsuepy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368109/; classtype:trojan-activity;sid:84231209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368110)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhvgrs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368110/; classtype:trojan-activity;sid:84231210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368111)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vzenut.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368111/; classtype:trojan-activity;sid:84231211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368112)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbofah.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368112/; classtype:trojan-activity;sid:84231212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368113)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fgkiep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368113/; classtype:trojan-activity;sid:84231213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368107)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vnmizb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368107/; classtype:trojan-activity;sid:84231207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368104)"; flow:established,from_client; content:"GET"; http_method; content:"/js/esagwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368104/; classtype:trojan-activity;sid:84231204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368105)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gvqkyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368105/; classtype:trojan-activity;sid:84231205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368106)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whokyr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368106/; classtype:trojan-activity;sid:84231206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368099)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcqidx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368099/; classtype:trojan-activity;sid:84231199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368100)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glzfjk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368100/; classtype:trojan-activity;sid:84231200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368101)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bzclen.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368101/; classtype:trojan-activity;sid:84231201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368102)"; flow:established,from_client; content:"GET"; http_method; content:"/js/msfkoe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368102/; classtype:trojan-activity;sid:84231202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368103)"; flow:established,from_client; content:"GET"; http_method; content:"/js/surtfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368103/; classtype:trojan-activity;sid:84231203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368097)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xzinom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368097/; classtype:trojan-activity;sid:84231197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368098)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tgivra.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368098/; classtype:trojan-activity;sid:84231198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368096)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fnotqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368096/; classtype:trojan-activity;sid:84231196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368093)"; flow:established,from_client; content:"GET"; http_method; content:"/js/csqhyv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368093/; classtype:trojan-activity;sid:84231193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368094)"; flow:established,from_client; content:"GET"; http_method; content:"/js/emuzcj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368094/; classtype:trojan-activity;sid:84231194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368095)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bypvgu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368095/; classtype:trojan-activity;sid:84231195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368089)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gbmctf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368089/; classtype:trojan-activity;sid:84231189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368090)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oaugym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368090/; classtype:trojan-activity;sid:84231190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368091)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfbxjn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368091/; classtype:trojan-activity;sid:84231191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368092)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jyochl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368092/; classtype:trojan-activity;sid:84231192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368085)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qfaxth.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368085/; classtype:trojan-activity;sid:84231185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368086)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tkyuqd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368086/; classtype:trojan-activity;sid:84231186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368087)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lneyjh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368087/; classtype:trojan-activity;sid:84231187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368088)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ktxayf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368088/; classtype:trojan-activity;sid:84231188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368079)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnjxuw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368079/; classtype:trojan-activity;sid:84231179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368080)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ndarqe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368080/; classtype:trojan-activity;sid:84231180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368081)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znqsod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368081/; classtype:trojan-activity;sid:84231181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368082)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bpyjmd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368082/; classtype:trojan-activity;sid:84231182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368083)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mkughj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368083/; classtype:trojan-activity;sid:84231183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368084)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnjwvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368084/; classtype:trojan-activity;sid:84231184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368072)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jsbkec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368072/; classtype:trojan-activity;sid:84231172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368073)"; flow:established,from_client; content:"GET"; http_method; content:"/js/odtvmg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368073/; classtype:trojan-activity;sid:84231173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368074)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lczntq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368074/; classtype:trojan-activity;sid:84231174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368075)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cirunm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368075/; classtype:trojan-activity;sid:84231175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368076)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sezmlk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368076/; classtype:trojan-activity;sid:84231176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368077)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kvjcwu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368077/; classtype:trojan-activity;sid:84231177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368078)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gzsjed.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368078/; classtype:trojan-activity;sid:84231178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368069)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtapwo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368069/; classtype:trojan-activity;sid:84231169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368070)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zceyxg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368070/; classtype:trojan-activity;sid:84231170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368071)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvwent.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368071/; classtype:trojan-activity;sid:84231171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368066)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djtukm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368066/; classtype:trojan-activity;sid:84231166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368067)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yobune.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368067/; classtype:trojan-activity;sid:84231167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368068)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pysbgm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368068/; classtype:trojan-activity;sid:84231168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368062)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyxgwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368062/; classtype:trojan-activity;sid:84231162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368063)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxfodm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368063/; classtype:trojan-activity;sid:84231163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368064)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixveou.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368064/; classtype:trojan-activity;sid:84231164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368065)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chepkx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368065/; classtype:trojan-activity;sid:84231165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368059)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kwuisd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368059/; classtype:trojan-activity;sid:84231159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368060)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmsnvu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368060/; classtype:trojan-activity;sid:84231160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368061)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yjwuhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368061/; classtype:trojan-activity;sid:84231161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368057)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqhbyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368057/; classtype:trojan-activity;sid:84231157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368058)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tozpxi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368058/; classtype:trojan-activity;sid:84231158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368055)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ipcfyq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368055/; classtype:trojan-activity;sid:84231155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368056)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aspngf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368056/; classtype:trojan-activity;sid:84231156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368050)"; flow:established,from_client; content:"GET"; http_method; content:"/js/datkuq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368050/; classtype:trojan-activity;sid:84231150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368051)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uvkqxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368051/; classtype:trojan-activity;sid:84231151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368052)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hcgzyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368052/; classtype:trojan-activity;sid:84231152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368053)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tmgdkz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368053/; classtype:trojan-activity;sid:84231153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368054)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znrmco.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368054/; classtype:trojan-activity;sid:84231154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368047)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nyovtk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368047/; classtype:trojan-activity;sid:84231147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368048)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mierfl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368048/; classtype:trojan-activity;sid:84231148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368049)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xlwuak.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368049/; classtype:trojan-activity;sid:84231149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368043)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ygdluj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368043/; classtype:trojan-activity;sid:84231143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368044)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dkwozi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368044/; classtype:trojan-activity;sid:84231144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368045)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxkipn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368045/; classtype:trojan-activity;sid:84231145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368046)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbhwft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368046/; classtype:trojan-activity;sid:84231146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368037)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gansqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368037/; classtype:trojan-activity;sid:84231137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368038)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jyhdca.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368038/; classtype:trojan-activity;sid:84231138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368039)"; flow:established,from_client; content:"GET"; http_method; content:"/js/unpwzy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368039/; classtype:trojan-activity;sid:84231139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368040)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmfoys.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368040/; classtype:trojan-activity;sid:84231140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368041)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cnduef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368041/; classtype:trojan-activity;sid:84231141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368042)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vwqcpe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368042/; classtype:trojan-activity;sid:84231142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368036)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kemhaw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368036/; classtype:trojan-activity;sid:84231136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368031)"; flow:established,from_client; content:"GET"; http_method; content:"/js/shaovt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368031/; classtype:trojan-activity;sid:84231131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368032)"; flow:established,from_client; content:"GET"; http_method; content:"/js/szoujy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368032/; classtype:trojan-activity;sid:84231132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368033)"; flow:established,from_client; content:"GET"; http_method; content:"/js/okmnjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368033/; classtype:trojan-activity;sid:84231133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368034)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mcoftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368034/; classtype:trojan-activity;sid:84231134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368035)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wdaqet.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368035/; classtype:trojan-activity;sid:84231135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368027)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yrnebj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368027/; classtype:trojan-activity;sid:84231127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368028)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmfoys.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368028/; classtype:trojan-activity;sid:84231128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368029)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mdlnqa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368029/; classtype:trojan-activity;sid:84231129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368030)"; flow:established,from_client; content:"GET"; http_method; content:"/js/owzlim.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368030/; classtype:trojan-activity;sid:84231130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368023)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jsbkec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368023/; classtype:trojan-activity;sid:84231123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368024)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dnbuqz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368024/; classtype:trojan-activity;sid:84231124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368025)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mfpwko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368025/; classtype:trojan-activity;sid:84231125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368026)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jyochl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368026/; classtype:trojan-activity;sid:84231126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368019)"; flow:established,from_client; content:"GET"; http_method; content:"/js/itnuya.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368019/; classtype:trojan-activity;sid:84231119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368020)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djiowm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368020/; classtype:trojan-activity;sid:84231120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368021)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tgivra.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368021/; classtype:trojan-activity;sid:84231121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368022)"; flow:established,from_client; content:"GET"; http_method; content:"/js/clgkjd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368022/; classtype:trojan-activity;sid:84231122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368018)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvwent.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368018/; classtype:trojan-activity;sid:84231118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368013)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jyochl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368013/; classtype:trojan-activity;sid:84231113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368014)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wgsrda.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368014/; classtype:trojan-activity;sid:84231114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368015)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dperay.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368015/; classtype:trojan-activity;sid:84231115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368016)"; flow:established,from_client; content:"GET"; http_method; content:"/js/infbzq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368016/; classtype:trojan-activity;sid:84231116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368017)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyqbmx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368017/; classtype:trojan-activity;sid:84231117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368007)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifnvqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368007/; classtype:trojan-activity;sid:84231107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368008)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eaqbfm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368008/; classtype:trojan-activity;sid:84231108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368009)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kdoifn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368009/; classtype:trojan-activity;sid:84231109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368010)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxnzvl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368010/; classtype:trojan-activity;sid:84231110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368011)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnvzbd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368011/; classtype:trojan-activity;sid:84231111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368012)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aivfhm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368012/; classtype:trojan-activity;sid:84231112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368003)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xrwuby.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368003/; classtype:trojan-activity;sid:84231103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368004)"; flow:established,from_client; content:"GET"; http_method; content:"/js/csqhyv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368004/; classtype:trojan-activity;sid:84231104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368005)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aqbves.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368005/; classtype:trojan-activity;sid:84231105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368006)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vsxmok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368006/; classtype:trojan-activity;sid:84231106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367999)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vdqlnz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367999/; classtype:trojan-activity;sid:84231099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368000)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aipojd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368000/; classtype:trojan-activity;sid:84231100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368001)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jnlkap.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368001/; classtype:trojan-activity;sid:84231101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3368002)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qeklsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3368002/; classtype:trojan-activity;sid:84231102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367998)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dfrwix.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367998/; classtype:trojan-activity;sid:84231098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367994)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jmpion.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367994/; classtype:trojan-activity;sid:84231094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367995)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hzsfvj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367995/; classtype:trojan-activity;sid:84231095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367996)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skrbil.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367996/; classtype:trojan-activity;sid:84231096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367997)"; flow:established,from_client; content:"GET"; http_method; content:"/js/patlqx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367997/; classtype:trojan-activity;sid:84231097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367992)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hcgzyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367992/; classtype:trojan-activity;sid:84231092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367993)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kldhuq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367993/; classtype:trojan-activity;sid:84231093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367990)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hitguk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367990/; classtype:trojan-activity;sid:84231090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367991)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbkyud.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367991/; classtype:trojan-activity;sid:84231091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367985)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buzpag.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367985/; classtype:trojan-activity;sid:84231085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367986)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nfimsr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367986/; classtype:trojan-activity;sid:84231086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367987)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuvoxq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367987/; classtype:trojan-activity;sid:84231087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367988)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmsnvu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367988/; classtype:trojan-activity;sid:84231088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367989)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xanfzm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367989/; classtype:trojan-activity;sid:84231089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367980)"; flow:established,from_client; content:"GET"; http_method; content:"/js/infbzq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367980/; classtype:trojan-activity;sid:84231080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367981)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbuvxf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367981/; classtype:trojan-activity;sid:84231081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367982)"; flow:established,from_client; content:"GET"; http_method; content:"/js/priola.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367982/; classtype:trojan-activity;sid:84231082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367983)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnpqdk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367983/; classtype:trojan-activity;sid:84231083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367984)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zlsyom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367984/; classtype:trojan-activity;sid:84231084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367975)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zyhfex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367975/; classtype:trojan-activity;sid:84231075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367976)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xyijec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367976/; classtype:trojan-activity;sid:84231076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367977)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pgbokr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367977/; classtype:trojan-activity;sid:84231077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367978)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uqayrn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367978/; classtype:trojan-activity;sid:84231078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367979)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jetyiw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367979/; classtype:trojan-activity;sid:84231079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367968)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dmhjua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367968/; classtype:trojan-activity;sid:84231068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367969)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nmsujh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367969/; classtype:trojan-activity;sid:84231069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367970)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rbgovl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367970/; classtype:trojan-activity;sid:84231070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367971)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gmrkwh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367971/; classtype:trojan-activity;sid:84231071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367972)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taljsu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367972/; classtype:trojan-activity;sid:84231072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367973)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykgnts.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367973/; classtype:trojan-activity;sid:84231073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367974)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvrqtl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367974/; classtype:trojan-activity;sid:84231074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367965)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mevbzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367965/; classtype:trojan-activity;sid:84231065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367966)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vyiwbf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367966/; classtype:trojan-activity;sid:84231066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367967)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vsmdyo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367967/; classtype:trojan-activity;sid:84231067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367959)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhvgrs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367959/; classtype:trojan-activity;sid:84231059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367960)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxbgma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367960/; classtype:trojan-activity;sid:84231060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367961)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jfwdec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367961/; classtype:trojan-activity;sid:84231061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367962)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixveou.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367962/; classtype:trojan-activity;sid:84231062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367963)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bcvmok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367963/; classtype:trojan-activity;sid:84231063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367964)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wjqosp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367964/; classtype:trojan-activity;sid:84231064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367957)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcqjbh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367957/; classtype:trojan-activity;sid:84231057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367958)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vbxrsh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367958/; classtype:trojan-activity;sid:84231058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367953)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmzwhi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367953/; classtype:trojan-activity;sid:84231053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367954)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kyxnuf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367954/; classtype:trojan-activity;sid:84231054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367955)"; flow:established,from_client; content:"GET"; http_method; content:"/js/isygcv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367955/; classtype:trojan-activity;sid:84231055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367956)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhwepz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367956/; classtype:trojan-activity;sid:84231056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367951)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuvshm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367951/; classtype:trojan-activity;sid:84231051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367952)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lknfyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367952/; classtype:trojan-activity;sid:84231052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367946)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gbqisj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367946/; classtype:trojan-activity;sid:84231046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367947)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jfwdec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367947/; classtype:trojan-activity;sid:84231047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367948)"; flow:established,from_client; content:"GET"; http_method; content:"/js/twymph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367948/; classtype:trojan-activity;sid:84231048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367949)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xeymta.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367949/; classtype:trojan-activity;sid:84231049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367950)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kjnidy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367950/; classtype:trojan-activity;sid:84231050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367942)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmzwhi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367942/; classtype:trojan-activity;sid:84231042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367943)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vrdwne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367943/; classtype:trojan-activity;sid:84231043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367944)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hapjcf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367944/; classtype:trojan-activity;sid:84231044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367945)"; flow:established,from_client; content:"GET"; http_method; content:"/js/szoujy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367945/; classtype:trojan-activity;sid:84231045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367933)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uvkqxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367933/; classtype:trojan-activity;sid:84231033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367934)"; flow:established,from_client; content:"GET"; http_method; content:"/js/klydgb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367934/; classtype:trojan-activity;sid:84231034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367935)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnjvsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367935/; classtype:trojan-activity;sid:84231035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367936)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vwqcpe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367936/; classtype:trojan-activity;sid:84231036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367937)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cafshz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367937/; classtype:trojan-activity;sid:84231037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367938)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbuvxf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367938/; classtype:trojan-activity;sid:84231038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367939)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kjnidy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367939/; classtype:trojan-activity;sid:84231039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367940)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rqopna.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367940/; classtype:trojan-activity;sid:84231040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367941)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kjdzyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367941/; classtype:trojan-activity;sid:84231041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367929)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cdazps.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367929/; classtype:trojan-activity;sid:84231029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367930)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zibajo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367930/; classtype:trojan-activity;sid:84231030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367931)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yslwup.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367931/; classtype:trojan-activity;sid:84231031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367932)"; flow:established,from_client; content:"GET"; http_method; content:"/js/diktcx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367932/; classtype:trojan-activity;sid:84231032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367923)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fuedsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367923/; classtype:trojan-activity;sid:84231023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367924)"; flow:established,from_client; content:"GET"; http_method; content:"/js/othnqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367924/; classtype:trojan-activity;sid:84231024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367925)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bmcrfh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367925/; classtype:trojan-activity;sid:84231025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367926)"; flow:established,from_client; content:"GET"; http_method; content:"/js/knpfbu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367926/; classtype:trojan-activity;sid:84231026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367927)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvrqtl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367927/; classtype:trojan-activity;sid:84231027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367928)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gbmctf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367928/; classtype:trojan-activity;sid:84231028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367921)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifnvqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367921/; classtype:trojan-activity;sid:84231021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367922)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atrpjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367922/; classtype:trojan-activity;sid:84231022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367919)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hapjcf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367919/; classtype:trojan-activity;sid:84231019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367920)"; flow:established,from_client; content:"GET"; http_method; content:"/js/srnjva.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367920/; classtype:trojan-activity;sid:84231020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367915)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pnocqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367915/; classtype:trojan-activity;sid:84231015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367916)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpytjb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367916/; classtype:trojan-activity;sid:84231016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367917)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mljgai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367917/; classtype:trojan-activity;sid:84231017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367918)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idagyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367918/; classtype:trojan-activity;sid:84231018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367913)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whtjex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367913/; classtype:trojan-activity;sid:84231013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367914)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lafizx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367914/; classtype:trojan-activity;sid:84231014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367912)"; flow:established,from_client; content:"GET"; http_method; content:"/js/grwsed.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367912/; classtype:trojan-activity;sid:84231012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367906)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atjunw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367906/; classtype:trojan-activity;sid:84231006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367907)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zvqgph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367907/; classtype:trojan-activity;sid:84231007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367908)"; flow:established,from_client; content:"GET"; http_method; content:"/js/quwtdl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367908/; classtype:trojan-activity;sid:84231008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367909)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gjhoua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367909/; classtype:trojan-activity;sid:84231009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367910)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pzxrbd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367910/; classtype:trojan-activity;sid:84231010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367911)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iyjdpm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367911/; classtype:trojan-activity;sid:84231011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367901)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stejwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367901/; classtype:trojan-activity;sid:84231001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367902)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bnfzji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367902/; classtype:trojan-activity;sid:84231002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367903)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jgukrx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367903/; classtype:trojan-activity;sid:84231003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367904)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucvlao.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367904/; classtype:trojan-activity;sid:84231004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367905)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bgwdlq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367905/; classtype:trojan-activity;sid:84231005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367894)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ktxayf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367894/; classtype:trojan-activity;sid:84230994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367895)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpdjln.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367895/; classtype:trojan-activity;sid:84230995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367896)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jpwtkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367896/; classtype:trojan-activity;sid:84230996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367897)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dzayik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367897/; classtype:trojan-activity;sid:84230997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367898)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ewfshl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367898/; classtype:trojan-activity;sid:84230998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367899)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fnotqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367899/; classtype:trojan-activity;sid:84230999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367900)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmyijc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367900/; classtype:trojan-activity;sid:84231000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367890)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dzayik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367890/; classtype:trojan-activity;sid:84230990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367891)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rscwtp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367891/; classtype:trojan-activity;sid:84230991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367892)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rscwtp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367892/; classtype:trojan-activity;sid:84230992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367893)"; flow:established,from_client; content:"GET"; http_method; content:"/js/othnqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367893/; classtype:trojan-activity;sid:84230993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367886)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nxritz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367886/; classtype:trojan-activity;sid:84230986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367887)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bzclen.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367887/; classtype:trojan-activity;sid:84230987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367888)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bqpmtr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367888/; classtype:trojan-activity;sid:84230988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367889)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znqsod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367889/; classtype:trojan-activity;sid:84230989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367880)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idcfeg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367880/; classtype:trojan-activity;sid:84230980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367881)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tozpxi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367881/; classtype:trojan-activity;sid:84230981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367882)"; flow:established,from_client; content:"GET"; http_method; content:"/js/foskub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367882/; classtype:trojan-activity;sid:84230982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367883)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hjpgor.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367883/; classtype:trojan-activity;sid:84230983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367884)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fzcobw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367884/; classtype:trojan-activity;sid:84230984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367885)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buriep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367885/; classtype:trojan-activity;sid:84230985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367878)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jlmaci.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367878/; classtype:trojan-activity;sid:84230978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367879)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucanwd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367879/; classtype:trojan-activity;sid:84230979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367874)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fenxkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367874/; classtype:trojan-activity;sid:84230974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367875)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kawmyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367875/; classtype:trojan-activity;sid:84230975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367876)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hwpagq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367876/; classtype:trojan-activity;sid:84230976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367877)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xrwuby.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367877/; classtype:trojan-activity;sid:84230977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367873)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vdqlnz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367873/; classtype:trojan-activity;sid:84230973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367870)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfpukb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367870/; classtype:trojan-activity;sid:84230970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367871)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vrdwne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367871/; classtype:trojan-activity;sid:84230971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367872)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skjpfh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367872/; classtype:trojan-activity;sid:84230972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367865)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qjwnsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367865/; classtype:trojan-activity;sid:84230965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367866)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uvkqxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367866/; classtype:trojan-activity;sid:84230966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367867)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uilxhz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367867/; classtype:trojan-activity;sid:84230967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367868)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skjpfh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367868/; classtype:trojan-activity;sid:84230968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367869)"; flow:established,from_client; content:"GET"; http_method; content:"/js/afmjqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367869/; classtype:trojan-activity;sid:84230969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367861)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ldwnqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367861/; classtype:trojan-activity;sid:84230961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367862)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whokyr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367862/; classtype:trojan-activity;sid:84230962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367863)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sfxnlu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367863/; classtype:trojan-activity;sid:84230963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367864)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dkwozi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367864/; classtype:trojan-activity;sid:84230964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367855)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cirunm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367855/; classtype:trojan-activity;sid:84230955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367856)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zlsyom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367856/; classtype:trojan-activity;sid:84230956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367857)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wbsoxk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367857/; classtype:trojan-activity;sid:84230957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367858)"; flow:established,from_client; content:"GET"; http_method; content:"/js/arfejg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367858/; classtype:trojan-activity;sid:84230958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367859)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqyaix.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367859/; classtype:trojan-activity;sid:84230959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367860)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtnlzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367860/; classtype:trojan-activity;sid:84230960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367848)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxkipn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367848/; classtype:trojan-activity;sid:84230948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367849)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jyhdca.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367849/; classtype:trojan-activity;sid:84230949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367850)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cbpzji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367850/; classtype:trojan-activity;sid:84230950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367851)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ovnfdt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367851/; classtype:trojan-activity;sid:84230951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367852)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbhvcm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367852/; classtype:trojan-activity;sid:84230952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367853)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kjnidy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367853/; classtype:trojan-activity;sid:84230953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367854)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znxswu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367854/; classtype:trojan-activity;sid:84230954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367847)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kxcqzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367847/; classtype:trojan-activity;sid:84230947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367846)"; flow:established,from_client; content:"GET"; http_method; content:"/js/frcvbw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367846/; classtype:trojan-activity;sid:84230946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367840)"; flow:established,from_client; content:"GET"; http_method; content:"/js/owzlim.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367840/; classtype:trojan-activity;sid:84230940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367841)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lwpefs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367841/; classtype:trojan-activity;sid:84230941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367842)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xjkztu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367842/; classtype:trojan-activity;sid:84230942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367843)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xzinom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367843/; classtype:trojan-activity;sid:84230943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367844)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ymqxsp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367844/; classtype:trojan-activity;sid:84230944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367845)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uqayrn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367845/; classtype:trojan-activity;sid:84230945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367834)"; flow:established,from_client; content:"GET"; http_method; content:"/js/irmjwl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367834/; classtype:trojan-activity;sid:84230934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367835)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuvshm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367835/; classtype:trojan-activity;sid:84230935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367836)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mptsrb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367836/; classtype:trojan-activity;sid:84230936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367837)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cbftqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367837/; classtype:trojan-activity;sid:84230937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367838)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nmoyjz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367838/; classtype:trojan-activity;sid:84230938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367839)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhpkzx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367839/; classtype:trojan-activity;sid:84230939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367833)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cbftqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367833/; classtype:trojan-activity;sid:84230933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367832)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bymvne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367832/; classtype:trojan-activity;sid:84230932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367827)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mqufva.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367827/; classtype:trojan-activity;sid:84230927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367828)"; flow:established,from_client; content:"GET"; http_method; content:"/js/klydgb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367828/; classtype:trojan-activity;sid:84230928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367829)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qgjoih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367829/; classtype:trojan-activity;sid:84230929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367830)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hstjvf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367830/; classtype:trojan-activity;sid:84230930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367831)"; flow:established,from_client; content:"GET"; http_method; content:"/js/otlsbz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367831/; classtype:trojan-activity;sid:84230931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367823)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fuedsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367823/; classtype:trojan-activity;sid:84230923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367824)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjovbi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367824/; classtype:trojan-activity;sid:84230924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367825)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xlwuak.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367825/; classtype:trojan-activity;sid:84230925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367826)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hjpgor.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367826/; classtype:trojan-activity;sid:84230926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367820)"; flow:established,from_client; content:"GET"; http_method; content:"/js/efcwnv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367820/; classtype:trojan-activity;sid:84230920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367821)"; flow:established,from_client; content:"GET"; http_method; content:"/js/priola.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367821/; classtype:trojan-activity;sid:84230921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367822)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vlxcgi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367822/; classtype:trojan-activity;sid:84230922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367811)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bypvgu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367811/; classtype:trojan-activity;sid:84230911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367812)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qtplzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367812/; classtype:trojan-activity;sid:84230912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367813)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hufeid.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367813/; classtype:trojan-activity;sid:84230913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367814)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hrtncs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367814/; classtype:trojan-activity;sid:84230914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367815)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mfpwko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367815/; classtype:trojan-activity;sid:84230915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367816)"; flow:established,from_client; content:"GET"; http_method; content:"/js/arpufx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367816/; classtype:trojan-activity;sid:84230916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367817)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhqfza.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367817/; classtype:trojan-activity;sid:84230917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367818)"; flow:established,from_client; content:"GET"; http_method; content:"/js/muwtfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367818/; classtype:trojan-activity;sid:84230918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367819)"; flow:established,from_client; content:"GET"; http_method; content:"/js/decqzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367819/; classtype:trojan-activity;sid:84230919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367809)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hufeid.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367809/; classtype:trojan-activity;sid:84230909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367810)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cusemi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367810/; classtype:trojan-activity;sid:84230910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367804)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hvporw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367804/; classtype:trojan-activity;sid:84230904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367805)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idcfeg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367805/; classtype:trojan-activity;sid:84230905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367806)"; flow:established,from_client; content:"GET"; http_method; content:"/js/finksa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367806/; classtype:trojan-activity;sid:84230906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367807)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xgkhwm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367807/; classtype:trojan-activity;sid:84230907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367808)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hvporw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367808/; classtype:trojan-activity;sid:84230908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367801)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eucwkz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367801/; classtype:trojan-activity;sid:84230901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367802)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rufnbo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367802/; classtype:trojan-activity;sid:84230902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367803)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lhdswc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367803/; classtype:trojan-activity;sid:84230903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367798)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zhpgbr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367798/; classtype:trojan-activity;sid:84230898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367799)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qemywl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367799/; classtype:trojan-activity;sid:84230899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367800)"; flow:established,from_client; content:"GET"; http_method; content:"/js/veyrqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367800/; classtype:trojan-activity;sid:84230900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367796)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qltmuz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367796/; classtype:trojan-activity;sid:84230896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367797)"; flow:established,from_client; content:"GET"; http_method; content:"/js/alzgdf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367797/; classtype:trojan-activity;sid:84230897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367795)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftpido.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367795/; classtype:trojan-activity;sid:84230895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367789)"; flow:established,from_client; content:"GET"; http_method; content:"/js/alzgdf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367789/; classtype:trojan-activity;sid:84230889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367790)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixveou.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367790/; classtype:trojan-activity;sid:84230890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367791)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vdqlnz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367791/; classtype:trojan-activity;sid:84230891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367792)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhqfza.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367792/; classtype:trojan-activity;sid:84230892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367793)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqhbyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367793/; classtype:trojan-activity;sid:84230893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367794)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vcanft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367794/; classtype:trojan-activity;sid:84230894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367787)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idcbzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367787/; classtype:trojan-activity;sid:84230887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367788)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hcgzyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367788/; classtype:trojan-activity;sid:84230888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367776)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vyiwbf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367776/; classtype:trojan-activity;sid:84230876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367777)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ezpqta.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367777/; classtype:trojan-activity;sid:84230877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367778)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nmsujh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367778/; classtype:trojan-activity;sid:84230878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367779)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jktxoq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367779/; classtype:trojan-activity;sid:84230879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367780)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xskyft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367780/; classtype:trojan-activity;sid:84230880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367781)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kelsjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367781/; classtype:trojan-activity;sid:84230881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367782)"; flow:established,from_client; content:"GET"; http_method; content:"/js/efcwnv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367782/; classtype:trojan-activity;sid:84230882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367783)"; flow:established,from_client; content:"GET"; http_method; content:"/js/arfejg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367783/; classtype:trojan-activity;sid:84230883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367784)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pykqbg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367784/; classtype:trojan-activity;sid:84230884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367785)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zvqgph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367785/; classtype:trojan-activity;sid:84230885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367786)"; flow:established,from_client; content:"GET"; http_method; content:"/js/drgftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367786/; classtype:trojan-activity;sid:84230886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367772)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yhszqf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367772/; classtype:trojan-activity;sid:84230872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367773)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpglbq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367773/; classtype:trojan-activity;sid:84230873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367774)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mriwqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367774/; classtype:trojan-activity;sid:84230874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367775)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bksnzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367775/; classtype:trojan-activity;sid:84230875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367765)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dperay.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367765/; classtype:trojan-activity;sid:84230865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367766)"; flow:established,from_client; content:"GET"; http_method; content:"/js/arpufx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367766/; classtype:trojan-activity;sid:84230866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367767)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xotpfa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367767/; classtype:trojan-activity;sid:84230867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367768)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uxqhds.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367768/; classtype:trojan-activity;sid:84230868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367769)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aqbves.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367769/; classtype:trojan-activity;sid:84230869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367770)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkerly.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367770/; classtype:trojan-activity;sid:84230870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367771)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nmoyjz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367771/; classtype:trojan-activity;sid:84230871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367764)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uidphw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367764/; classtype:trojan-activity;sid:84230864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367760)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kltrfy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367760/; classtype:trojan-activity;sid:84230860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367761)"; flow:established,from_client; content:"GET"; http_method; content:"/js/afmjqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367761/; classtype:trojan-activity;sid:84230861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367762)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wquabs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367762/; classtype:trojan-activity;sid:84230862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367763)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mqufva.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367763/; classtype:trojan-activity;sid:84230863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367759)"; flow:established,from_client; content:"GET"; http_method; content:"/js/esagwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367759/; classtype:trojan-activity;sid:84230859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367758)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wrdyti.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367758/; classtype:trojan-activity;sid:84230858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367757)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kawmyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367757/; classtype:trojan-activity;sid:84230857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367756)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yqnoez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367756/; classtype:trojan-activity;sid:84230856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367755)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wzuigr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367755/; classtype:trojan-activity;sid:84230855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367747)"; flow:established,from_client; content:"GET"; http_method; content:"/js/unpwzy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367747/; classtype:trojan-activity;sid:84230847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367748)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taypgl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367748/; classtype:trojan-activity;sid:84230848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367749)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yqnoez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367749/; classtype:trojan-activity;sid:84230849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367750)"; flow:established,from_client; content:"GET"; http_method; content:"/js/afmjqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367750/; classtype:trojan-activity;sid:84230850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367751)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xuzens.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367751/; classtype:trojan-activity;sid:84230851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367752)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjshmy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367752/; classtype:trojan-activity;sid:84230852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367753)"; flow:established,from_client; content:"GET"; http_method; content:"/js/smabhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367753/; classtype:trojan-activity;sid:84230853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367754)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atrpjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367754/; classtype:trojan-activity;sid:84230854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367737)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnmyqi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367737/; classtype:trojan-activity;sid:84230837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367738)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnjwvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367738/; classtype:trojan-activity;sid:84230838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367739)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gfsplo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367739/; classtype:trojan-activity;sid:84230839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367740)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vsxmok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367740/; classtype:trojan-activity;sid:84230840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367741)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyvhof.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367741/; classtype:trojan-activity;sid:84230841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367742)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zjvmgx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367742/; classtype:trojan-activity;sid:84230842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367743)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idcbzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367743/; classtype:trojan-activity;sid:84230843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367744)"; flow:established,from_client; content:"GET"; http_method; content:"/js/piwvzg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367744/; classtype:trojan-activity;sid:84230844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367745)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fuedsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367745/; classtype:trojan-activity;sid:84230845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367746)"; flow:established,from_client; content:"GET"; http_method; content:"/js/piwvzg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367746/; classtype:trojan-activity;sid:84230846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367730)"; flow:established,from_client; content:"GET"; http_method; content:"/js/thlvcq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367730/; classtype:trojan-activity;sid:84230830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367731)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrdywl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367731/; classtype:trojan-activity;sid:84230831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367732)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mcoftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367732/; classtype:trojan-activity;sid:84230832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367733)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yslwup.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367733/; classtype:trojan-activity;sid:84230833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367734)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znxswu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367734/; classtype:trojan-activity;sid:84230834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367735)"; flow:established,from_client; content:"GET"; http_method; content:"/js/medsqw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367735/; classtype:trojan-activity;sid:84230835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367736)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fenjvr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367736/; classtype:trojan-activity;sid:84230836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367727)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gevhks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367727/; classtype:trojan-activity;sid:84230827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367728)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnxjiu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367728/; classtype:trojan-activity;sid:84230828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367729)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvohfy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367729/; classtype:trojan-activity;sid:84230829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367724)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftnyxj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367724/; classtype:trojan-activity;sid:84230824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367725)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tfezuo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367725/; classtype:trojan-activity;sid:84230825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367726)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zibajo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367726/; classtype:trojan-activity;sid:84230826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367722)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ogimzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367722/; classtype:trojan-activity;sid:84230822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367723)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdzhjl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367723/; classtype:trojan-activity;sid:84230823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367721)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kfqilh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367721/; classtype:trojan-activity;sid:84230821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367718)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dkwozi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367718/; classtype:trojan-activity;sid:84230818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367719)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ickxdv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367719/; classtype:trojan-activity;sid:84230819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367720)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gansqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367720/; classtype:trojan-activity;sid:84230820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367715)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nadbor.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367715/; classtype:trojan-activity;sid:84230815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367716)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bpyjmd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367716/; classtype:trojan-activity;sid:84230816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367717)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hufeid.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367717/; classtype:trojan-activity;sid:84230817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367713)"; flow:established,from_client; content:"GET"; http_method; content:"/js/paifct.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367713/; classtype:trojan-activity;sid:84230813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367714)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqyaix.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367714/; classtype:trojan-activity;sid:84230814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367712)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skhjtc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367712/; classtype:trojan-activity;sid:84230812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367704)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qgjoih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367704/; classtype:trojan-activity;sid:84230804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367705)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qldugb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367705/; classtype:trojan-activity;sid:84230805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367706)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wbsoxk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367706/; classtype:trojan-activity;sid:84230806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367707)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ickxdv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367707/; classtype:trojan-activity;sid:84230807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367708)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whtjex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367708/; classtype:trojan-activity;sid:84230808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367709)"; flow:established,from_client; content:"GET"; http_method; content:"/js/diktcx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367709/; classtype:trojan-activity;sid:84230809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367710)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftnyxj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367710/; classtype:trojan-activity;sid:84230810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367711)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xgkhwm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367711/; classtype:trojan-activity;sid:84230811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367695)"; flow:established,from_client; content:"GET"; http_method; content:"/js/finksa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367695/; classtype:trojan-activity;sid:84230795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367696)"; flow:established,from_client; content:"GET"; http_method; content:"/js/conuwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367696/; classtype:trojan-activity;sid:84230796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367697)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dimekn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367697/; classtype:trojan-activity;sid:84230797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367698)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbkyud.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367698/; classtype:trojan-activity;sid:84230798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367699)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpglbq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367699/; classtype:trojan-activity;sid:84230799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367700)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ctrnow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367700/; classtype:trojan-activity;sid:84230800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367701)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zawmxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367701/; classtype:trojan-activity;sid:84230801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367702)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltpmzy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367702/; classtype:trojan-activity;sid:84230802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367703)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zvhmne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367703/; classtype:trojan-activity;sid:84230803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367686)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zawmxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367686/; classtype:trojan-activity;sid:84230786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367687)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyxudg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367687/; classtype:trojan-activity;sid:84230787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367688)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wquabs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367688/; classtype:trojan-activity;sid:84230788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367689)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjdkeq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367689/; classtype:trojan-activity;sid:84230789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367690)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cfjrvu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367690/; classtype:trojan-activity;sid:84230790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367691)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ezpqta.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367691/; classtype:trojan-activity;sid:84230791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367692)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyxgwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367692/; classtype:trojan-activity;sid:84230792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367693)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aybfme.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367693/; classtype:trojan-activity;sid:84230793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367694)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcqidx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367694/; classtype:trojan-activity;sid:84230794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367684)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uqayrn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367684/; classtype:trojan-activity;sid:84230784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367685)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qycavu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367685/; classtype:trojan-activity;sid:84230785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367683)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eicbgw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367683/; classtype:trojan-activity;sid:84230783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367681)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buzpag.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367681/; classtype:trojan-activity;sid:84230781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367682)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jtnebv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367682/; classtype:trojan-activity;sid:84230782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367680)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzdvkx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367680/; classtype:trojan-activity;sid:84230780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367678)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nkdqcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367678/; classtype:trojan-activity;sid:84230778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367679)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uszyql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367679/; classtype:trojan-activity;sid:84230779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367676)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifzcar.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367676/; classtype:trojan-activity;sid:84230776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367677)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lhdswc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367677/; classtype:trojan-activity;sid:84230777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367674)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xyijec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367674/; classtype:trojan-activity;sid:84230774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367675)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yjwuhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367675/; classtype:trojan-activity;sid:84230775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367673)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qldugb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367673/; classtype:trojan-activity;sid:84230773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367668)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apwisr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367668/; classtype:trojan-activity;sid:84230768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367669)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzxdwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367669/; classtype:trojan-activity;sid:84230769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367670)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mkughj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367670/; classtype:trojan-activity;sid:84230770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367671)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbomky.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367671/; classtype:trojan-activity;sid:84230771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367672)"; flow:established,from_client; content:"GET"; http_method; content:"/js/godukp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367672/; classtype:trojan-activity;sid:84230772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367654)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjukql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367654/; classtype:trojan-activity;sid:84230754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367655)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aybfme.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367655/; classtype:trojan-activity;sid:84230755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367656)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nadbor.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367656/; classtype:trojan-activity;sid:84230756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367657)"; flow:established,from_client; content:"GET"; http_method; content:"/js/smabhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367657/; classtype:trojan-activity;sid:84230757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367658)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jbougr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367658/; classtype:trojan-activity;sid:84230758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367659)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qcfibe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367659/; classtype:trojan-activity;sid:84230759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367660)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vwqcpe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367660/; classtype:trojan-activity;sid:84230760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367661)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ncmzei.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367661/; classtype:trojan-activity;sid:84230761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367662)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kdoifn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367662/; classtype:trojan-activity;sid:84230762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367663)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cljokq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367663/; classtype:trojan-activity;sid:84230763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367664)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sghoik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367664/; classtype:trojan-activity;sid:84230764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367665)"; flow:established,from_client; content:"GET"; http_method; content:"/js/muwtfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367665/; classtype:trojan-activity;sid:84230765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367666)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bksnzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367666/; classtype:trojan-activity;sid:84230766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367667)"; flow:established,from_client; content:"GET"; http_method; content:"/js/muwtfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367667/; classtype:trojan-activity;sid:84230767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367647)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmexdh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367647/; classtype:trojan-activity;sid:84230747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367648)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnviot.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367648/; classtype:trojan-activity;sid:84230748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367649)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wmlxpy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367649/; classtype:trojan-activity;sid:84230749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367650)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vgzdto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367650/; classtype:trojan-activity;sid:84230750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367651)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djiowm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367651/; classtype:trojan-activity;sid:84230751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367652)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lczntq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367652/; classtype:trojan-activity;sid:84230752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367653)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sghoik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367653/; classtype:trojan-activity;sid:84230753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367644)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnmyqi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367644/; classtype:trojan-activity;sid:84230744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367645)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zlsyom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367645/; classtype:trojan-activity;sid:84230745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367646)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vlxcgi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367646/; classtype:trojan-activity;sid:84230746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367642)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dimekn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367642/; classtype:trojan-activity;sid:84230742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367643)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uilxhz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367643/; classtype:trojan-activity;sid:84230743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367639)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zljwks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367639/; classtype:trojan-activity;sid:84230739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367640)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fljxes.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367640/; classtype:trojan-activity;sid:84230740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367641)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrkfvd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367641/; classtype:trojan-activity;sid:84230741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367638)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gvqkyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367638/; classtype:trojan-activity;sid:84230738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367637)"; flow:established,from_client; content:"GET"; http_method; content:"/js/knpfbu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367637/; classtype:trojan-activity;sid:84230737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367636)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uejzgw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367636/; classtype:trojan-activity;sid:84230736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367633)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnvzbd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367633/; classtype:trojan-activity;sid:84230733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367634)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eicbgw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367634/; classtype:trojan-activity;sid:84230734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367635)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kxcqzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367635/; classtype:trojan-activity;sid:84230735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367631)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltdnki.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367631/; classtype:trojan-activity;sid:84230731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367632)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdmvrk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367632/; classtype:trojan-activity;sid:84230732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367629)"; flow:established,from_client; content:"GET"; http_method; content:"/js/clwnai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367629/; classtype:trojan-activity;sid:84230729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367630)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xotpfa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367630/; classtype:trojan-activity;sid:84230730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367624)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkocxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367624/; classtype:trojan-activity;sid:84230724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367625)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kltrfy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367625/; classtype:trojan-activity;sid:84230725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367626)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ehsail.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367626/; classtype:trojan-activity;sid:84230726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367627)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftnyxj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367627/; classtype:trojan-activity;sid:84230727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367628)"; flow:established,from_client; content:"GET"; http_method; content:"/js/exnwkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367628/; classtype:trojan-activity;sid:84230728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367622)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mgfldi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367622/; classtype:trojan-activity;sid:84230722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367623)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmszvh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367623/; classtype:trojan-activity;sid:84230723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367613)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jnfesb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367613/; classtype:trojan-activity;sid:84230713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367614)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eivhfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367614/; classtype:trojan-activity;sid:84230714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367615)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zqugpa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367615/; classtype:trojan-activity;sid:84230715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367616)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chvjrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367616/; classtype:trojan-activity;sid:84230716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367617)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sjqmxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367617/; classtype:trojan-activity;sid:84230717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367618)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dsoayr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367618/; classtype:trojan-activity;sid:84230718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367619)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hcsftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367619/; classtype:trojan-activity;sid:84230719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367620)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eicbgw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367620/; classtype:trojan-activity;sid:84230720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367621)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mcoftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367621/; classtype:trojan-activity;sid:84230721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367612)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qasuzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367612/; classtype:trojan-activity;sid:84230712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367608)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jnfesb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367608/; classtype:trojan-activity;sid:84230708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367609)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrfxqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367609/; classtype:trojan-activity;sid:84230709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367610)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yvetcg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367610/; classtype:trojan-activity;sid:84230710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367611)"; flow:established,from_client; content:"GET"; http_method; content:"/js/exjfba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367611/; classtype:trojan-activity;sid:84230711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367600)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uejzgw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367600/; classtype:trojan-activity;sid:84230700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367601)"; flow:established,from_client; content:"GET"; http_method; content:"/js/arpufx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367601/; classtype:trojan-activity;sid:84230701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367602)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mgfldi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367602/; classtype:trojan-activity;sid:84230702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367603)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fenxkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367603/; classtype:trojan-activity;sid:84230703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367604)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hsalxw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367604/; classtype:trojan-activity;sid:84230704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367605)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dawgjr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367605/; classtype:trojan-activity;sid:84230705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367606)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pysbgm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367606/; classtype:trojan-activity;sid:84230706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367607)"; flow:established,from_client; content:"GET"; http_method; content:"/js/deirlj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367607/; classtype:trojan-activity;sid:84230707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367598)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fsxjnk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367598/; classtype:trojan-activity;sid:84230698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367599)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zqugpa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367599/; classtype:trojan-activity;sid:84230699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367595)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrfxqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367595/; classtype:trojan-activity;sid:84230695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367596)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrdywl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367596/; classtype:trojan-activity;sid:84230696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367597)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xevfyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367597/; classtype:trojan-activity;sid:84230697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367592)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ndarqe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367592/; classtype:trojan-activity;sid:84230692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367593)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skrbil.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367593/; classtype:trojan-activity;sid:84230693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367594)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xotpfa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367594/; classtype:trojan-activity;sid:84230694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367591)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fdujrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367591/; classtype:trojan-activity;sid:84230691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367589)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fdujrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367589/; classtype:trojan-activity;sid:84230689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367590)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kelsjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367590/; classtype:trojan-activity;sid:84230690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367588)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhpkzx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367588/; classtype:trojan-activity;sid:84230688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367584)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nkdqcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367584/; classtype:trojan-activity;sid:84230684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367585)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yxkdji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367585/; classtype:trojan-activity;sid:84230685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367586)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bypvgu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367586/; classtype:trojan-activity;sid:84230686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367587)"; flow:established,from_client; content:"GET"; http_method; content:"/js/infbzq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367587/; classtype:trojan-activity;sid:84230687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367577)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gipart.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367577/; classtype:trojan-activity;sid:84230677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367578)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ydsuwj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367578/; classtype:trojan-activity;sid:84230678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367579)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pecfql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367579/; classtype:trojan-activity;sid:84230679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367580)"; flow:established,from_client; content:"GET"; http_method; content:"/js/datkuq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367580/; classtype:trojan-activity;sid:84230680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367581)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nmoyjz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367581/; classtype:trojan-activity;sid:84230681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367582)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mapjte.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367582/; classtype:trojan-activity;sid:84230682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367583)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hljwts.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367583/; classtype:trojan-activity;sid:84230683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367574)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xeymta.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367574/; classtype:trojan-activity;sid:84230674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367575)"; flow:established,from_client; content:"GET"; http_method; content:"/js/patlqx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367575/; classtype:trojan-activity;sid:84230675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367576)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bpyjmd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367576/; classtype:trojan-activity;sid:84230676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367563)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pecfql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367563/; classtype:trojan-activity;sid:84230663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367564)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glkovy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367564/; classtype:trojan-activity;sid:84230664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367565)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wdgbif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367565/; classtype:trojan-activity;sid:84230665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367566)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zjvmgx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367566/; classtype:trojan-activity;sid:84230666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367567)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gmrkwh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367567/; classtype:trojan-activity;sid:84230667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367568)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dimekn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367568/; classtype:trojan-activity;sid:84230668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367569)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gzsjed.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367569/; classtype:trojan-activity;sid:84230669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367570)"; flow:established,from_client; content:"GET"; http_method; content:"/js/umzebq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367570/; classtype:trojan-activity;sid:84230670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367571)"; flow:established,from_client; content:"GET"; http_method; content:"/js/athupi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367571/; classtype:trojan-activity;sid:84230671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367572)"; flow:established,from_client; content:"GET"; http_method; content:"/js/umzebq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367572/; classtype:trojan-activity;sid:84230672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367573)"; flow:established,from_client; content:"GET"; http_method; content:"/js/razcsu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367573/; classtype:trojan-activity;sid:84230673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367557)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lknfyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367557/; classtype:trojan-activity;sid:84230657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367558)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ivhuox.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367558/; classtype:trojan-activity;sid:84230658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367559)"; flow:established,from_client; content:"GET"; http_method; content:"/js/drgftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367559/; classtype:trojan-activity;sid:84230659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367560)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnjwvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367560/; classtype:trojan-activity;sid:84230660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367561)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kshmaz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367561/; classtype:trojan-activity;sid:84230661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367562)"; flow:established,from_client; content:"GET"; http_method; content:"/js/enhozf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367562/; classtype:trojan-activity;sid:84230662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367555)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ehsail.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367555/; classtype:trojan-activity;sid:84230655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367556)"; flow:established,from_client; content:"GET"; http_method; content:"/js/clgkjd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367556/; classtype:trojan-activity;sid:84230656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367553)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kfqilh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367553/; classtype:trojan-activity;sid:84230653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367554)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rufnbo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367554/; classtype:trojan-activity;sid:84230654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367552)"; flow:established,from_client; content:"GET"; http_method; content:"/js/emuzcj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367552/; classtype:trojan-activity;sid:84230652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367549)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fwtgdn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367549/; classtype:trojan-activity;sid:84230649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367550)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atbmcv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367550/; classtype:trojan-activity;sid:84230650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367551)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jeighd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367551/; classtype:trojan-activity;sid:84230651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367548)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bzclen.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367548/; classtype:trojan-activity;sid:84230648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367545)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmcsue.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367545/; classtype:trojan-activity;sid:84230645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367546)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kltrfy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367546/; classtype:trojan-activity;sid:84230646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367547)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yitvba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367547/; classtype:trojan-activity;sid:84230647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367541)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnudjm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367541/; classtype:trojan-activity;sid:84230641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367542)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vbxrsh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367542/; classtype:trojan-activity;sid:84230642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367543)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uxqhds.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367543/; classtype:trojan-activity;sid:84230643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367544)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zcjdmh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367544/; classtype:trojan-activity;sid:84230644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367533)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yrnebj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367533/; classtype:trojan-activity;sid:84230633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367534)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eyxpjz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367534/; classtype:trojan-activity;sid:84230634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367535)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buzpag.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367535/; classtype:trojan-activity;sid:84230635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367536)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xuzens.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367536/; classtype:trojan-activity;sid:84230636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367537)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnjvsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367537/; classtype:trojan-activity;sid:84230637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367538)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxfodm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367538/; classtype:trojan-activity;sid:84230638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367539)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfbxjn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367539/; classtype:trojan-activity;sid:84230639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367540)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrdywl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367540/; classtype:trojan-activity;sid:84230640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367524)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yxkdji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367524/; classtype:trojan-activity;sid:84230624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367525)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pzxrbd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367525/; classtype:trojan-activity;sid:84230625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367526)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kjdzyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367526/; classtype:trojan-activity;sid:84230626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367527)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mkughj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367527/; classtype:trojan-activity;sid:84230627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367528)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bcertv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367528/; classtype:trojan-activity;sid:84230628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367529)"; flow:established,from_client; content:"GET"; http_method; content:"/js/flehbm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367529/; classtype:trojan-activity;sid:84230629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367530)"; flow:established,from_client; content:"GET"; http_method; content:"/js/finksa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367530/; classtype:trojan-activity;sid:84230630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367531)"; flow:established,from_client; content:"GET"; http_method; content:"/js/owzlim.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367531/; classtype:trojan-activity;sid:84230631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367532)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iyjdpm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367532/; classtype:trojan-activity;sid:84230632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367517)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uregky.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367517/; classtype:trojan-activity;sid:84230617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367518)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dperay.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367518/; classtype:trojan-activity;sid:84230618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367519)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dmhjua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367519/; classtype:trojan-activity;sid:84230619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367520)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lfsniz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367520/; classtype:trojan-activity;sid:84230620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367521)"; flow:established,from_client; content:"GET"; http_method; content:"/js/juvwhm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367521/; classtype:trojan-activity;sid:84230621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367522)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnpqdk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367522/; classtype:trojan-activity;sid:84230622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367523)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hamefz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367523/; classtype:trojan-activity;sid:84230623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367515)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykznlv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367515/; classtype:trojan-activity;sid:84230615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367516)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uhbnzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367516/; classtype:trojan-activity;sid:84230616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367514)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fgkiep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367514/; classtype:trojan-activity;sid:84230614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367512)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdzhjl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367512/; classtype:trojan-activity;sid:84230612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367513)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lafizx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367513/; classtype:trojan-activity;sid:84230613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367510)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hamefz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367510/; classtype:trojan-activity;sid:84230610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367511)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stejwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367511/; classtype:trojan-activity;sid:84230611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367509)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzbcfd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367509/; classtype:trojan-activity;sid:84230609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367507)"; flow:established,from_client; content:"GET"; http_method; content:"/js/suizdx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367507/; classtype:trojan-activity;sid:84230607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367508)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnpqdk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367508/; classtype:trojan-activity;sid:84230608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367506)"; flow:established,from_client; content:"GET"; http_method; content:"/js/medsqw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367506/; classtype:trojan-activity;sid:84230606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367503)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fconkp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367503/; classtype:trojan-activity;sid:84230603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367504)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zljwks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367504/; classtype:trojan-activity;sid:84230604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367505)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qtplzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367505/; classtype:trojan-activity;sid:84230605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367499)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vzenut.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367499/; classtype:trojan-activity;sid:84230599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367500)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taypgl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367500/; classtype:trojan-activity;sid:84230600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367501)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nsvtqg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367501/; classtype:trojan-activity;sid:84230601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367502)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbuvxf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367502/; classtype:trojan-activity;sid:84230602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367490)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vexzha.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367490/; classtype:trojan-activity;sid:84230590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367491)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yamlwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367491/; classtype:trojan-activity;sid:84230591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367492)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbaylw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367492/; classtype:trojan-activity;sid:84230592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367493)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fenjvr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367493/; classtype:trojan-activity;sid:84230593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367494)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dsoayr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367494/; classtype:trojan-activity;sid:84230594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367495)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfpukb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367495/; classtype:trojan-activity;sid:84230595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367496)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mapjte.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367496/; classtype:trojan-activity;sid:84230596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367497)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idcbzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367497/; classtype:trojan-activity;sid:84230597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367498)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fltyha.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367498/; classtype:trojan-activity;sid:84230598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367480)"; flow:established,from_client; content:"GET"; http_method; content:"/js/adchfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367480/; classtype:trojan-activity;sid:84230580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367481)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gotnlm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367481/; classtype:trojan-activity;sid:84230581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367482)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vexzha.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367482/; classtype:trojan-activity;sid:84230582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367483)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zcjdmh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367483/; classtype:trojan-activity;sid:84230583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367484)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kvjcwu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367484/; classtype:trojan-activity;sid:84230584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367485)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdmvrk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367485/; classtype:trojan-activity;sid:84230585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367486)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmfoys.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367486/; classtype:trojan-activity;sid:84230586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367487)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cagesr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367487/; classtype:trojan-activity;sid:84230587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367488)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ctrnow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367488/; classtype:trojan-activity;sid:84230588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367489)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dhkuol.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367489/; classtype:trojan-activity;sid:84230589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367478)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qltmuz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367478/; classtype:trojan-activity;sid:84230578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367479)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rbgovl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367479/; classtype:trojan-activity;sid:84230579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367477)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xlgyhf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367477/; classtype:trojan-activity;sid:84230577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367476)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tmgdkz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367476/; classtype:trojan-activity;sid:84230576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367474)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jmpion.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367474/; classtype:trojan-activity;sid:84230574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367475)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glkovy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367475/; classtype:trojan-activity;sid:84230575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367472)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skrbil.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367472/; classtype:trojan-activity;sid:84230572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367473)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qgjoih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367473/; classtype:trojan-activity;sid:84230573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367469)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mriwqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367469/; classtype:trojan-activity;sid:84230569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367470)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ukfjeq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367470/; classtype:trojan-activity;sid:84230570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367471)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gsaqhu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367471/; classtype:trojan-activity;sid:84230571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367468)"; flow:established,from_client; content:"GET"; http_method; content:"/js/flehbm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367468/; classtype:trojan-activity;sid:84230568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367464)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bymvne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367464/; classtype:trojan-activity;sid:84230564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367465)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxbgma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367465/; classtype:trojan-activity;sid:84230565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367466)"; flow:established,from_client; content:"GET"; http_method; content:"/js/stbyrl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367466/; classtype:trojan-activity;sid:84230566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367467)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjovbi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367467/; classtype:trojan-activity;sid:84230567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367461)"; flow:established,from_client; content:"GET"; http_method; content:"/js/datkuq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367461/; classtype:trojan-activity;sid:84230561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367462)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbvqma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367462/; classtype:trojan-activity;sid:84230562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367463)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vnmizb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367463/; classtype:trojan-activity;sid:84230563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367455)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atrpjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367455/; classtype:trojan-activity;sid:84230555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367456)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcqidx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367456/; classtype:trojan-activity;sid:84230556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367457)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbhvcm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367457/; classtype:trojan-activity;sid:84230557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367458)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vgzdto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367458/; classtype:trojan-activity;sid:84230558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367459)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkerly.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367459/; classtype:trojan-activity;sid:84230559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367460)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ivhuox.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367460/; classtype:trojan-activity;sid:84230560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367449)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qpszhk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367449/; classtype:trojan-activity;sid:84230549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367450)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjukql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367450/; classtype:trojan-activity;sid:84230550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367451)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chvjrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367451/; classtype:trojan-activity;sid:84230551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367452)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ovnfdt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367452/; classtype:trojan-activity;sid:84230552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367453)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ncmzei.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367453/; classtype:trojan-activity;sid:84230553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367454)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hapjcf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367454/; classtype:trojan-activity;sid:84230554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367442)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mfzwxd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367442/; classtype:trojan-activity;sid:84230542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367443)"; flow:established,from_client; content:"GET"; http_method; content:"/js/frcvbw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367443/; classtype:trojan-activity;sid:84230543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367444)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nxritz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367444/; classtype:trojan-activity;sid:84230544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367445)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifzcar.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367445/; classtype:trojan-activity;sid:84230545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367446)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ymqxsp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367446/; classtype:trojan-activity;sid:84230546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367447)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpytjb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367447/; classtype:trojan-activity;sid:84230547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367448)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gipart.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367448/; classtype:trojan-activity;sid:84230548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367437)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gevhks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367437/; classtype:trojan-activity;sid:84230537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367438)"; flow:established,from_client; content:"GET"; http_method; content:"/js/flehbm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367438/; classtype:trojan-activity;sid:84230538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367439)"; flow:established,from_client; content:"GET"; http_method; content:"/js/epmtcs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367439/; classtype:trojan-activity;sid:84230539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367440)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvohfy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367440/; classtype:trojan-activity;sid:84230540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367441)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fsuepy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367441/; classtype:trojan-activity;sid:84230541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367436)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lsovum.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367436/; classtype:trojan-activity;sid:84230536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367435)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xzngir.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367435/; classtype:trojan-activity;sid:84230535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367431)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ptvnkh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367431/; classtype:trojan-activity;sid:84230531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367432)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cafshz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367432/; classtype:trojan-activity;sid:84230532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367433)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sdfjyu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367433/; classtype:trojan-activity;sid:84230533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367434)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykxupl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367434/; classtype:trojan-activity;sid:84230534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367430)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kdoifn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367430/; classtype:trojan-activity;sid:84230530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367428)"; flow:established,from_client; content:"GET"; http_method; content:"/js/itnuya.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367428/; classtype:trojan-activity;sid:84230528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367429)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzxdwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367429/; classtype:trojan-activity;sid:84230529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367424)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zyhfex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367424/; classtype:trojan-activity;sid:84230524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367425)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wbsoxk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367425/; classtype:trojan-activity;sid:84230525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367426)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wjqosp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367426/; classtype:trojan-activity;sid:84230526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367427)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sezmlk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367427/; classtype:trojan-activity;sid:84230527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367421)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnudjm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367421/; classtype:trojan-activity;sid:84230521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367422)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vgzdto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367422/; classtype:trojan-activity;sid:84230522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367423)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mdlnqa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367423/; classtype:trojan-activity;sid:84230523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367416)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucanwd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367416/; classtype:trojan-activity;sid:84230516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367417)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wzuigr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367417/; classtype:trojan-activity;sid:84230517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367418)"; flow:established,from_client; content:"GET"; http_method; content:"/js/medsqw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367418/; classtype:trojan-activity;sid:84230518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367419)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbaylw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367419/; classtype:trojan-activity;sid:84230519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367420)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eytofc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367420/; classtype:trojan-activity;sid:84230520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367411)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gvqkyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367411/; classtype:trojan-activity;sid:84230511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367412)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjshmy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367412/; classtype:trojan-activity;sid:84230512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367413)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ydsuwj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367413/; classtype:trojan-activity;sid:84230513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367414)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rufnbo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367414/; classtype:trojan-activity;sid:84230514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367415)"; flow:established,from_client; content:"GET"; http_method; content:"/js/veyrqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367415/; classtype:trojan-activity;sid:84230515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367408)"; flow:established,from_client; content:"GET"; http_method; content:"/js/txwhkb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367408/; classtype:trojan-activity;sid:84230508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367409)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vsxmok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367409/; classtype:trojan-activity;sid:84230509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367410)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bcertv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367410/; classtype:trojan-activity;sid:84230510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367399)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apwisr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367399/; classtype:trojan-activity;sid:84230499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367400)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kshmaz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367400/; classtype:trojan-activity;sid:84230500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367401)"; flow:established,from_client; content:"GET"; http_method; content:"/js/paifct.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367401/; classtype:trojan-activity;sid:84230501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367402)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ehwdpq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367402/; classtype:trojan-activity;sid:84230502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367403)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taljsu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367403/; classtype:trojan-activity;sid:84230503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367404)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucanwd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367404/; classtype:trojan-activity;sid:84230504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367405)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eytofc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367405/; classtype:trojan-activity;sid:84230505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367406)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znrmco.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367406/; classtype:trojan-activity;sid:84230506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367407)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ukfjeq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367407/; classtype:trojan-activity;sid:84230507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367396)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cexudy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367396/; classtype:trojan-activity;sid:84230496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367397)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hjpgor.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367397/; classtype:trojan-activity;sid:84230497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367398)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fgkiep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367398/; classtype:trojan-activity;sid:84230498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367395)"; flow:established,from_client; content:"GET"; http_method; content:"/js/drgftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367395/; classtype:trojan-activity;sid:84230495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367394)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zjvmgx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367394/; classtype:trojan-activity;sid:84230494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367392)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wdaqet.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367392/; classtype:trojan-activity;sid:84230492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367393)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mfpwko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367393/; classtype:trojan-activity;sid:84230493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367390)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvzyka.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367390/; classtype:trojan-activity;sid:84230490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367391)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftgiow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367391/; classtype:trojan-activity;sid:84230491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367385)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhvuqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367385/; classtype:trojan-activity;sid:84230485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367386)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jbougr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367386/; classtype:trojan-activity;sid:84230486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367387)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ypevoz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367387/; classtype:trojan-activity;sid:84230487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367388)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zceyxg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367388/; classtype:trojan-activity;sid:84230488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367389)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bazydn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367389/; classtype:trojan-activity;sid:84230489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367384)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cexudy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367384/; classtype:trojan-activity;sid:84230484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367381)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aweqxl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367381/; classtype:trojan-activity;sid:84230481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367382)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qatijs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367382/; classtype:trojan-activity;sid:84230482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367383)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aspngf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367383/; classtype:trojan-activity;sid:84230483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367377)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gjhoua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367377/; classtype:trojan-activity;sid:84230477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367378)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltdnki.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367378/; classtype:trojan-activity;sid:84230478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367379)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znrmco.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367379/; classtype:trojan-activity;sid:84230479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367380)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tfezuo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367380/; classtype:trojan-activity;sid:84230480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367374)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xirksj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367374/; classtype:trojan-activity;sid:84230474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367375)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gbmctf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367375/; classtype:trojan-activity;sid:84230475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367376)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zmpafn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367376/; classtype:trojan-activity;sid:84230476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367372)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkympx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367372/; classtype:trojan-activity;sid:84230472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367373)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nyovtk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367373/; classtype:trojan-activity;sid:84230473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367370)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cfjrvu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367370/; classtype:trojan-activity;sid:84230470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367371)"; flow:established,from_client; content:"GET"; http_method; content:"/js/voagtx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367371/; classtype:trojan-activity;sid:84230471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367367)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ybqour.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367367/; classtype:trojan-activity;sid:84230467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367368)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tgivra.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367368/; classtype:trojan-activity;sid:84230468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367369)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znqsod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367369/; classtype:trojan-activity;sid:84230469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367362)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sdfjyu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367362/; classtype:trojan-activity;sid:84230462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367363)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bcertv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367363/; classtype:trojan-activity;sid:84230463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367364)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whokyr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367364/; classtype:trojan-activity;sid:84230464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367365)"; flow:established,from_client; content:"GET"; http_method; content:"/js/piwvzg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367365/; classtype:trojan-activity;sid:84230465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367366)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hcsftx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367366/; classtype:trojan-activity;sid:84230466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367358)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yamlwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367358/; classtype:trojan-activity;sid:84230458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367359)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lfsniz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367359/; classtype:trojan-activity;sid:84230459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367360)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qeklsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367360/; classtype:trojan-activity;sid:84230460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367361)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aybfme.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367361/; classtype:trojan-activity;sid:84230461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367352)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skeqhi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367352/; classtype:trojan-activity;sid:84230452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367353)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mdlnqa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367353/; classtype:trojan-activity;sid:84230453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367354)"; flow:established,from_client; content:"GET"; http_method; content:"/js/inkxgs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367354/; classtype:trojan-activity;sid:84230454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367355)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fsxjnk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367355/; classtype:trojan-activity;sid:84230455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367356)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dnbuqz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367356/; classtype:trojan-activity;sid:84230456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367357)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gotnlm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367357/; classtype:trojan-activity;sid:84230457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367350)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zouans.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367350/; classtype:trojan-activity;sid:84230450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367351)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gsaqhu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367351/; classtype:trojan-activity;sid:84230451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367345)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jgukrx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367345/; classtype:trojan-activity;sid:84230445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367346)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qpszhk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367346/; classtype:trojan-activity;sid:84230446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367347)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xpqyub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367347/; classtype:trojan-activity;sid:84230447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367348)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mriwqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367348/; classtype:trojan-activity;sid:84230448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367349)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lkfpqn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367349/; classtype:trojan-activity;sid:84230449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367342)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wdgbif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367342/; classtype:trojan-activity;sid:84230442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367343)"; flow:established,from_client; content:"GET"; http_method; content:"/js/clwnai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367343/; classtype:trojan-activity;sid:84230443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367344)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ktxayf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367344/; classtype:trojan-activity;sid:84230444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367337)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyqbmx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367337/; classtype:trojan-activity;sid:84230437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367338)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxnzvl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367338/; classtype:trojan-activity;sid:84230438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367339)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hstjvf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367339/; classtype:trojan-activity;sid:84230439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367340)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bcvmok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367340/; classtype:trojan-activity;sid:84230440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367341)"; flow:established,from_client; content:"GET"; http_method; content:"/js/godukp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367341/; classtype:trojan-activity;sid:84230441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367336)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xlgyhf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367336/; classtype:trojan-activity;sid:84230436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367328)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qemywl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367328/; classtype:trojan-activity;sid:84230428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367329)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ndarqe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367329/; classtype:trojan-activity;sid:84230429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367330)"; flow:established,from_client; content:"GET"; http_method; content:"/js/msfkoe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367330/; classtype:trojan-activity;sid:84230430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367331)"; flow:established,from_client; content:"GET"; http_method; content:"/js/juvwhm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367331/; classtype:trojan-activity;sid:84230431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367332)"; flow:established,from_client; content:"GET"; http_method; content:"/js/akmsfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367332/; classtype:trojan-activity;sid:84230432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367333)"; flow:established,from_client; content:"GET"; http_method; content:"/js/inkxgs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367333/; classtype:trojan-activity;sid:84230433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367334)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hmdwoj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367334/; classtype:trojan-activity;sid:84230434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367335)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bazydn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367335/; classtype:trojan-activity;sid:84230435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367324)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pgbokr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367324/; classtype:trojan-activity;sid:84230424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367325)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdzhjl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367325/; classtype:trojan-activity;sid:84230425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367326)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fenxkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367326/; classtype:trojan-activity;sid:84230426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367327)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rjlkai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367327/; classtype:trojan-activity;sid:84230427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367319)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcqjbh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367319/; classtype:trojan-activity;sid:84230419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367320)"; flow:established,from_client; content:"GET"; http_method; content:"/js/diktcx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367320/; classtype:trojan-activity;sid:84230420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367321)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vkbxyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367321/; classtype:trojan-activity;sid:84230421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367322)"; flow:established,from_client; content:"GET"; http_method; content:"/js/suizdx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367322/; classtype:trojan-activity;sid:84230422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367323)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buriep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367323/; classtype:trojan-activity;sid:84230423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367312)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xrwuby.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367312/; classtype:trojan-activity;sid:84230412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367313)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lozwub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367313/; classtype:trojan-activity;sid:84230413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367314)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lztnfk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367314/; classtype:trojan-activity;sid:84230414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367315)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ydhrfe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367315/; classtype:trojan-activity;sid:84230415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367316)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhwepz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367316/; classtype:trojan-activity;sid:84230416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367317)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucvlao.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367317/; classtype:trojan-activity;sid:84230417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367318)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxfodm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367318/; classtype:trojan-activity;sid:84230418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367309)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bjewxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367309/; classtype:trojan-activity;sid:84230409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367310)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djtukm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367310/; classtype:trojan-activity;sid:84230410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367311)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fsuepy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367311/; classtype:trojan-activity;sid:84230411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367306)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bjewxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367306/; classtype:trojan-activity;sid:84230406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367307)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fkadbt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367307/; classtype:trojan-activity;sid:84230407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367308)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sbdgnc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367308/; classtype:trojan-activity;sid:84230408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367303)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bsuyhj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367303/; classtype:trojan-activity;sid:84230403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367304)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pruzif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367304/; classtype:trojan-activity;sid:84230404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367305)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkocxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367305/; classtype:trojan-activity;sid:84230405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367301)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykznlv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367301/; classtype:trojan-activity;sid:84230401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367302)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eivhfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367302/; classtype:trojan-activity;sid:84230402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367298)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jewltz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367298/; classtype:trojan-activity;sid:84230398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367299)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbrvxl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367299/; classtype:trojan-activity;sid:84230399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367300)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucorwt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367300/; classtype:trojan-activity;sid:84230400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367294)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uszyql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367294/; classtype:trojan-activity;sid:84230394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367295)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glkovy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367295/; classtype:trojan-activity;sid:84230395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367296)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gbqisj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367296/; classtype:trojan-activity;sid:84230396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367297)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bzscvg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367297/; classtype:trojan-activity;sid:84230397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367293)"; flow:established,from_client; content:"GET"; http_method; content:"/js/patlqx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367293/; classtype:trojan-activity;sid:84230393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367289)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xnhimz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367289/; classtype:trojan-activity;sid:84230389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367290)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zvhmne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367290/; classtype:trojan-activity;sid:84230390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367291)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bnfzji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367291/; classtype:trojan-activity;sid:84230391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367292)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qpszhk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367292/; classtype:trojan-activity;sid:84230392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367287)"; flow:established,from_client; content:"GET"; http_method; content:"/js/priola.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367287/; classtype:trojan-activity;sid:84230387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367288)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xevfyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367288/; classtype:trojan-activity;sid:84230388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367280)"; flow:established,from_client; content:"GET"; http_method; content:"/js/znxswu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367280/; classtype:trojan-activity;sid:84230380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367281)"; flow:established,from_client; content:"GET"; http_method; content:"/js/srnjva.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367281/; classtype:trojan-activity;sid:84230381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367282)"; flow:established,from_client; content:"GET"; http_method; content:"/js/otlsbz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367282/; classtype:trojan-activity;sid:84230382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367283)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fltyha.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367283/; classtype:trojan-activity;sid:84230383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367284)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aipojd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367284/; classtype:trojan-activity;sid:84230384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367285)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qsfzow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367285/; classtype:trojan-activity;sid:84230385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367286)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fljxes.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367286/; classtype:trojan-activity;sid:84230386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367272)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpfhym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367272/; classtype:trojan-activity;sid:84230372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367273)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djiowm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367273/; classtype:trojan-activity;sid:84230373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367274)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xpqyub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367274/; classtype:trojan-activity;sid:84230374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367275)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ctrnow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367275/; classtype:trojan-activity;sid:84230375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367276)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vsmdyo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367276/; classtype:trojan-activity;sid:84230376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367277)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zljwks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367277/; classtype:trojan-activity;sid:84230377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367278)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cexirv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367278/; classtype:trojan-activity;sid:84230378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367279)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taypgl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367279/; classtype:trojan-activity;sid:84230379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367268)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rqopna.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367268/; classtype:trojan-activity;sid:84230368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367269)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fwtgdn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367269/; classtype:trojan-activity;sid:84230369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367270)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vbxrsh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367270/; classtype:trojan-activity;sid:84230370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367271)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cljokq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367271/; classtype:trojan-activity;sid:84230371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367266)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhvuqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367266/; classtype:trojan-activity;sid:84230366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367267)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmexdh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367267/; classtype:trojan-activity;sid:84230367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367260)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qatijs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367260/; classtype:trojan-activity;sid:84230360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367261)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ezpqta.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367261/; classtype:trojan-activity;sid:84230361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367262)"; flow:established,from_client; content:"GET"; http_method; content:"/js/grwsed.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367262/; classtype:trojan-activity;sid:84230362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367263)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnjxuw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367263/; classtype:trojan-activity;sid:84230363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367264)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yxkdji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367264/; classtype:trojan-activity;sid:84230364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367265)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xevfyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367265/; classtype:trojan-activity;sid:84230365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367257)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbrvxl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367257/; classtype:trojan-activity;sid:84230357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367258)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gjhoua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367258/; classtype:trojan-activity;sid:84230358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367259)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnviot.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367259/; classtype:trojan-activity;sid:84230359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367254)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ydsuwj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367254/; classtype:trojan-activity;sid:84230354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367255)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buriep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367255/; classtype:trojan-activity;sid:84230355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367256)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cnduef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367256/; classtype:trojan-activity;sid:84230356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367252)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ogimzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367252/; classtype:trojan-activity;sid:84230352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367253)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dcwanm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367253/; classtype:trojan-activity;sid:84230353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367249)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zouans.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367249/; classtype:trojan-activity;sid:84230349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367250)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dawgjr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367250/; classtype:trojan-activity;sid:84230350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367251)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aivfhm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367251/; classtype:trojan-activity;sid:84230351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367246)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jlmaci.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367246/; classtype:trojan-activity;sid:84230346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367247)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kixrge.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367247/; classtype:trojan-activity;sid:84230347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367248)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zhpgbr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367248/; classtype:trojan-activity;sid:84230348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367239)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lsojgh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367239/; classtype:trojan-activity;sid:84230339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367240)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xirksj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367240/; classtype:trojan-activity;sid:84230340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367241)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jbougr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367241/; classtype:trojan-activity;sid:84230341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367242)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucorwt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367242/; classtype:trojan-activity;sid:84230342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367243)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kelsjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367243/; classtype:trojan-activity;sid:84230343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367244)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnxjiu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367244/; classtype:trojan-activity;sid:84230344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367245)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkocxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367245/; classtype:trojan-activity;sid:84230345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367238)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jsbkec.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367238/; classtype:trojan-activity;sid:84230338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367234)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lsojgh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367234/; classtype:trojan-activity;sid:84230334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367235)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vkbxyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367235/; classtype:trojan-activity;sid:84230335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367236)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ptvnkh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367236/; classtype:trojan-activity;sid:84230336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367237)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpglbq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367237/; classtype:trojan-activity;sid:84230337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367231)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aweqxl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367231/; classtype:trojan-activity;sid:84230331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367232)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykxupl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367232/; classtype:trojan-activity;sid:84230332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367233)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pruzif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367233/; classtype:trojan-activity;sid:84230333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367227)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nfimsr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367227/; classtype:trojan-activity;sid:84230327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367228)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cbpzji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367228/; classtype:trojan-activity;sid:84230328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367229)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fmepyv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367229/; classtype:trojan-activity;sid:84230329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367230)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zqgfeo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367230/; classtype:trojan-activity;sid:84230330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367222)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mgfldi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367222/; classtype:trojan-activity;sid:84230322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367223)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cagesr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367223/; classtype:trojan-activity;sid:84230323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367224)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dmhjua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367224/; classtype:trojan-activity;sid:84230324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367225)"; flow:established,from_client; content:"GET"; http_method; content:"/js/akmsfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367225/; classtype:trojan-activity;sid:84230325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367226)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lneyjh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367226/; classtype:trojan-activity;sid:84230326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367219)"; flow:established,from_client; content:"GET"; http_method; content:"/js/retcab.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367219/; classtype:trojan-activity;sid:84230319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367220)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mevbzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367220/; classtype:trojan-activity;sid:84230320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367221)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xgkhwm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367221/; classtype:trojan-activity;sid:84230321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367214)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltpmzy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367214/; classtype:trojan-activity;sid:84230314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367215)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ldwnqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367215/; classtype:trojan-activity;sid:84230315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367216)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fzcobw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367216/; classtype:trojan-activity;sid:84230316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367217)"; flow:established,from_client; content:"GET"; http_method; content:"/js/efcwnv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367217/; classtype:trojan-activity;sid:84230317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367218)"; flow:established,from_client; content:"GET"; http_method; content:"/js/shaovt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367218/; classtype:trojan-activity;sid:84230318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367212)"; flow:established,from_client; content:"GET"; http_method; content:"/js/newkcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367212/; classtype:trojan-activity;sid:84230312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367213)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kixrge.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367213/; classtype:trojan-activity;sid:84230313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367211)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jewltz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367211/; classtype:trojan-activity;sid:84230311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367208)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ymqxsp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367208/; classtype:trojan-activity;sid:84230308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367209)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mljgai.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367209/; classtype:trojan-activity;sid:84230309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367210)"; flow:established,from_client; content:"GET"; http_method; content:"/js/thlvcq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367210/; classtype:trojan-activity;sid:84230310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367204)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cagesr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367204/; classtype:trojan-activity;sid:84230304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367205)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lsojgh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367205/; classtype:trojan-activity;sid:84230305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367206)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcqjbh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367206/; classtype:trojan-activity;sid:84230306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367207)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sdfjyu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367207/; classtype:trojan-activity;sid:84230307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367201)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hljwts.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367201/; classtype:trojan-activity;sid:84230301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367202)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpdjln.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367202/; classtype:trojan-activity;sid:84230302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367203)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykgnts.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367203/; classtype:trojan-activity;sid:84230303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367195)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfbxjn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367195/; classtype:trojan-activity;sid:84230295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367196)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gfsplo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367196/; classtype:trojan-activity;sid:84230296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367197)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vrdwne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367197/; classtype:trojan-activity;sid:84230297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367198)"; flow:established,from_client; content:"GET"; http_method; content:"/js/emuzcj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367198/; classtype:trojan-activity;sid:84230298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367199)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzbcfd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367199/; classtype:trojan-activity;sid:84230299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367200)"; flow:established,from_client; content:"GET"; http_method; content:"/js/razcsu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367200/; classtype:trojan-activity;sid:84230300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367190)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyxudg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367190/; classtype:trojan-activity;sid:84230290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367191)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfpukb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367191/; classtype:trojan-activity;sid:84230291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367192)"; flow:established,from_client; content:"GET"; http_method; content:"/js/exjfba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367192/; classtype:trojan-activity;sid:84230292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367193)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrkfvd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367193/; classtype:trojan-activity;sid:84230293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367194)"; flow:established,from_client; content:"GET"; http_method; content:"/js/msiucg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367194/; classtype:trojan-activity;sid:84230294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367187)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yamlwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367187/; classtype:trojan-activity;sid:84230287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367188)"; flow:established,from_client; content:"GET"; http_method; content:"/js/newkcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367188/; classtype:trojan-activity;sid:84230288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367189)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qfthvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367189/; classtype:trojan-activity;sid:84230289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367185)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vlxcgi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367185/; classtype:trojan-activity;sid:84230285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367186)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qfthvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367186/; classtype:trojan-activity;sid:84230286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367183)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ukfjeq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367183/; classtype:trojan-activity;sid:84230283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367184)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xlwuak.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367184/; classtype:trojan-activity;sid:84230284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367180)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kyxnuf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367180/; classtype:trojan-activity;sid:84230280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367181)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fnotqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367181/; classtype:trojan-activity;sid:84230281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367182)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftpido.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367182/; classtype:trojan-activity;sid:84230282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367177)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lztnfk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367177/; classtype:trojan-activity;sid:84230277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367178)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbvqma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367178/; classtype:trojan-activity;sid:84230278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367179)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxzuvb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367179/; classtype:trojan-activity;sid:84230279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367174)"; flow:established,from_client; content:"GET"; http_method; content:"/js/josfaz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367174/; classtype:trojan-activity;sid:84230274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367175)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qltmuz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367175/; classtype:trojan-activity;sid:84230275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367176)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vkbxyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367176/; classtype:trojan-activity;sid:84230276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367170)"; flow:established,from_client; content:"GET"; http_method; content:"/js/adchfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367170/; classtype:trojan-activity;sid:84230270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367171)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jtnebv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367171/; classtype:trojan-activity;sid:84230271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367172)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xnhimz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367172/; classtype:trojan-activity;sid:84230272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367173)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kynazr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367173/; classtype:trojan-activity;sid:84230273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367166)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yobune.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367166/; classtype:trojan-activity;sid:84230266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367167)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lwpefs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367167/; classtype:trojan-activity;sid:84230267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367168)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sjqmxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367168/; classtype:trojan-activity;sid:84230268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367169)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hwpagq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367169/; classtype:trojan-activity;sid:84230269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367158)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tkyuqd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367158/; classtype:trojan-activity;sid:84230258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367159)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xlgyhf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367159/; classtype:trojan-activity;sid:84230259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367160)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kawmyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367160/; classtype:trojan-activity;sid:84230260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367161)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbvqma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367161/; classtype:trojan-activity;sid:84230261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367162)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lhdswc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367162/; classtype:trojan-activity;sid:84230262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367163)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bjewxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367163/; classtype:trojan-activity;sid:84230263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367164)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mfzwxd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367164/; classtype:trojan-activity;sid:84230264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367165)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xzinom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367165/; classtype:trojan-activity;sid:84230265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367153)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zqugpa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367153/; classtype:trojan-activity;sid:84230253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367154)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pzxrbd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367154/; classtype:trojan-activity;sid:84230254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367155)"; flow:established,from_client; content:"GET"; http_method; content:"/js/umzebq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367155/; classtype:trojan-activity;sid:84230255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367156)"; flow:established,from_client; content:"GET"; http_method; content:"/js/alzgdf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367156/; classtype:trojan-activity;sid:84230256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367157)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ovnfdt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367157/; classtype:trojan-activity;sid:84230257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367151)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whtjex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367151/; classtype:trojan-activity;sid:84230251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367152)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyqbmx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367152/; classtype:trojan-activity;sid:84230252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367145)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hmoqtp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367145/; classtype:trojan-activity;sid:84230245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367146)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wobhfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367146/; classtype:trojan-activity;sid:84230246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367147)"; flow:established,from_client; content:"GET"; http_method; content:"/js/okmnjx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367147/; classtype:trojan-activity;sid:84230247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367148)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lkfpqn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367148/; classtype:trojan-activity;sid:84230248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367149)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvzyka.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367149/; classtype:trojan-activity;sid:84230249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367150)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pykqbg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367150/; classtype:trojan-activity;sid:84230250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367139)"; flow:established,from_client; content:"GET"; http_method; content:"/js/womtxr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367139/; classtype:trojan-activity;sid:84230239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367140)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyvhof.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367140/; classtype:trojan-activity;sid:84230240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367141)"; flow:established,from_client; content:"GET"; http_method; content:"/js/voagtx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367141/; classtype:trojan-activity;sid:84230241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367142)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucorwt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367142/; classtype:trojan-activity;sid:84230242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367143)"; flow:established,from_client; content:"GET"; http_method; content:"/js/veyrqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367143/; classtype:trojan-activity;sid:84230243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367144)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvwent.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367144/; classtype:trojan-activity;sid:84230244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367137)"; flow:established,from_client; content:"GET"; http_method; content:"/js/otlsbz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367137/; classtype:trojan-activity;sid:84230237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367138)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftgiow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367138/; classtype:trojan-activity;sid:84230238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367135)"; flow:established,from_client; content:"GET"; http_method; content:"/js/athupi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367135/; classtype:trojan-activity;sid:84230235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367136)"; flow:established,from_client; content:"GET"; http_method; content:"/js/shaovt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367136/; classtype:trojan-activity;sid:84230236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367134)"; flow:established,from_client; content:"GET"; http_method; content:"/js/exnwkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367134/; classtype:trojan-activity;sid:84230234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367132)"; flow:established,from_client; content:"GET"; http_method; content:"/js/irmjwl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367132/; classtype:trojan-activity;sid:84230232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367133)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gsrvje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367133/; classtype:trojan-activity;sid:84230233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367127)"; flow:established,from_client; content:"GET"; http_method; content:"/js/knpfbu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367127/; classtype:trojan-activity;sid:84230227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367128)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nkdqcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367128/; classtype:trojan-activity;sid:84230228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367129)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrbwyu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367129/; classtype:trojan-activity;sid:84230229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367130)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cusemi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367130/; classtype:trojan-activity;sid:84230230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367131)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xskyft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367131/; classtype:trojan-activity;sid:84230231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367123)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yhszqf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367123/; classtype:trojan-activity;sid:84230223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367124)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhpkzx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367124/; classtype:trojan-activity;sid:84230224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367125)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mierfl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367125/; classtype:trojan-activity;sid:84230225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367126)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wquabs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367126/; classtype:trojan-activity;sid:84230226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367116)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cbpzji.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367116/; classtype:trojan-activity;sid:84230216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367117)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atbmcv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367117/; classtype:trojan-activity;sid:84230217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367118)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kldhuq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367118/; classtype:trojan-activity;sid:84230218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367119)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtapwo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367119/; classtype:trojan-activity;sid:84230219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367120)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mevbzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367120/; classtype:trojan-activity;sid:84230220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367121)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbhwft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367121/; classtype:trojan-activity;sid:84230221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367122)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glzfjk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367122/; classtype:trojan-activity;sid:84230222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367107)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cfjrvu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367107/; classtype:trojan-activity;sid:84230207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367108)"; flow:established,from_client; content:"GET"; http_method; content:"/js/juilvp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367108/; classtype:trojan-activity;sid:84230208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367109)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qjwnsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367109/; classtype:trojan-activity;sid:84230209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367110)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sbdgnc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367110/; classtype:trojan-activity;sid:84230210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367111)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kjdzyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367111/; classtype:trojan-activity;sid:84230211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367112)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yjwuhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367112/; classtype:trojan-activity;sid:84230212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367113)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hitguk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367113/; classtype:trojan-activity;sid:84230213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367114)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aspngf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367114/; classtype:trojan-activity;sid:84230214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367115)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ghksto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367115/; classtype:trojan-activity;sid:84230215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367102)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjukql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367102/; classtype:trojan-activity;sid:84230202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367103)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fmepyv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367103/; classtype:trojan-activity;sid:84230203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367104)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jgukrx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367104/; classtype:trojan-activity;sid:84230204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367105)"; flow:established,from_client; content:"GET"; http_method; content:"/js/enhozf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367105/; classtype:trojan-activity;sid:84230205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367106)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jetyiw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367106/; classtype:trojan-activity;sid:84230206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367098)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhvuqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367098/; classtype:trojan-activity;sid:84230198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367099)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmyijc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367099/; classtype:trojan-activity;sid:84230199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367100)"; flow:established,from_client; content:"GET"; http_method; content:"/js/womtxr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367100/; classtype:trojan-activity;sid:84230200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367101)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucvlao.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367101/; classtype:trojan-activity;sid:84230201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367097)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glebqm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367097/; classtype:trojan-activity;sid:84230197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367095)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kwuisd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367095/; classtype:trojan-activity;sid:84230195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367096)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sfxnlu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367096/; classtype:trojan-activity;sid:84230196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367094)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ulvson.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367094/; classtype:trojan-activity;sid:84230194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367093)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fkadbt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367093/; classtype:trojan-activity;sid:84230193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367091)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bqpmtr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367091/; classtype:trojan-activity;sid:84230191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367092)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kxcqzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367092/; classtype:trojan-activity;sid:84230192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367090)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykxupl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367090/; classtype:trojan-activity;sid:84230190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367085)"; flow:established,from_client; content:"GET"; http_method; content:"/js/atjunw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367085/; classtype:trojan-activity;sid:84230185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367086)"; flow:established,from_client; content:"GET"; http_method; content:"/js/razcsu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367086/; classtype:trojan-activity;sid:84230186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367087)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qasuzt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367087/; classtype:trojan-activity;sid:84230187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367088)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nrwyvs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367088/; classtype:trojan-activity;sid:84230188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367089)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fwtgdn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367089/; classtype:trojan-activity;sid:84230189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367079)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xkafls.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367079/; classtype:trojan-activity;sid:84230179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367080)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fmepyv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367080/; classtype:trojan-activity;sid:84230180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367081)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uidphw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367081/; classtype:trojan-activity;sid:84230181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367082)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qeklsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367082/; classtype:trojan-activity;sid:84230182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367083)"; flow:established,from_client; content:"GET"; http_method; content:"/js/conuwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367083/; classtype:trojan-activity;sid:84230183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367084)"; flow:established,from_client; content:"GET"; http_method; content:"/js/retcab.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367084/; classtype:trojan-activity;sid:84230184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367072)"; flow:established,from_client; content:"GET"; http_method; content:"/js/exnwkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367072/; classtype:trojan-activity;sid:84230172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367073)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpoikg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367073/; classtype:trojan-activity;sid:84230173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367074)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxzuvb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367074/; classtype:trojan-activity;sid:84230174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367075)"; flow:established,from_client; content:"GET"; http_method; content:"/js/isygcv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367075/; classtype:trojan-activity;sid:84230175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367076)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dhkuol.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367076/; classtype:trojan-activity;sid:84230176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367077)"; flow:established,from_client; content:"GET"; http_method; content:"/js/voagtx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367077/; classtype:trojan-activity;sid:84230177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367078)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ldwnqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367078/; classtype:trojan-activity;sid:84230178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367061)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rlmkdy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367061/; classtype:trojan-activity;sid:84230161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367062)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wjqosp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367062/; classtype:trojan-activity;sid:84230162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367063)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lsovum.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367063/; classtype:trojan-activity;sid:84230163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367064)"; flow:established,from_client; content:"GET"; http_method; content:"/js/athupi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367064/; classtype:trojan-activity;sid:84230164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367065)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fconkp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367065/; classtype:trojan-activity;sid:84230165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367066)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmcsue.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367066/; classtype:trojan-activity;sid:84230166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367067)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hmdwoj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367067/; classtype:trojan-activity;sid:84230167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367068)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qfaxth.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367068/; classtype:trojan-activity;sid:84230168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367069)"; flow:established,from_client; content:"GET"; http_method; content:"/js/foskub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367069/; classtype:trojan-activity;sid:84230169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367070)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pvrqtl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367070/; classtype:trojan-activity;sid:84230170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367071)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gzsjed.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367071/; classtype:trojan-activity;sid:84230171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367057)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtnlzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367057/; classtype:trojan-activity;sid:84230157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367058)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftpido.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367058/; classtype:trojan-activity;sid:84230158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367059)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hegofv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367059/; classtype:trojan-activity;sid:84230159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367060)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zcjdmh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367060/; classtype:trojan-activity;sid:84230160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367056)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ewfshl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367056/; classtype:trojan-activity;sid:84230156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367055)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vsmdyo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367055/; classtype:trojan-activity;sid:84230155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367054)"; flow:established,from_client; content:"GET"; http_method; content:"/js/npukdv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367054/; classtype:trojan-activity;sid:84230154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367048)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xzngir.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367048/; classtype:trojan-activity;sid:84230148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367049)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yrnebj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367049/; classtype:trojan-activity;sid:84230149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367050)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltdnki.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367050/; classtype:trojan-activity;sid:84230150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367051)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrfxqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367051/; classtype:trojan-activity;sid:84230151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367052)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chvjrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367052/; classtype:trojan-activity;sid:84230152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367053)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kyxnuf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367053/; classtype:trojan-activity;sid:84230153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367039)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mptsrb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367039/; classtype:trojan-activity;sid:84230139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367040)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lknfyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367040/; classtype:trojan-activity;sid:84230140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367041)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpfhym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367041/; classtype:trojan-activity;sid:84230141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367042)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qcfibe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367042/; classtype:trojan-activity;sid:84230142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367043)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpytjb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367043/; classtype:trojan-activity;sid:84230143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367044)"; flow:established,from_client; content:"GET"; http_method; content:"/js/txwhkb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367044/; classtype:trojan-activity;sid:84230144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367045)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qfaxth.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367045/; classtype:trojan-activity;sid:84230145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367046)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykznlv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367046/; classtype:trojan-activity;sid:84230146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367047)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnvzbd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367047/; classtype:trojan-activity;sid:84230147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367033)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xanfzm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367033/; classtype:trojan-activity;sid:84230133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367034)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hzsfvj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367034/; classtype:trojan-activity;sid:84230134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367035)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dfrwix.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367035/; classtype:trojan-activity;sid:84230135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367036)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhvgrs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367036/; classtype:trojan-activity;sid:84230136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367037)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbhvcm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367037/; classtype:trojan-activity;sid:84230137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367038)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gansqy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367038/; classtype:trojan-activity;sid:84230138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367026)"; flow:established,from_client; content:"GET"; http_method; content:"/js/exjfba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367026/; classtype:trojan-activity;sid:84230126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367027)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eucwkz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367027/; classtype:trojan-activity;sid:84230127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367028)"; flow:established,from_client; content:"GET"; http_method; content:"/js/elqgwv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367028/; classtype:trojan-activity;sid:84230128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367029)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aqbves.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367029/; classtype:trojan-activity;sid:84230129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367030)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kvjcwu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367030/; classtype:trojan-activity;sid:84230130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367031)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qycavu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367031/; classtype:trojan-activity;sid:84230131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367032)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cdazps.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367032/; classtype:trojan-activity;sid:84230132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367021)"; flow:established,from_client; content:"GET"; http_method; content:"/js/msfkoe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367021/; classtype:trojan-activity;sid:84230121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367022)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnxjiu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367022/; classtype:trojan-activity;sid:84230122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367023)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fconkp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367023/; classtype:trojan-activity;sid:84230123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367024)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fenjvr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367024/; classtype:trojan-activity;sid:84230124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367025)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chepkx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367025/; classtype:trojan-activity;sid:84230125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367017)"; flow:established,from_client; content:"GET"; http_method; content:"/js/suizdx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367017/; classtype:trojan-activity;sid:84230117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367018)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wdgbif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367018/; classtype:trojan-activity;sid:84230118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367019)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pqxyjc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367019/; classtype:trojan-activity;sid:84230119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367020)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lkfpqn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367020/; classtype:trojan-activity;sid:84230120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367016)"; flow:established,from_client; content:"GET"; http_method; content:"/js/womtxr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367016/; classtype:trojan-activity;sid:84230116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367008)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dfrwix.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367008/; classtype:trojan-activity;sid:84230108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367009)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jyhdca.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367009/; classtype:trojan-activity;sid:84230109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367010)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ulvson.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367010/; classtype:trojan-activity;sid:84230110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367011)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbhwft.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367011/; classtype:trojan-activity;sid:84230111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367012)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ewfshl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367012/; classtype:trojan-activity;sid:84230112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367013)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bmcrfh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367013/; classtype:trojan-activity;sid:84230113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367014)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skhjtc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367014/; classtype:trojan-activity;sid:84230114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367015)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dsoayr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367015/; classtype:trojan-activity;sid:84230115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366999)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cirunm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366999/; classtype:trojan-activity;sid:84230099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367000)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zouans.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367000/; classtype:trojan-activity;sid:84230100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367001)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtnlzj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367001/; classtype:trojan-activity;sid:84230101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367002)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eyxpjz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367002/; classtype:trojan-activity;sid:84230102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367003)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmzwhi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367003/; classtype:trojan-activity;sid:84230103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367004)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bmcrfh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367004/; classtype:trojan-activity;sid:84230104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367005)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjdkeq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367005/; classtype:trojan-activity;sid:84230105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367006)"; flow:established,from_client; content:"GET"; http_method; content:"/js/deirlj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367006/; classtype:trojan-activity;sid:84230106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3367007)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zibajo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3367007/; classtype:trojan-activity;sid:84230107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366992)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmszvh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366992/; classtype:trojan-activity;sid:84230092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366993)"; flow:established,from_client; content:"GET"; http_method; content:"/js/epmtcs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366993/; classtype:trojan-activity;sid:84230093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366994)"; flow:established,from_client; content:"GET"; http_method; content:"/js/foskub.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366994/; classtype:trojan-activity;sid:84230094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366995)"; flow:established,from_client; content:"GET"; http_method; content:"/js/msiucg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366995/; classtype:trojan-activity;sid:84230095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366996)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbhpnc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366996/; classtype:trojan-activity;sid:84230096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366997)"; flow:established,from_client; content:"GET"; http_method; content:"/js/elqgwv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366997/; classtype:trojan-activity;sid:84230097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366998)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rscwtp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366998/; classtype:trojan-activity;sid:84230098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366989)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jnlkap.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366989/; classtype:trojan-activity;sid:84230089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366990)"; flow:established,from_client; content:"GET"; http_method; content:"/js/juilvp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366990/; classtype:trojan-activity;sid:84230090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366991)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hpoikg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366991/; classtype:trojan-activity;sid:84230091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366986)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ptvnkh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366986/; classtype:trojan-activity;sid:84230086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366987)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzxdwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366987/; classtype:trojan-activity;sid:84230087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366988)"; flow:established,from_client; content:"GET"; http_method; content:"/js/szoujy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366988/; classtype:trojan-activity;sid:84230088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366981)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zqgfeo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366981/; classtype:trojan-activity;sid:84230081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366982)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbofah.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366982/; classtype:trojan-activity;sid:84230082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366983)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nxritz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366983/; classtype:trojan-activity;sid:84230083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366984)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyvhof.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366984/; classtype:trojan-activity;sid:84230084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366985)"; flow:established,from_client; content:"GET"; http_method; content:"/js/twymph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366985/; classtype:trojan-activity;sid:84230085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366977)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jktxoq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366977/; classtype:trojan-activity;sid:84230077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366978)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dcwanm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366978/; classtype:trojan-activity;sid:84230078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366979)"; flow:established,from_client; content:"GET"; http_method; content:"/js/logjmx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366979/; classtype:trojan-activity;sid:84230079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366980)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dhkuol.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366980/; classtype:trojan-activity;sid:84230080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366976)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnjxuw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366976/; classtype:trojan-activity;sid:84230076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.135.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366975/; classtype:trojan-activity;sid:84230075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366974)"; flow:established,from_client; content:"GET"; http_method; content:"/js/arfejg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366974/; classtype:trojan-activity;sid:84230074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.121.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366972/; classtype:trojan-activity;sid:84230072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.106.128.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366973/; classtype:trojan-activity;sid:84230073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366970/; classtype:trojan-activity;sid:84230070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.58.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366971/; classtype:trojan-activity;sid:84230071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366965)"; flow:established,from_client; content:"GET"; http_method; content:"/676556be12355/676556be12ac3.vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366965/; classtype:trojan-activity;sid:84230065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366966)"; flow:established,from_client; content:"GET"; http_method; content:"/676556be12355/js/676556be11f48.js"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366966/; classtype:trojan-activity;sid:84230066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366967)"; flow:established,from_client; content:"GET"; http_method; content:"/676556be12355/676556be12aca.vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366967/; classtype:trojan-activity;sid:84230067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366968)"; flow:established,from_client; content:"GET"; http_method; content:"/676556be12355/676556be12aca.vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366968/; classtype:trojan-activity;sid:84230068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366969)"; flow:established,from_client; content:"GET"; http_method; content:"/676556be12355/676556be12aca.vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366969/; classtype:trojan-activity;sid:84230069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366961)"; flow:established,from_client; content:"GET"; http_method; content:"/676556be12355/js/676556be11f48.js"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366961/; classtype:trojan-activity;sid:84230061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366962)"; flow:established,from_client; content:"GET"; http_method; content:"/676556be12355/676556be12ac3.vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366962/; classtype:trojan-activity;sid:84230062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366963)"; flow:established,from_client; content:"GET"; http_method; content:"/676556be12355/676556be12ac3.vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366963/; classtype:trojan-activity;sid:84230063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366964)"; flow:established,from_client; content:"GET"; http_method; content:"/676556be12355/js/676556be11f48.js"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366964/; classtype:trojan-activity;sid:84230064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366958)"; flow:established,from_client; content:"GET"; http_method; content:"/676556be12355/pko_0019289289544_pdf_%e2%91%a3%e2%91%a6%e2%91%a5%e2%91%a2%e2%91%a1%e2%91%a6%e2%91%a4%e2%91%a2.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366958/; classtype:trojan-activity;sid:84230058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366959)"; flow:established,from_client; content:"GET"; http_method; content:"/676556be12355/pko_0019289289544_pdf_%e2%91%a3%e2%91%a6%e2%91%a5%e2%91%a2%e2%91%a1%e2%91%a6%e2%91%a4%e2%91%a2.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"78.138.9.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366959/; classtype:trojan-activity;sid:84230059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366960)"; flow:established,from_client; content:"GET"; http_method; content:"/676556be12355/pko_0019289289544_pdf_%e2%91%a3%e2%91%a6%e2%91%a5%e2%91%a2%e2%91%a1%e2%91%a6%e2%91%a4%e2%91%a2.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"file-download.bytez.cloud"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366960/; classtype:trojan-activity;sid:84230060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.78.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366957/; classtype:trojan-activity;sid:84230057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.110.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366956/; classtype:trojan-activity;sid:84230056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366955/; classtype:trojan-activity;sid:84230055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366954/; classtype:trojan-activity;sid:84230054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.135.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366953/; classtype:trojan-activity;sid:84230053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.231.203.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366952/; classtype:trojan-activity;sid:84230052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.195.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366951/; classtype:trojan-activity;sid:84230051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.87.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366950/; classtype:trojan-activity;sid:84230050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.46.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366949/; classtype:trojan-activity;sid:84230049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.106.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366948/; classtype:trojan-activity;sid:84230048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.216.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366947/; classtype:trojan-activity;sid:84230047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.166.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366946/; classtype:trojan-activity;sid:84230046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366945/; classtype:trojan-activity;sid:84230045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366944/; classtype:trojan-activity;sid:84230044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366943/; classtype:trojan-activity;sid:84230043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.167.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366942/; classtype:trojan-activity;sid:84230042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.216.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366941/; classtype:trojan-activity;sid:84230041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.1.246"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366940/; classtype:trojan-activity;sid:84230040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.176.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366939/; classtype:trojan-activity;sid:84230039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.149.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366938/; classtype:trojan-activity;sid:84230038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.84.138.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366937/; classtype:trojan-activity;sid:84230037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.152.3.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366936/; classtype:trojan-activity;sid:84230036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.183.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366935/; classtype:trojan-activity;sid:84230035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.18.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366934/; classtype:trojan-activity;sid:84230034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.26.238"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366933/; classtype:trojan-activity;sid:84230033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.65.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366932/; classtype:trojan-activity;sid:84230032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.242.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366930/; classtype:trojan-activity;sid:84230030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.74.183"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366931/; classtype:trojan-activity;sid:84230031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.115.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366929/; classtype:trojan-activity;sid:84230029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366928/; classtype:trojan-activity;sid:84230028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.175.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366927/; classtype:trojan-activity;sid:84230027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.88.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366926/; classtype:trojan-activity;sid:84230026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.229.237.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366925/; classtype:trojan-activity;sid:84230025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.149.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366924/; classtype:trojan-activity;sid:84230024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.246"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366923/; classtype:trojan-activity;sid:84230023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366921)"; flow:established,from_client; content:"GET"; http_method; content:"/.adb/fenty.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.196.9.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366921/; classtype:trojan-activity;sid:84230021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366922)"; flow:established,from_client; content:"GET"; http_method; content:"/.adb/fenty.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.196.9.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366922/; classtype:trojan-activity;sid:84230022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366920/; classtype:trojan-activity;sid:84230020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.110.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366919/; classtype:trojan-activity;sid:84230019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.167.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366917/; classtype:trojan-activity;sid:84230017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.18.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366918/; classtype:trojan-activity;sid:84230018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.87.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366914/; classtype:trojan-activity;sid:84230014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.19.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366915/; classtype:trojan-activity;sid:84230015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.152.3.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366916/; classtype:trojan-activity;sid:84230016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.26.238"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366913/; classtype:trojan-activity;sid:84230013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.40.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366912/; classtype:trojan-activity;sid:84230012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.74.183"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366911/; classtype:trojan-activity;sid:84230011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.229.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366910/; classtype:trojan-activity;sid:84230010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.229.237.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366909/; classtype:trojan-activity;sid:84230009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366908/; classtype:trojan-activity;sid:84230008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.151.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366907/; classtype:trojan-activity;sid:84230007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.40.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366906/; classtype:trojan-activity;sid:84230006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.79.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366905/; classtype:trojan-activity;sid:84230005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.227.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366904/; classtype:trojan-activity;sid:84230004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.28.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366903/; classtype:trojan-activity;sid:84230003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.110.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366901/; classtype:trojan-activity;sid:84230001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.104.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366902/; classtype:trojan-activity;sid:84230002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366900/; classtype:trojan-activity;sid:84230000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.198.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366899/; classtype:trojan-activity;sid:84229999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.213.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366898/; classtype:trojan-activity;sid:84229998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366897/; classtype:trojan-activity;sid:84229997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.90.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366896/; classtype:trojan-activity;sid:84229996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.90.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366895/; classtype:trojan-activity;sid:84229995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.79.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366894/; classtype:trojan-activity;sid:84229994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.227.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366893/; classtype:trojan-activity;sid:84229993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.219.45.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366891/; classtype:trojan-activity;sid:84229991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366892/; classtype:trojan-activity;sid:84229992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.198.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366890/; classtype:trojan-activity;sid:84229990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366889/; classtype:trojan-activity;sid:84229989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.223.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366888/; classtype:trojan-activity;sid:84229988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366887/; classtype:trojan-activity;sid:84229987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.174.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366886/; classtype:trojan-activity;sid:84229986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.100.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366885/; classtype:trojan-activity;sid:84229985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366884/; classtype:trojan-activity;sid:84229984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.182.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366883/; classtype:trojan-activity;sid:84229983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.147.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366882/; classtype:trojan-activity;sid:84229982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.101.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366881/; classtype:trojan-activity;sid:84229981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.131.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366880/; classtype:trojan-activity;sid:84229980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.43.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366879/; classtype:trojan-activity;sid:84229979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.113.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366878/; classtype:trojan-activity;sid:84229978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.193.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366877/; classtype:trojan-activity;sid:84229977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.173.59.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366876/; classtype:trojan-activity;sid:84229976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.232.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366875/; classtype:trojan-activity;sid:84229975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.211.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366874/; classtype:trojan-activity;sid:84229974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.155.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366873/; classtype:trojan-activity;sid:84229973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366872/; classtype:trojan-activity;sid:84229972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366871)"; flow:established,from_client; content:"GET"; http_method; content:"/wiewa64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ugh.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366871/; classtype:trojan-activity;sid:84229971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366870/; classtype:trojan-activity;sid:84229970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.113.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366869/; classtype:trojan-activity;sid:84229969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366868/; classtype:trojan-activity;sid:84229968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366867/; classtype:trojan-activity;sid:84229967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.131.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366866/; classtype:trojan-activity;sid:84229966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.43.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366865/; classtype:trojan-activity;sid:84229965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366864/; classtype:trojan-activity;sid:84229964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366863/; classtype:trojan-activity;sid:84229963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366861/; classtype:trojan-activity;sid:84229961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.74.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366862/; classtype:trojan-activity;sid:84229962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.193.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366860/; classtype:trojan-activity;sid:84229960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.147.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366859/; classtype:trojan-activity;sid:84229959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.173.59.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366858/; classtype:trojan-activity;sid:84229958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.219.45.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366857/; classtype:trojan-activity;sid:84229957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.115.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366856/; classtype:trojan-activity;sid:84229956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366855/; classtype:trojan-activity;sid:84229955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366854/; classtype:trojan-activity;sid:84229954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366853/; classtype:trojan-activity;sid:84229953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.88.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366852/; classtype:trojan-activity;sid:84229952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366851/; classtype:trojan-activity;sid:84229951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.19.133.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366850/; classtype:trojan-activity;sid:84229950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.147.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366849/; classtype:trojan-activity;sid:84229949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366848/; classtype:trojan-activity;sid:84229948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.74.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366847/; classtype:trojan-activity;sid:84229947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.175.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366846/; classtype:trojan-activity;sid:84229946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.249.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366845/; classtype:trojan-activity;sid:84229945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.246.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366844/; classtype:trojan-activity;sid:84229944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.248.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366843/; classtype:trojan-activity;sid:84229943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.93.105.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366842/; classtype:trojan-activity;sid:84229942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.216.71.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366840/; classtype:trojan-activity;sid:84229940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.115.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366841/; classtype:trojan-activity;sid:84229941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.33.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366839/; classtype:trojan-activity;sid:84229939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.28.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366838/; classtype:trojan-activity;sid:84229938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.209.104.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366836/; classtype:trojan-activity;sid:84229936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.40.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366837/; classtype:trojan-activity;sid:84229937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.160.128.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366829/; classtype:trojan-activity;sid:84229929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366830/; classtype:trojan-activity;sid:84229930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.191.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366831/; classtype:trojan-activity;sid:84229931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366832/; classtype:trojan-activity;sid:84229932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.89.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366833/; classtype:trojan-activity;sid:84229933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.119.100.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366834/; classtype:trojan-activity;sid:84229934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.32.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366835/; classtype:trojan-activity;sid:84229935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.252.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366828/; classtype:trojan-activity;sid:84229928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366827/; classtype:trojan-activity;sid:84229927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.255.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366826/; classtype:trojan-activity;sid:84229926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.1.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366825/; classtype:trojan-activity;sid:84229925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.193.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366819/; classtype:trojan-activity;sid:84229919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.226.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366820/; classtype:trojan-activity;sid:84229920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.224.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366821/; classtype:trojan-activity;sid:84229921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.159.243.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366822/; classtype:trojan-activity;sid:84229922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.242.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366823/; classtype:trojan-activity;sid:84229923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.233.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366824/; classtype:trojan-activity;sid:84229924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.120.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366818/; classtype:trojan-activity;sid:84229918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.1.92.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366817/; classtype:trojan-activity;sid:84229917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.102.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366816/; classtype:trojan-activity;sid:84229916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.176.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366815/; classtype:trojan-activity;sid:84229915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.2.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366814/; classtype:trojan-activity;sid:84229914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.214.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366813/; classtype:trojan-activity;sid:84229913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.93.105.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366811/; classtype:trojan-activity;sid:84229911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.175.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366812/; classtype:trojan-activity;sid:84229912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366810/; classtype:trojan-activity;sid:84229910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.248.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366809/; classtype:trojan-activity;sid:84229909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.83.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366808/; classtype:trojan-activity;sid:84229908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366806/; classtype:trojan-activity;sid:84229906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.11.38"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366807/; classtype:trojan-activity;sid:84229907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.107.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366805/; classtype:trojan-activity;sid:84229905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.193.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366804/; classtype:trojan-activity;sid:84229904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.11.38"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366803/; classtype:trojan-activity;sid:84229903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.65.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366801/; classtype:trojan-activity;sid:84229901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.192.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366802/; classtype:trojan-activity;sid:84229902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.125.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366800/; classtype:trojan-activity;sid:84229900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366799/; classtype:trojan-activity;sid:84229899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.84.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366798/; classtype:trojan-activity;sid:84229898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.5.163"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366797/; classtype:trojan-activity;sid:84229897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.91.162.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366796/; classtype:trojan-activity;sid:84229896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.173.59.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366795/; classtype:trojan-activity;sid:84229895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.4.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366794/; classtype:trojan-activity;sid:84229894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.129.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366793/; classtype:trojan-activity;sid:84229893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366792/; classtype:trojan-activity;sid:84229892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366791/; classtype:trojan-activity;sid:84229891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366790/; classtype:trojan-activity;sid:84229890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.65.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366789/; classtype:trojan-activity;sid:84229889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.24.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366788/; classtype:trojan-activity;sid:84229888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366787/; classtype:trojan-activity;sid:84229887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.42.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366786/; classtype:trojan-activity;sid:84229886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.28.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366784/; classtype:trojan-activity;sid:84229884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.92.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366785/; classtype:trojan-activity;sid:84229885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.84.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366783/; classtype:trojan-activity;sid:84229883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.150.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366782/; classtype:trojan-activity;sid:84229882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.167.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366781/; classtype:trojan-activity;sid:84229881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.197.26.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366780/; classtype:trojan-activity;sid:84229880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.5.163"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366779/; classtype:trojan-activity;sid:84229879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.90.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366778/; classtype:trojan-activity;sid:84229878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366777/; classtype:trojan-activity;sid:84229877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.91.162.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366776/; classtype:trojan-activity;sid:84229876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.176.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366775/; classtype:trojan-activity;sid:84229875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366774)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"xyfe.demo.ezra-ai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366774/; classtype:trojan-activity;sid:84229874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.192.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366773/; classtype:trojan-activity;sid:84229873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.151.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366772/; classtype:trojan-activity;sid:84229872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.142.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366771/; classtype:trojan-activity;sid:84229871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.103.135.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366770/; classtype:trojan-activity;sid:84229870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.166.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366769/; classtype:trojan-activity;sid:84229869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.90.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366768/; classtype:trojan-activity;sid:84229868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.119.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366766/; classtype:trojan-activity;sid:84229866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.159.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366767/; classtype:trojan-activity;sid:84229867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.92.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366765/; classtype:trojan-activity;sid:84229865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.187.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366764/; classtype:trojan-activity;sid:84229864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366763/; classtype:trojan-activity;sid:84229863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.167.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366762/; classtype:trojan-activity;sid:84229862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.188.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366760/; classtype:trojan-activity;sid:84229860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.42.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366761/; classtype:trojan-activity;sid:84229861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.103.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366759/; classtype:trojan-activity;sid:84229859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.102.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366758/; classtype:trojan-activity;sid:84229858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.90.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366757/; classtype:trojan-activity;sid:84229857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.26.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366756/; classtype:trojan-activity;sid:84229856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366755/; classtype:trojan-activity;sid:84229855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.142.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366754/; classtype:trojan-activity;sid:84229854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.26.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366752/; classtype:trojan-activity;sid:84229852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366753/; classtype:trojan-activity;sid:84229853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.157.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366751/; classtype:trojan-activity;sid:84229851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.9.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366750/; classtype:trojan-activity;sid:84229850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.187.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366749/; classtype:trojan-activity;sid:84229849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.117.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366748/; classtype:trojan-activity;sid:84229848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.188.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366747/; classtype:trojan-activity;sid:84229847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.119.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366746/; classtype:trojan-activity;sid:84229846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.193.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366745/; classtype:trojan-activity;sid:84229845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.159.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366744/; classtype:trojan-activity;sid:84229844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.124.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366743/; classtype:trojan-activity;sid:84229843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.151.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366741/; classtype:trojan-activity;sid:84229841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.39.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366742/; classtype:trojan-activity;sid:84229842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.40.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366740/; classtype:trojan-activity;sid:84229840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.76.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366739/; classtype:trojan-activity;sid:84229839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.88.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366738/; classtype:trojan-activity;sid:84229838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.239.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366737/; classtype:trojan-activity;sid:84229837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.68.110.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366736/; classtype:trojan-activity;sid:84229836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366735)"; flow:established,from_client; content:"GET"; http_method; content:"/metamail1/shll/refs/heads/main/kk.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366735/; classtype:trojan-activity;sid:84229835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366730)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/pojahie.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366730/; classtype:trojan-activity;sid:84229830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366731)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/oieehem.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366731/; classtype:trojan-activity;sid:84229831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366732)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/mmsrefk.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366732/; classtype:trojan-activity;sid:84229832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366733)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/aiioodk.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366733/; classtype:trojan-activity;sid:84229833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366734)"; flow:established,from_client; content:"GET"; http_method; content:"/metamail1/shll/raw/refs/heads/main/kk.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366734/; classtype:trojan-activity;sid:84229834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366718)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/adsacdi.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366718/; classtype:trojan-activity;sid:84229818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366719)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/affmcca.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366719/; classtype:trojan-activity;sid:84229819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366720)"; flow:established,from_client; content:"GET"; http_method; content:"/nullspectre/whyareyouhere-/4bed170d797d5d2077bfc312d8badcd3c1dbaa74/test2.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366720/; classtype:trojan-activity;sid:84229820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366721)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/arkiiia.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366721/; classtype:trojan-activity;sid:84229821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366722)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/gggroie.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366722/; classtype:trojan-activity;sid:84229822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366723)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/irrbgmg.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366723/; classtype:trojan-activity;sid:84229823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366724)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/haddmmk.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366724/; classtype:trojan-activity;sid:84229824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366725)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/pkdfida.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366725/; classtype:trojan-activity;sid:84229825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366726)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/nismida.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366726/; classtype:trojan-activity;sid:84229826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366727)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/iihgnoj.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366727/; classtype:trojan-activity;sid:84229827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366728)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/scfasif.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366728/; classtype:trojan-activity;sid:84229828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366729)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/iafmmeh.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366729/; classtype:trojan-activity;sid:84229829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366706)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/fkgfefc.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366706/; classtype:trojan-activity;sid:84229806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366707)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/mbnmmep.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366707/; classtype:trojan-activity;sid:84229807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366708)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/carobao.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366708/; classtype:trojan-activity;sid:84229808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366709)"; flow:established,from_client; content:"GET"; http_method; content:"/spooffewfe/yff/refs/heads/main/build.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366709/; classtype:trojan-activity;sid:84229809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366710)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/gbogcpm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366710/; classtype:trojan-activity;sid:84229810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366711)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/fmihdfg.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366711/; classtype:trojan-activity;sid:84229811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366712)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/osdmjmd.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366712/; classtype:trojan-activity;sid:84229812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366713)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/ammkhmm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366713/; classtype:trojan-activity;sid:84229813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366714)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/imfcnfi.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366714/; classtype:trojan-activity;sid:84229814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366715)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/ifdkjpn.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366715/; classtype:trojan-activity;sid:84229815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366716)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/pjkkdie.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366716/; classtype:trojan-activity;sid:84229816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366717)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/miamkjk.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366717/; classtype:trojan-activity;sid:84229817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366701)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/majsnok.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366701/; classtype:trojan-activity;sid:84229801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366702)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/foikfim.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366702/; classtype:trojan-activity;sid:84229802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366703)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/dnppmir.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366703/; classtype:trojan-activity;sid:84229803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366704)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/ifreene.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366704/; classtype:trojan-activity;sid:84229804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366705)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/hahfgae.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366705/; classtype:trojan-activity;sid:84229805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366699)"; flow:established,from_client; content:"GET"; http_method; content:"/darkneonglitch/prooes/refs/heads/main/syncing.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366699/; classtype:trojan-activity;sid:84229799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366700)"; flow:established,from_client; content:"GET"; http_method; content:"/fintp.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.flntp.ro"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366700/; classtype:trojan-activity;sid:84229800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366697)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.45.44.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366697/; classtype:trojan-activity;sid:84229797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366698)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/refs/heads/main/jdrgsotrti.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366698/; classtype:trojan-activity;sid:84229798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366694)"; flow:established,from_client; content:"GET"; http_method; content:"/urijas/moperats/refs/heads/main/pjthjsdjgjrtavv.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366694/; classtype:trojan-activity;sid:84229794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366695)"; flow:established,from_client; content:"GET"; http_method; content:"/urijas/moperats/refs/heads/main/ktyihkdfesf.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366695/; classtype:trojan-activity;sid:84229795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366696)"; flow:established,from_client; content:"GET"; http_method; content:"/iamunknownhk/testexer/refs/heads/main/build.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366696/; classtype:trojan-activity;sid:84229796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366692)"; flow:established,from_client; content:"GET"; http_method; content:"/script.hta"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"147.45.47.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366692/; classtype:trojan-activity;sid:84229792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pogkmskvgtpspwo.hta"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"fcafa.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366693/; classtype:trojan-activity;sid:84229793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366690)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366690/; classtype:trojan-activity;sid:84229790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366691)"; flow:established,from_client; content:"GET"; http_method; content:"/directlink/1/2/2.hta"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"156.238.236.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366691/; classtype:trojan-activity;sid:84229791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366685)"; flow:established,from_client; content:"GET"; http_method; content:"/h483kf/start.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"uspp.certikeys.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366685/; classtype:trojan-activity;sid:84229785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366686)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366686/; classtype:trojan-activity;sid:84229786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366687)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366687/; classtype:trojan-activity;sid:84229787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366688)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366688/; classtype:trojan-activity;sid:84229788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366689)"; flow:established,from_client; content:"GET"; http_method; content:"/h483kf/start.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"uspp.certikeys.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366689/; classtype:trojan-activity;sid:84229789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366683)"; flow:established,from_client; content:"GET"; http_method; content:"/4175180d6b714647/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366683/; classtype:trojan-activity;sid:84229783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366684)"; flow:established,from_client; content:"GET"; http_method; content:"/nullspectre/whyareyouhere-/raw/4bed170d797d5d2077bfc312d8badcd3c1dbaa74/test2.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366684/; classtype:trojan-activity;sid:84229784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366673)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/smbdgdn.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366673/; classtype:trojan-activity;sid:84229773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366674)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/acbfamp.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366674/; classtype:trojan-activity;sid:84229774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366675)"; flow:established,from_client; content:"GET"; http_method; content:"/urijas/moperats/raw/refs/heads/main/ktyihkdfesf.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366675/; classtype:trojan-activity;sid:84229775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366676)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/ojkpmkk.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366676/; classtype:trojan-activity;sid:84229776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366677)"; flow:established,from_client; content:"GET"; http_method; content:"/urijas/moperats/raw/refs/heads/main/pjthjsdjgjrtavv.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366677/; classtype:trojan-activity;sid:84229777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366678)"; flow:established,from_client; content:"GET"; http_method; content:"/iamunknownhk/testexer/raw/refs/heads/main/build.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366678/; classtype:trojan-activity;sid:84229778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366679)"; flow:established,from_client; content:"GET"; http_method; content:"/spooffewfe/yff/raw/refs/heads/main/build.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366679/; classtype:trojan-activity;sid:84229779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366680)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/dmskocm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366680/; classtype:trojan-activity;sid:84229780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366681)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"teamxox.world"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366681/; classtype:trojan-activity;sid:84229781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366682)"; flow:established,from_client; content:"GET"; http_method; content:"/4175180d6b714647/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366682/; classtype:trojan-activity;sid:84229782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366670)"; flow:established,from_client; content:"GET"; http_method; content:"/4175180d6b714647/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366670/; classtype:trojan-activity;sid:84229770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366671)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/kspecip.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366671/; classtype:trojan-activity;sid:84229771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366672)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6069966613/8zvmneg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366672/; classtype:trojan-activity;sid:84229772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366666)"; flow:established,from_client; content:"GET"; http_method; content:"/4175180d6b714647/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366666/; classtype:trojan-activity;sid:84229766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366667)"; flow:established,from_client; content:"GET"; http_method; content:"/4175180d6b714647/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366667/; classtype:trojan-activity;sid:84229767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366668)"; flow:established,from_client; content:"GET"; http_method; content:"/4175180d6b714647/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366668/; classtype:trojan-activity;sid:84229768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366669)"; flow:established,from_client; content:"GET"; http_method; content:"/4175180d6b714647/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366669/; classtype:trojan-activity;sid:84229769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.226.218.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366665/; classtype:trojan-activity;sid:84229765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366663)"; flow:established,from_client; content:"GET"; http_method; content:"/own.hta"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.beautymakeup.ca"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366663/; classtype:trojan-activity;sid:84229763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366664)"; flow:established,from_client; content:"GET"; http_method; content:"/cc.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rasmio.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366664/; classtype:trojan-activity;sid:84229764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366662)"; flow:established,from_client; content:"GET"; http_method; content:"/get/xtfglcmk2k/windowshost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366662/; classtype:trojan-activity;sid:84229762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366660)"; flow:established,from_client; content:"GET"; http_method; content:"/av/billys.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fitgirl-repackes.me"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366660/; classtype:trojan-activity;sid:84229760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366661)"; flow:established,from_client; content:"GET"; http_method; content:"/off/ruppert.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"neroheronero.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366661/; classtype:trojan-activity;sid:84229761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.224.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366659/; classtype:trojan-activity;sid:84229759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.245.2.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366658/; classtype:trojan-activity;sid:84229758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.11.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366657/; classtype:trojan-activity;sid:84229757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366656)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.24.189.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366656/; classtype:trojan-activity;sid:84229756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.153.73.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366655/; classtype:trojan-activity;sid:84229755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.39.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366654/; classtype:trojan-activity;sid:84229754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366653/; classtype:trojan-activity;sid:84229753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.19.133.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366652/; classtype:trojan-activity;sid:84229752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.117.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366650/; classtype:trojan-activity;sid:84229750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.39.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366651/; classtype:trojan-activity;sid:84229751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366649/; classtype:trojan-activity;sid:84229749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.78.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366648/; classtype:trojan-activity;sid:84229748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.184.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366646/; classtype:trojan-activity;sid:84229746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366647/; classtype:trojan-activity;sid:84229747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.11.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366645/; classtype:trojan-activity;sid:84229745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.68.110.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366644/; classtype:trojan-activity;sid:84229744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.102.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366643/; classtype:trojan-activity;sid:84229743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.11.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366642/; classtype:trojan-activity;sid:84229742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.239.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366641/; classtype:trojan-activity;sid:84229741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.239.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366639/; classtype:trojan-activity;sid:84229739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.45.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366640/; classtype:trojan-activity;sid:84229740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366638/; classtype:trojan-activity;sid:84229738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366637/; classtype:trojan-activity;sid:84229737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.175.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366636/; classtype:trojan-activity;sid:84229736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366634/; classtype:trojan-activity;sid:84229734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.6.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366635/; classtype:trojan-activity;sid:84229735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.34.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366632/; classtype:trojan-activity;sid:84229732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366633/; classtype:trojan-activity;sid:84229733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.162.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366631/; classtype:trojan-activity;sid:84229731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366630/; classtype:trojan-activity;sid:84229730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.224.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366629/; classtype:trojan-activity;sid:84229729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.250.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366628/; classtype:trojan-activity;sid:84229728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.188.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366627/; classtype:trojan-activity;sid:84229727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.121.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366626/; classtype:trojan-activity;sid:84229726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.11.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366625/; classtype:trojan-activity;sid:84229725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.184.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366624/; classtype:trojan-activity;sid:84229724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.23.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366623/; classtype:trojan-activity;sid:84229723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.113.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366622/; classtype:trojan-activity;sid:84229722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.4.112"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366621/; classtype:trojan-activity;sid:84229721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.76.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366620/; classtype:trojan-activity;sid:84229720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366618/; classtype:trojan-activity;sid:84229718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.81.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366619/; classtype:trojan-activity;sid:84229719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.19.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366617/; classtype:trojan-activity;sid:84229717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.71.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366616/; classtype:trojan-activity;sid:84229716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366615/; classtype:trojan-activity;sid:84229715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.93.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366614/; classtype:trojan-activity;sid:84229714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366613/; classtype:trojan-activity;sid:84229713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.40.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366612/; classtype:trojan-activity;sid:84229712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.131.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366611/; classtype:trojan-activity;sid:84229711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.175.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366610/; classtype:trojan-activity;sid:84229710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.188.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366609/; classtype:trojan-activity;sid:84229709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366608)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"wimf.demo.ezra-ai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366608/; classtype:trojan-activity;sid:84229708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.193.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366607/; classtype:trojan-activity;sid:84229707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.60.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366606/; classtype:trojan-activity;sid:84229706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.58.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366605/; classtype:trojan-activity;sid:84229705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.197.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366604/; classtype:trojan-activity;sid:84229704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366603/; classtype:trojan-activity;sid:84229703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366602)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"something.catchat.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366602/; classtype:trojan-activity;sid:84229702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366600)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"something.catchat.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366600/; classtype:trojan-activity;sid:84229700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366601)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"something.catchat.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366601/; classtype:trojan-activity;sid:84229701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366599)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"something.catchat.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366599/; classtype:trojan-activity;sid:84229699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366597)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"something.catchat.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366597/; classtype:trojan-activity;sid:84229697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366598)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"something.catchat.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366598/; classtype:trojan-activity;sid:84229698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366595)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"something.catchat.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366595/; classtype:trojan-activity;sid:84229695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366596)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"something.catchat.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366596/; classtype:trojan-activity;sid:84229696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366593)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"something.catchat.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366593/; classtype:trojan-activity;sid:84229693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366594)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"something.catchat.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366594/; classtype:trojan-activity;sid:84229694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366592/; classtype:trojan-activity;sid:84229692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"198.2.88.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366591/; classtype:trojan-activity;sid:84229691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.90.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366590/; classtype:trojan-activity;sid:84229690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.166.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366589/; classtype:trojan-activity;sid:84229689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.29.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366588/; classtype:trojan-activity;sid:84229688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.4.112"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366586/; classtype:trojan-activity;sid:84229686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.221.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366587/; classtype:trojan-activity;sid:84229687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366585/; classtype:trojan-activity;sid:84229685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.9.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366584/; classtype:trojan-activity;sid:84229684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366583/; classtype:trojan-activity;sid:84229683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.38.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366582/; classtype:trojan-activity;sid:84229682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.38.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366581/; classtype:trojan-activity;sid:84229681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.58.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366580/; classtype:trojan-activity;sid:84229680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.55.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366578/; classtype:trojan-activity;sid:84229678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366579/; classtype:trojan-activity;sid:84229679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366577/; classtype:trojan-activity;sid:84229677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.84.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366576/; classtype:trojan-activity;sid:84229676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.2.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366575/; classtype:trojan-activity;sid:84229675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.6.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366574/; classtype:trojan-activity;sid:84229674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.28.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366573/; classtype:trojan-activity;sid:84229673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.121.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366572/; classtype:trojan-activity;sid:84229672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.32.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366571/; classtype:trojan-activity;sid:84229671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.38.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366570/; classtype:trojan-activity;sid:84229670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.38.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366569/; classtype:trojan-activity;sid:84229669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.155.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366568/; classtype:trojan-activity;sid:84229668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.70.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366567/; classtype:trojan-activity;sid:84229667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.233.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366565/; classtype:trojan-activity;sid:84229665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.216.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366566/; classtype:trojan-activity;sid:84229666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.2.88.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366564/; classtype:trojan-activity;sid:84229664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.32.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366563/; classtype:trojan-activity;sid:84229663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.49.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366562/; classtype:trojan-activity;sid:84229662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.188.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366561/; classtype:trojan-activity;sid:84229661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366560/; classtype:trojan-activity;sid:84229660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.78.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366559/; classtype:trojan-activity;sid:84229659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.168.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366558/; classtype:trojan-activity;sid:84229658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.101.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366557/; classtype:trojan-activity;sid:84229657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366556/; classtype:trojan-activity;sid:84229656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366549)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ddos.howardwang2312.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366549/; classtype:trojan-activity;sid:84229649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366550)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ddos.howardwang2312.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366550/; classtype:trojan-activity;sid:84229650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366551)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ddos.howardwang2312.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366551/; classtype:trojan-activity;sid:84229651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366552)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ddos.howardwang2312.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366552/; classtype:trojan-activity;sid:84229652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366553)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ddos.howardwang2312.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366553/; classtype:trojan-activity;sid:84229653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.45.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366554/; classtype:trojan-activity;sid:84229654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.104.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366555/; classtype:trojan-activity;sid:84229655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366543)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ddos.howardwang2312.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366543/; classtype:trojan-activity;sid:84229643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366544)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ddos.howardwang2312.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366544/; classtype:trojan-activity;sid:84229644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366545)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ddos.howardwang2312.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366545/; classtype:trojan-activity;sid:84229645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366546)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ddos.howardwang2312.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366546/; classtype:trojan-activity;sid:84229646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366547)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ddos.howardwang2312.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366547/; classtype:trojan-activity;sid:84229647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366548)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ddos.howardwang2312.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366548/; classtype:trojan-activity;sid:84229648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366542)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.99.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366542/; classtype:trojan-activity;sid:84229642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.73.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366541/; classtype:trojan-activity;sid:84229641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366540/; classtype:trojan-activity;sid:84229640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.211.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366539/; classtype:trojan-activity;sid:84229639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.143.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366538/; classtype:trojan-activity;sid:84229638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.154.196.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366537/; classtype:trojan-activity;sid:84229637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.120.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366536/; classtype:trojan-activity;sid:84229636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.54.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366535/; classtype:trojan-activity;sid:84229635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.49.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366534/; classtype:trojan-activity;sid:84229634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.99.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366533/; classtype:trojan-activity;sid:84229633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.207.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366532/; classtype:trojan-activity;sid:84229632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366530)"; flow:established,from_client; content:"GET"; http_method; content:"/987656789009800.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366530/; classtype:trojan-activity;sid:84229630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366531)"; flow:established,from_client; content:"GET"; http_method; content:"/ion67898700.txz"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366531/; classtype:trojan-activity;sid:84229631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.120.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366529/; classtype:trojan-activity;sid:84229629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366528)"; flow:established,from_client; content:"GET"; http_method; content:"/ftqp098767800.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366528/; classtype:trojan-activity;sid:84229628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.181.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366527/; classtype:trojan-activity;sid:84229627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.168.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366526/; classtype:trojan-activity;sid:84229626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.155.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366524/; classtype:trojan-activity;sid:84229624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.40.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366525/; classtype:trojan-activity;sid:84229625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.78.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366523/; classtype:trojan-activity;sid:84229623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366522/; classtype:trojan-activity;sid:84229622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.196.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366520/; classtype:trojan-activity;sid:84229620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.24.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366521/; classtype:trojan-activity;sid:84229621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.196.183.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366519/; classtype:trojan-activity;sid:84229619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.138.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366518/; classtype:trojan-activity;sid:84229618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.154.196.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366517/; classtype:trojan-activity;sid:84229617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.54.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366516/; classtype:trojan-activity;sid:84229616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.227.89.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366515/; classtype:trojan-activity;sid:84229615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366514/; classtype:trojan-activity;sid:84229614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.110.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366513/; classtype:trojan-activity;sid:84229613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.207.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366512/; classtype:trojan-activity;sid:84229612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.120.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366510/; classtype:trojan-activity;sid:84229610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.182.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366511/; classtype:trojan-activity;sid:84229611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.181.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366509/; classtype:trojan-activity;sid:84229609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.170.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366508/; classtype:trojan-activity;sid:84229608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.196.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366507/; classtype:trojan-activity;sid:84229607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.162.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366506/; classtype:trojan-activity;sid:84229606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.36.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366505/; classtype:trojan-activity;sid:84229605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.155.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366504/; classtype:trojan-activity;sid:84229604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.207.75.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366503/; classtype:trojan-activity;sid:84229603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.89.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366502/; classtype:trojan-activity;sid:84229602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.246.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366501/; classtype:trojan-activity;sid:84229601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.9.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366500/; classtype:trojan-activity;sid:84229600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.182.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366499/; classtype:trojan-activity;sid:84229599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.239.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366498/; classtype:trojan-activity;sid:84229598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.211.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366497/; classtype:trojan-activity;sid:84229597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.143.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366496/; classtype:trojan-activity;sid:84229596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.27.252"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366495/; classtype:trojan-activity;sid:84229595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.190.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366494/; classtype:trojan-activity;sid:84229594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.221.45.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366492/; classtype:trojan-activity;sid:84229592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.41.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366493/; classtype:trojan-activity;sid:84229593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.111.131.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366491/; classtype:trojan-activity;sid:84229591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.106.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366490/; classtype:trojan-activity;sid:84229590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.170.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366489/; classtype:trojan-activity;sid:84229589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.120.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366488/; classtype:trojan-activity;sid:84229588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.119.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366487/; classtype:trojan-activity;sid:84229587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.89.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366485/; classtype:trojan-activity;sid:84229585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.246.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366486/; classtype:trojan-activity;sid:84229586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.8.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366483/; classtype:trojan-activity;sid:84229583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.15.98"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366484/; classtype:trojan-activity;sid:84229584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.242.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366482/; classtype:trojan-activity;sid:84229582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.25.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366481/; classtype:trojan-activity;sid:84229581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.39.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366480/; classtype:trojan-activity;sid:84229580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.200.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366479/; classtype:trojan-activity;sid:84229579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.211.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366478/; classtype:trojan-activity;sid:84229578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.238.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366477/; classtype:trojan-activity;sid:84229577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.254.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366476/; classtype:trojan-activity;sid:84229576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.165.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366475/; classtype:trojan-activity;sid:84229575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366474/; classtype:trojan-activity;sid:84229574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.85.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366472/; classtype:trojan-activity;sid:84229572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366473/; classtype:trojan-activity;sid:84229573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.244.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366471/; classtype:trojan-activity;sid:84229571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.19.129"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366470/; classtype:trojan-activity;sid:84229570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.22.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366469/; classtype:trojan-activity;sid:84229569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.176.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366468/; classtype:trojan-activity;sid:84229568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.39.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366467/; classtype:trojan-activity;sid:84229567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366466/; classtype:trojan-activity;sid:84229566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.41.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366465/; classtype:trojan-activity;sid:84229565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.25.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366464/; classtype:trojan-activity;sid:84229564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.153.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366463/; classtype:trojan-activity;sid:84229563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.66.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366462/; classtype:trojan-activity;sid:84229562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.186.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366461/; classtype:trojan-activity;sid:84229561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.120.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366460/; classtype:trojan-activity;sid:84229560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.126.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366457/; classtype:trojan-activity;sid:84229557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366458/; classtype:trojan-activity;sid:84229558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366459/; classtype:trojan-activity;sid:84229559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366456/; classtype:trojan-activity;sid:84229556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366455/; classtype:trojan-activity;sid:84229555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.120.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366453/; classtype:trojan-activity;sid:84229553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.196.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366454/; classtype:trojan-activity;sid:84229554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.165.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366452/; classtype:trojan-activity;sid:84229552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.220.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366449/; classtype:trojan-activity;sid:84229549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.178.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366450/; classtype:trojan-activity;sid:84229550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.22.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366451/; classtype:trojan-activity;sid:84229551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.23.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366448/; classtype:trojan-activity;sid:84229548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.116.186.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366447/; classtype:trojan-activity;sid:84229547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.93.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366446/; classtype:trojan-activity;sid:84229546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.19.129"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366445/; classtype:trojan-activity;sid:84229545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.14.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366443/; classtype:trojan-activity;sid:84229543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.10.7.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366444/; classtype:trojan-activity;sid:84229544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.176.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366442/; classtype:trojan-activity;sid:84229542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.47.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366441/; classtype:trojan-activity;sid:84229541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366439/; classtype:trojan-activity;sid:84229539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.214.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366440/; classtype:trojan-activity;sid:84229540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.195.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366438/; classtype:trojan-activity;sid:84229538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.127.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366437/; classtype:trojan-activity;sid:84229537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.177.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366436/; classtype:trojan-activity;sid:84229536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.177.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366435/; classtype:trojan-activity;sid:84229535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366434/; classtype:trojan-activity;sid:84229534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.57.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366433/; classtype:trojan-activity;sid:84229533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.244.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366432/; classtype:trojan-activity;sid:84229532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.220.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366431/; classtype:trojan-activity;sid:84229531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.94.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366430/; classtype:trojan-activity;sid:84229530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.178.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366428/; classtype:trojan-activity;sid:84229528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.93.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366429/; classtype:trojan-activity;sid:84229529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.173.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366427/; classtype:trojan-activity;sid:84229527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.14.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366426/; classtype:trojan-activity;sid:84229526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366425/; classtype:trojan-activity;sid:84229525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.54.14.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366424/; classtype:trojan-activity;sid:84229524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.226.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366423/; classtype:trojan-activity;sid:84229523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.205.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366422/; classtype:trojan-activity;sid:84229522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366421)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.24.187.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366421/; classtype:trojan-activity;sid:84229521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.138.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366419/; classtype:trojan-activity;sid:84229519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.79.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366420/; classtype:trojan-activity;sid:84229520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.10.7.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366418/; classtype:trojan-activity;sid:84229518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366417/; classtype:trojan-activity;sid:84229517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.61.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366416/; classtype:trojan-activity;sid:84229516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.64.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366415/; classtype:trojan-activity;sid:84229515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.177.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366414/; classtype:trojan-activity;sid:84229514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366413/; classtype:trojan-activity;sid:84229513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.175.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366412/; classtype:trojan-activity;sid:84229512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.21.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366411/; classtype:trojan-activity;sid:84229511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.9.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366410/; classtype:trojan-activity;sid:84229510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366409/; classtype:trojan-activity;sid:84229509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.237.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366408/; classtype:trojan-activity;sid:84229508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.112.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366407/; classtype:trojan-activity;sid:84229507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.226.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366406/; classtype:trojan-activity;sid:84229506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.169.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366405/; classtype:trojan-activity;sid:84229505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.221.45.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366404/; classtype:trojan-activity;sid:84229504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366403/; classtype:trojan-activity;sid:84229503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366402/; classtype:trojan-activity;sid:84229502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.9.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366401/; classtype:trojan-activity;sid:84229501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.166.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366400/; classtype:trojan-activity;sid:84229500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.26.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366399/; classtype:trojan-activity;sid:84229499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.181.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366398/; classtype:trojan-activity;sid:84229498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.150.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366397/; classtype:trojan-activity;sid:84229497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.236.244.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366396/; classtype:trojan-activity;sid:84229496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.16.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366395/; classtype:trojan-activity;sid:84229495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366394/; classtype:trojan-activity;sid:84229494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.24.53.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366393/; classtype:trojan-activity;sid:84229493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.238.199.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366390/; classtype:trojan-activity;sid:84229490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.117.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366391/; classtype:trojan-activity;sid:84229491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.108.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366392/; classtype:trojan-activity;sid:84229492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366387/; classtype:trojan-activity;sid:84229487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.112.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366388/; classtype:trojan-activity;sid:84229488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.181.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366389/; classtype:trojan-activity;sid:84229489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.107.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366386/; classtype:trojan-activity;sid:84229486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.250.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366385/; classtype:trojan-activity;sid:84229485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.50.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366384/; classtype:trojan-activity;sid:84229484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366383/; classtype:trojan-activity;sid:84229483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.222.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366382/; classtype:trojan-activity;sid:84229482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.86.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366381/; classtype:trojan-activity;sid:84229481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.173.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366380/; classtype:trojan-activity;sid:84229480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.179.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366379/; classtype:trojan-activity;sid:84229479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.7.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366378/; classtype:trojan-activity;sid:84229478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366377/; classtype:trojan-activity;sid:84229477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.111.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366375/; classtype:trojan-activity;sid:84229475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.26.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366376/; classtype:trojan-activity;sid:84229476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366374/; classtype:trojan-activity;sid:84229474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.160.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366372/; classtype:trojan-activity;sid:84229472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.8.210"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366373/; classtype:trojan-activity;sid:84229473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.21.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366371/; classtype:trojan-activity;sid:84229471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366366/; classtype:trojan-activity;sid:84229466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366367/; classtype:trojan-activity;sid:84229467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366368/; classtype:trojan-activity;sid:84229468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.125.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366369/; classtype:trojan-activity;sid:84229469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.211.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366370/; classtype:trojan-activity;sid:84229470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366365/; classtype:trojan-activity;sid:84229465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.58.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366364/; classtype:trojan-activity;sid:84229464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.86.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366363/; classtype:trojan-activity;sid:84229463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.166.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366362/; classtype:trojan-activity;sid:84229462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.222.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366361/; classtype:trojan-activity;sid:84229461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.25.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366359/; classtype:trojan-activity;sid:84229459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.118.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366360/; classtype:trojan-activity;sid:84229460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.209.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366358/; classtype:trojan-activity;sid:84229458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.156.48.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366357/; classtype:trojan-activity;sid:84229457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.7.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366355/; classtype:trojan-activity;sid:84229455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.111.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366356/; classtype:trojan-activity;sid:84229456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.140.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366354/; classtype:trojan-activity;sid:84229454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.179.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366353/; classtype:trojan-activity;sid:84229453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.140.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366351/; classtype:trojan-activity;sid:84229451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.160.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366352/; classtype:trojan-activity;sid:84229452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.181.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366350/; classtype:trojan-activity;sid:84229450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366349)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vzfy.demo.ezra-ai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366349/; classtype:trojan-activity;sid:84229449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366348/; classtype:trojan-activity;sid:84229448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366347/; classtype:trojan-activity;sid:84229447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.52.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366345/; classtype:trojan-activity;sid:84229445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.168.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366346/; classtype:trojan-activity;sid:84229446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.88.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366344/; classtype:trojan-activity;sid:84229444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.209.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366343/; classtype:trojan-activity;sid:84229443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.222.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366342/; classtype:trojan-activity;sid:84229442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.89.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366341/; classtype:trojan-activity;sid:84229441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.176.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366340/; classtype:trojan-activity;sid:84229440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.140.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366339/; classtype:trojan-activity;sid:84229439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.156.48.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366338/; classtype:trojan-activity;sid:84229438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.215.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366337/; classtype:trojan-activity;sid:84229437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.157.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366336/; classtype:trojan-activity;sid:84229436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.9.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366335/; classtype:trojan-activity;sid:84229435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366334/; classtype:trojan-activity;sid:84229434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.174.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366332/; classtype:trojan-activity;sid:84229432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.44.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366333/; classtype:trojan-activity;sid:84229433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.28.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366331/; classtype:trojan-activity;sid:84229431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.52.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366330/; classtype:trojan-activity;sid:84229430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.88.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366329/; classtype:trojan-activity;sid:84229429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.186.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366328/; classtype:trojan-activity;sid:84229428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.29.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366327/; classtype:trojan-activity;sid:84229427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366323/; classtype:trojan-activity;sid:84229423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.255.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366324/; classtype:trojan-activity;sid:84229424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.81.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366325/; classtype:trojan-activity;sid:84229425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.74.203.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366326/; classtype:trojan-activity;sid:84229426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.177.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366316/; classtype:trojan-activity;sid:84229416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.156.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366317/; classtype:trojan-activity;sid:84229417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.191.242.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366318/; classtype:trojan-activity;sid:84229418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.8.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366319/; classtype:trojan-activity;sid:84229419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.132.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366320/; classtype:trojan-activity;sid:84229420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.188.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366321/; classtype:trojan-activity;sid:84229421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366322/; classtype:trojan-activity;sid:84229422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.202.246.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366315/; classtype:trojan-activity;sid:84229415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.102.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366313/; classtype:trojan-activity;sid:84229413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.177.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366314/; classtype:trojan-activity;sid:84229414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.174.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366312/; classtype:trojan-activity;sid:84229412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.218.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366311/; classtype:trojan-activity;sid:84229411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.122.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366310/; classtype:trojan-activity;sid:84229410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.29.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366309/; classtype:trojan-activity;sid:84229409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.211.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366308/; classtype:trojan-activity;sid:84229408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.191.242.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366307/; classtype:trojan-activity;sid:84229407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.102.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366306/; classtype:trojan-activity;sid:84229406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.28.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366305/; classtype:trojan-activity;sid:84229405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.96.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366304/; classtype:trojan-activity;sid:84229404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.184.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366303/; classtype:trojan-activity;sid:84229403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366302/; classtype:trojan-activity;sid:84229402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.79.59"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366301/; classtype:trojan-activity;sid:84229401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366300/; classtype:trojan-activity;sid:84229400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.182.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366299/; classtype:trojan-activity;sid:84229399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.232.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366298/; classtype:trojan-activity;sid:84229398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.29.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366297/; classtype:trojan-activity;sid:84229397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.218.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366296/; classtype:trojan-activity;sid:84229396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.29.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366295/; classtype:trojan-activity;sid:84229395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.28.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366294/; classtype:trojan-activity;sid:84229394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.96.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366293/; classtype:trojan-activity;sid:84229393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.177.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366292/; classtype:trojan-activity;sid:84229392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.59.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366291/; classtype:trojan-activity;sid:84229391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.184.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366290/; classtype:trojan-activity;sid:84229390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.194.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366289/; classtype:trojan-activity;sid:84229389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.175.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366288/; classtype:trojan-activity;sid:84229388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.162.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366286/; classtype:trojan-activity;sid:84229386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.79.59"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366287/; classtype:trojan-activity;sid:84229387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.8.65"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366283/; classtype:trojan-activity;sid:84229383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.160.125.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366284/; classtype:trojan-activity;sid:84229384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.156.127.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366285/; classtype:trojan-activity;sid:84229385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.245.7.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366279/; classtype:trojan-activity;sid:84229379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.119.156.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366280/; classtype:trojan-activity;sid:84229380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.24.149.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366281/; classtype:trojan-activity;sid:84229381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.236.72.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366282/; classtype:trojan-activity;sid:84229382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.110.71.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366278/; classtype:trojan-activity;sid:84229378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.96.130.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366277/; classtype:trojan-activity;sid:84229377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.96.130.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366276/; classtype:trojan-activity;sid:84229376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.153.45.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366267/; classtype:trojan-activity;sid:84229367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.25.237.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366268/; classtype:trojan-activity;sid:84229368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.194.129.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366269/; classtype:trojan-activity;sid:84229369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.37.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366270/; classtype:trojan-activity;sid:84229370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.144.235.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366271/; classtype:trojan-activity;sid:84229371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.121.216.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366272/; classtype:trojan-activity;sid:84229372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.40.68.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366273/; classtype:trojan-activity;sid:84229373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.109.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366274/; classtype:trojan-activity;sid:84229374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.211.165.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366275/; classtype:trojan-activity;sid:84229375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366263/; classtype:trojan-activity;sid:84229363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.108.182.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366264/; classtype:trojan-activity;sid:84229364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.121.71.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366265/; classtype:trojan-activity;sid:84229365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.226.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366266/; classtype:trojan-activity;sid:84229366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.74.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366254/; classtype:trojan-activity;sid:84229354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.82.166.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366255/; classtype:trojan-activity;sid:84229355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.32.20.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366256/; classtype:trojan-activity;sid:84229356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.8.4.182"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366257/; classtype:trojan-activity;sid:84229357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.236.239.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366258/; classtype:trojan-activity;sid:84229358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.41.30.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366259/; classtype:trojan-activity;sid:84229359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"99.240.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366260/; classtype:trojan-activity;sid:84229360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.121.71.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366261/; classtype:trojan-activity;sid:84229361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.73.75.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366262/; classtype:trojan-activity;sid:84229362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.254.186.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366247/; classtype:trojan-activity;sid:84229347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.132.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366248/; classtype:trojan-activity;sid:84229348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.132.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366249/; classtype:trojan-activity;sid:84229349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.220.214.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366250/; classtype:trojan-activity;sid:84229350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"3.10.0.190"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366251/; classtype:trojan-activity;sid:84229351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.96.130.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366252/; classtype:trojan-activity;sid:84229352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.14.140.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366253/; classtype:trojan-activity;sid:84229353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.132.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366243/; classtype:trojan-activity;sid:84229343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.226.1.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366244/; classtype:trojan-activity;sid:84229344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.160.146.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366245/; classtype:trojan-activity;sid:84229345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.197.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366246/; classtype:trojan-activity;sid:84229346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.132.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366231/; classtype:trojan-activity;sid:84229331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.132.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366232/; classtype:trojan-activity;sid:84229332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.132.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366233/; classtype:trojan-activity;sid:84229333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.132.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366234/; classtype:trojan-activity;sid:84229334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.132.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366235/; classtype:trojan-activity;sid:84229335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.70.72"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366236/; classtype:trojan-activity;sid:84229336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.132.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366237/; classtype:trojan-activity;sid:84229337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.132.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366238/; classtype:trojan-activity;sid:84229338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.95.232.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366239/; classtype:trojan-activity;sid:84229339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.132.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366240/; classtype:trojan-activity;sid:84229340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.132.245.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366241/; classtype:trojan-activity;sid:84229341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.77.202.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366242/; classtype:trojan-activity;sid:84229342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.220.123.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366230/; classtype:trojan-activity;sid:84229330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366229/; classtype:trojan-activity;sid:84229329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.123.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366228/; classtype:trojan-activity;sid:84229328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366227)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sdlru.demo.ezra-ai.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366227/; classtype:trojan-activity;sid:84229327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366226/; classtype:trojan-activity;sid:84229326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.249.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366225/; classtype:trojan-activity;sid:84229325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.128.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366224/; classtype:trojan-activity;sid:84229324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366223/; classtype:trojan-activity;sid:84229323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366221)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.24.156.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366221/; classtype:trojan-activity;sid:84229321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.182.204.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366222/; classtype:trojan-activity;sid:84229322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366220/; classtype:trojan-activity;sid:84229320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.150.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366218/; classtype:trojan-activity;sid:84229318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.216.71.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366219/; classtype:trojan-activity;sid:84229319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.117.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366217/; classtype:trojan-activity;sid:84229317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366210)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/ifdkjpn.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366210/; classtype:trojan-activity;sid:84229310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366211)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/iafmmeh.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366211/; classtype:trojan-activity;sid:84229311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366212)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/acbfamp.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366212/; classtype:trojan-activity;sid:84229312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366213)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/fmihdfg.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366213/; classtype:trojan-activity;sid:84229313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366214)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/dnppmir.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366214/; classtype:trojan-activity;sid:84229314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366215)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/gggroie.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366215/; classtype:trojan-activity;sid:84229315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366216)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/oieehem.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366216/; classtype:trojan-activity;sid:84229316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366191)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/carobao.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366191/; classtype:trojan-activity;sid:84229291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366192)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/ifreene.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366192/; classtype:trojan-activity;sid:84229292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366193)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/smbdgdn.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366193/; classtype:trojan-activity;sid:84229293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366194)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/gbogcpm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366194/; classtype:trojan-activity;sid:84229294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366195)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/majsnok.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366195/; classtype:trojan-activity;sid:84229295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366196)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/arkiiia.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366196/; classtype:trojan-activity;sid:84229296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366197)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/pjkkdie.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366197/; classtype:trojan-activity;sid:84229297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366198)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/foikfim.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366198/; classtype:trojan-activity;sid:84229298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366199)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/scfasif.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366199/; classtype:trojan-activity;sid:84229299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366200)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/mbnmmep.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366200/; classtype:trojan-activity;sid:84229300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366201)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/adsacdi.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366201/; classtype:trojan-activity;sid:84229301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366202)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/fkgfefc.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366202/; classtype:trojan-activity;sid:84229302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366203)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/imfcnfi.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366203/; classtype:trojan-activity;sid:84229303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366204)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/irrbgmg.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366204/; classtype:trojan-activity;sid:84229304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366205)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/osdmjmd.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366205/; classtype:trojan-activity;sid:84229305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366206)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/haddmmk.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366206/; classtype:trojan-activity;sid:84229306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366207)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/kspecip.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366207/; classtype:trojan-activity;sid:84229307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366208)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/affmcca.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366208/; classtype:trojan-activity;sid:84229308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366209)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/ammkhmm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366209/; classtype:trojan-activity;sid:84229309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366188)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/hahfgae.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366188/; classtype:trojan-activity;sid:84229288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366189)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/fkgdhea.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366189/; classtype:trojan-activity;sid:84229289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366190)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/mmsrefk.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366190/; classtype:trojan-activity;sid:84229290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366187)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/ojkpmkk.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366187/; classtype:trojan-activity;sid:84229287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366185)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/dmskocm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366185/; classtype:trojan-activity;sid:84229285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366186)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/miamkjk.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366186/; classtype:trojan-activity;sid:84229286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366184)"; flow:established,from_client; content:"GET"; http_method; content:"/trabajo12023/proyecto/downloads/final1278685280.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366184/; classtype:trojan-activity;sid:84229284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366183)"; flow:established,from_client; content:"GET"; http_method; content:"/trabajo12023/proyecto/downloads/attachedstanford.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366183/; classtype:trojan-activity;sid:84229283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366181)"; flow:established,from_client; content:"GET"; http_method; content:"/trabajo12023/proyecto/downloads/simpson.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366181/; classtype:trojan-activity;sid:84229281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366182)"; flow:established,from_client; content:"GET"; http_method; content:"/trabajo12023/proyecto/downloads/rosas.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366182/; classtype:trojan-activity;sid:84229282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.118.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366179/; classtype:trojan-activity;sid:84229279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366180)"; flow:established,from_client; content:"GET"; http_method; content:"/trabajo12023/proyecto/downloads/ad.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366180/; classtype:trojan-activity;sid:84229280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366178)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/fiijadm.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366178/; classtype:trojan-activity;sid:84229278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366177)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/iihgnoj.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366177/; classtype:trojan-activity;sid:84229277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366174)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/pkdfida.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366174/; classtype:trojan-activity;sid:84229274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366175)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/jcibpah.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366175/; classtype:trojan-activity;sid:84229275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366176)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/rioggjs.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366176/; classtype:trojan-activity;sid:84229276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366169)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/ajmfdbi.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366169/; classtype:trojan-activity;sid:84229269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366170)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/sainhdn.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366170/; classtype:trojan-activity;sid:84229270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366171)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/pojahie.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366171/; classtype:trojan-activity;sid:84229271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366172)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/pbjmema.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366172/; classtype:trojan-activity;sid:84229272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366173)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/aiioodk.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366173/; classtype:trojan-activity;sid:84229273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366167)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/anfmicf.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366167/; classtype:trojan-activity;sid:84229267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366168)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/nismida.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366168/; classtype:trojan-activity;sid:84229268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366165)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/miopmim.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366165/; classtype:trojan-activity;sid:84229265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366166)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/mgdfmff.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366166/; classtype:trojan-activity;sid:84229266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366164)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366164/; classtype:trojan-activity;sid:84229264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366155)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366155/; classtype:trojan-activity;sid:84229255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366156)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366156/; classtype:trojan-activity;sid:84229256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366157)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366157/; classtype:trojan-activity;sid:84229257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366158)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366158/; classtype:trojan-activity;sid:84229258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366159)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366159/; classtype:trojan-activity;sid:84229259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366160)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366160/; classtype:trojan-activity;sid:84229260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366161)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366161/; classtype:trojan-activity;sid:84229261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366162)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366162/; classtype:trojan-activity;sid:84229262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366163/; classtype:trojan-activity;sid:84229263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366128)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366128/; classtype:trojan-activity;sid:84229228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366129)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366129/; classtype:trojan-activity;sid:84229229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366130)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366130/; classtype:trojan-activity;sid:84229230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366131)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366131/; classtype:trojan-activity;sid:84229231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366132)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366132/; classtype:trojan-activity;sid:84229232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366133)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366133/; classtype:trojan-activity;sid:84229233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366134)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366134/; classtype:trojan-activity;sid:84229234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366135)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366135/; classtype:trojan-activity;sid:84229235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366136)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366136/; classtype:trojan-activity;sid:84229236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366137)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366137/; classtype:trojan-activity;sid:84229237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366138)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366138/; classtype:trojan-activity;sid:84229238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366139)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366139/; classtype:trojan-activity;sid:84229239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366140)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366140/; classtype:trojan-activity;sid:84229240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366141)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366141/; classtype:trojan-activity;sid:84229241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366142)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366142/; classtype:trojan-activity;sid:84229242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366143)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366143/; classtype:trojan-activity;sid:84229243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366144)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366144/; classtype:trojan-activity;sid:84229244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366145)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366145/; classtype:trojan-activity;sid:84229245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366146)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366146/; classtype:trojan-activity;sid:84229246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366147)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366147/; classtype:trojan-activity;sid:84229247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366148)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366148/; classtype:trojan-activity;sid:84229248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366149)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366149/; classtype:trojan-activity;sid:84229249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366150)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366150/; classtype:trojan-activity;sid:84229250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366151)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366151/; classtype:trojan-activity;sid:84229251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366152)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366152/; classtype:trojan-activity;sid:84229252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366153)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366153/; classtype:trojan-activity;sid:84229253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366154)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366154/; classtype:trojan-activity;sid:84229254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.180.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366127/; classtype:trojan-activity;sid:84229227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.125.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366126/; classtype:trojan-activity;sid:84229226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366125/; classtype:trojan-activity;sid:84229225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366124/; classtype:trojan-activity;sid:84229224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.140.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366122/; classtype:trojan-activity;sid:84229222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.145.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366123/; classtype:trojan-activity;sid:84229223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.191.81.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366121/; classtype:trojan-activity;sid:84229221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.216.71.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366119/; classtype:trojan-activity;sid:84229219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.212.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366120/; classtype:trojan-activity;sid:84229220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.27.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366117/; classtype:trojan-activity;sid:84229217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.131.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366118/; classtype:trojan-activity;sid:84229218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366116/; classtype:trojan-activity;sid:84229216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.150.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366114/; classtype:trojan-activity;sid:84229214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.117.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366115/; classtype:trojan-activity;sid:84229215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366113/; classtype:trojan-activity;sid:84229213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366112/; classtype:trojan-activity;sid:84229212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.226.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366111/; classtype:trojan-activity;sid:84229211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366110)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366110/; classtype:trojan-activity;sid:84229210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.12.94.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366106/; classtype:trojan-activity;sid:84229206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366107)"; flow:established,from_client; content:"GET"; http_method; content:"/h483kf/front.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"uspp.certikeys.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366107/; classtype:trojan-activity;sid:84229207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366108)"; flow:established,from_client; content:"GET"; http_method; content:"/h483kf/front.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"track.novapostal.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366108/; classtype:trojan-activity;sid:84229208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366109)"; flow:established,from_client; content:"GET"; http_method; content:"/h483kf/front.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"me.jmitchelldayton.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366109/; classtype:trojan-activity;sid:84229209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.118.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366105/; classtype:trojan-activity;sid:84229205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.53.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366104/; classtype:trojan-activity;sid:84229204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.41.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366103/; classtype:trojan-activity;sid:84229203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.125.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366102/; classtype:trojan-activity;sid:84229202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366101/; classtype:trojan-activity;sid:84229201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366099)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%b0_19%2012%202024.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"uspp.certikeys.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366099/; classtype:trojan-activity;sid:84229199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366100)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%b0_19%2012%202024.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"track.novapostal.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366100/; classtype:trojan-activity;sid:84229200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366096)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%b0_19%2012%202024.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"me.jmitchelldayton.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366096/; classtype:trojan-activity;sid:84229196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366097)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%b0_19%2012%202024.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"185.158.248.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366097/; classtype:trojan-activity;sid:84229197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366098/; classtype:trojan-activity;sid:84229198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.34.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366095/; classtype:trojan-activity;sid:84229195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.41.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366094/; classtype:trojan-activity;sid:84229194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.103.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366093/; classtype:trojan-activity;sid:84229193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.206.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366092/; classtype:trojan-activity;sid:84229192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.54.14.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366091/; classtype:trojan-activity;sid:84229191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366090/; classtype:trojan-activity;sid:84229190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.192.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366089/; classtype:trojan-activity;sid:84229189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.53.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366087/; classtype:trojan-activity;sid:84229187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.226.218.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366088/; classtype:trojan-activity;sid:84229188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.160.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366086/; classtype:trojan-activity;sid:84229186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366085/; classtype:trojan-activity;sid:84229185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.12.94.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366084/; classtype:trojan-activity;sid:84229184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366083)"; flow:established,from_client; content:"GET"; http_method; content:"/gnjqwpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366083/; classtype:trojan-activity;sid:84229183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366082)"; flow:established,from_client; content:"GET"; http_method; content:"/fnkea7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366082/; classtype:trojan-activity;sid:84229182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366081)"; flow:established,from_client; content:"GET"; http_method; content:"/ngwa5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366081/; classtype:trojan-activity;sid:84229181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366079)"; flow:established,from_client; content:"GET"; http_method; content:"/wkb86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366079/; classtype:trojan-activity;sid:84229179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366080)"; flow:established,from_client; content:"GET"; http_method; content:"/kqibeps"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366080/; classtype:trojan-activity;sid:84229180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366075)"; flow:established,from_client; content:"GET"; http_method; content:"/woega6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366075/; classtype:trojan-activity;sid:84229175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366076)"; flow:established,from_client; content:"GET"; http_method; content:"/wrjkngh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366076/; classtype:trojan-activity;sid:84229176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366077)"; flow:established,from_client; content:"GET"; http_method; content:"/njvwa4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366077/; classtype:trojan-activity;sid:84229177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366078)"; flow:established,from_client; content:"GET"; http_method; content:"/wlw68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366078/; classtype:trojan-activity;sid:84229178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.57.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366074/; classtype:trojan-activity;sid:84229174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.229.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366073/; classtype:trojan-activity;sid:84229173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.160.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366072/; classtype:trojan-activity;sid:84229172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.30.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366070/; classtype:trojan-activity;sid:84229170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.175.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366071/; classtype:trojan-activity;sid:84229171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.206.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366069/; classtype:trojan-activity;sid:84229169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.52.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366068/; classtype:trojan-activity;sid:84229168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.32.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366067/; classtype:trojan-activity;sid:84229167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366065/; classtype:trojan-activity;sid:84229165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.113.102.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366066/; classtype:trojan-activity;sid:84229166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.166.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366064/; classtype:trojan-activity;sid:84229164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366063/; classtype:trojan-activity;sid:84229163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.208.201.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366062/; classtype:trojan-activity;sid:84229162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366061/; classtype:trojan-activity;sid:84229161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.10.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366060/; classtype:trojan-activity;sid:84229160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.56.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366059/; classtype:trojan-activity;sid:84229159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.241.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366058/; classtype:trojan-activity;sid:84229158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.192.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366057/; classtype:trojan-activity;sid:84229157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366056/; classtype:trojan-activity;sid:84229156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.84.79.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366055/; classtype:trojan-activity;sid:84229155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.145.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366054/; classtype:trojan-activity;sid:84229154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366053/; classtype:trojan-activity;sid:84229153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.57.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366052/; classtype:trojan-activity;sid:84229152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.81.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366051/; classtype:trojan-activity;sid:84229151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.152.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366050/; classtype:trojan-activity;sid:84229150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.7.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366049/; classtype:trojan-activity;sid:84229149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.44.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366048/; classtype:trojan-activity;sid:84229148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.229.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366047/; classtype:trojan-activity;sid:84229147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.148.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366046/; classtype:trojan-activity;sid:84229146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.30.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366045/; classtype:trojan-activity;sid:84229145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.14.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366044/; classtype:trojan-activity;sid:84229144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366043/; classtype:trojan-activity;sid:84229143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.56.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366042/; classtype:trojan-activity;sid:84229142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.73.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366041/; classtype:trojan-activity;sid:84229141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.241.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366040/; classtype:trojan-activity;sid:84229140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.70.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366039/; classtype:trojan-activity;sid:84229139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366037/; classtype:trojan-activity;sid:84229137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.4.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366038/; classtype:trojan-activity;sid:84229138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.84.79.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366036/; classtype:trojan-activity;sid:84229136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.197.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366035/; classtype:trojan-activity;sid:84229135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.152.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366034/; classtype:trojan-activity;sid:84229134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.139.220.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366032/; classtype:trojan-activity;sid:84229132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.175.25.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366033/; classtype:trojan-activity;sid:84229133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366031/; classtype:trojan-activity;sid:84229131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.14.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366030/; classtype:trojan-activity;sid:84229130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.150.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366029/; classtype:trojan-activity;sid:84229129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366028/; classtype:trojan-activity;sid:84229128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.194.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366027/; classtype:trojan-activity;sid:84229127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.90.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366026/; classtype:trojan-activity;sid:84229126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.31.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366025/; classtype:trojan-activity;sid:84229125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.97.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366024/; classtype:trojan-activity;sid:84229124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.150.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366023/; classtype:trojan-activity;sid:84229123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.28.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366022/; classtype:trojan-activity;sid:84229122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366020)"; flow:established,from_client; content:"GET"; http_method; content:"/wiewa64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366020/; classtype:trojan-activity;sid:84229120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.139.220.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366021/; classtype:trojan-activity;sid:84229121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.197.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366019/; classtype:trojan-activity;sid:84229119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.20.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366018/; classtype:trojan-activity;sid:84229118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.158.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366017/; classtype:trojan-activity;sid:84229117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.70.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366016/; classtype:trojan-activity;sid:84229116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.137.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366014/; classtype:trojan-activity;sid:84229114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.81.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366015/; classtype:trojan-activity;sid:84229115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366013)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nibvx.demo.ezra-ai.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366013/; classtype:trojan-activity;sid:84229113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366012/; classtype:trojan-activity;sid:84229112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.37.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366011/; classtype:trojan-activity;sid:84229111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.194.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366010/; classtype:trojan-activity;sid:84229110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.240.85.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366009/; classtype:trojan-activity;sid:84229109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.31.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366008/; classtype:trojan-activity;sid:84229108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.70.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366007/; classtype:trojan-activity;sid:84229107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366006/; classtype:trojan-activity;sid:84229106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.228.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366005/; classtype:trojan-activity;sid:84229105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.238.199.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366004/; classtype:trojan-activity;sid:84229104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366003/; classtype:trojan-activity;sid:84229103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.75.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366002/; classtype:trojan-activity;sid:84229102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.57.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366001/; classtype:trojan-activity;sid:84229101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366000)"; flow:established,from_client; content:"GET"; http_method; content:"/splm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366000/; classtype:trojan-activity;sid:84229100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.86.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365999/; classtype:trojan-activity;sid:84229099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.20.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365998/; classtype:trojan-activity;sid:84229098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.238.199.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365997/; classtype:trojan-activity;sid:84229097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.197.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365996/; classtype:trojan-activity;sid:84229096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.55.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365995/; classtype:trojan-activity;sid:84229095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.224.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365994/; classtype:trojan-activity;sid:84229094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.90.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365992/; classtype:trojan-activity;sid:84229092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.177.180.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365993/; classtype:trojan-activity;sid:84229093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.240.85.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365990/; classtype:trojan-activity;sid:84229090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.230.209.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365991/; classtype:trojan-activity;sid:84229091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.214.25.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365989/; classtype:trojan-activity;sid:84229089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.86.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365988/; classtype:trojan-activity;sid:84229088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.171.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365987/; classtype:trojan-activity;sid:84229087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.130.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365986/; classtype:trojan-activity;sid:84229086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365985/; classtype:trojan-activity;sid:84229085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.24.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365984/; classtype:trojan-activity;sid:84229084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.81.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365983/; classtype:trojan-activity;sid:84229083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365981/; classtype:trojan-activity;sid:84229081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.248.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365982/; classtype:trojan-activity;sid:84229082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.55.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365980/; classtype:trojan-activity;sid:84229080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.248.225.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365979/; classtype:trojan-activity;sid:84229079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.175.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365978/; classtype:trojan-activity;sid:84229078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365976/; classtype:trojan-activity;sid:84229076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.23.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365977/; classtype:trojan-activity;sid:84229077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.195.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365975/; classtype:trojan-activity;sid:84229075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.104.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365974/; classtype:trojan-activity;sid:84229074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.184.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365973/; classtype:trojan-activity;sid:84229073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.209.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365972/; classtype:trojan-activity;sid:84229072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.56.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365971/; classtype:trojan-activity;sid:84229071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.145.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365970/; classtype:trojan-activity;sid:84229070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365969/; classtype:trojan-activity;sid:84229069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.81.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365968/; classtype:trojan-activity;sid:84229068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.9.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365967/; classtype:trojan-activity;sid:84229067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.42.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365966/; classtype:trojan-activity;sid:84229066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.107.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365965/; classtype:trojan-activity;sid:84229065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.104.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365964/; classtype:trojan-activity;sid:84229064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.51.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365963/; classtype:trojan-activity;sid:84229063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.248.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365962/; classtype:trojan-activity;sid:84229062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.175.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365961/; classtype:trojan-activity;sid:84229061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.184.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365960/; classtype:trojan-activity;sid:84229060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.144.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365959/; classtype:trojan-activity;sid:84229059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.49.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365958/; classtype:trojan-activity;sid:84229058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.145.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365957/; classtype:trojan-activity;sid:84229057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.145.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365956/; classtype:trojan-activity;sid:84229056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.123.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365955/; classtype:trojan-activity;sid:84229055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.107.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365954/; classtype:trojan-activity;sid:84229054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.132.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365953/; classtype:trojan-activity;sid:84229053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.73.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365952/; classtype:trojan-activity;sid:84229052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.133.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365951/; classtype:trojan-activity;sid:84229051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.209.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365950/; classtype:trojan-activity;sid:84229050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.68.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365949/; classtype:trojan-activity;sid:84229049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365947/; classtype:trojan-activity;sid:84229047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365948/; classtype:trojan-activity;sid:84229048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.244.2.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365944/; classtype:trojan-activity;sid:84229044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.56.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365945/; classtype:trojan-activity;sid:84229045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.191.13.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365946/; classtype:trojan-activity;sid:84229046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.182.251.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365943/; classtype:trojan-activity;sid:84229043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.0.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365942/; classtype:trojan-activity;sid:84229042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.246.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365940/; classtype:trojan-activity;sid:84229040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.110.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365941/; classtype:trojan-activity;sid:84229041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.144.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365939/; classtype:trojan-activity;sid:84229039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365938/; classtype:trojan-activity;sid:84229038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.51.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365937/; classtype:trojan-activity;sid:84229037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.74.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365936/; classtype:trojan-activity;sid:84229036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.219.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365935/; classtype:trojan-activity;sid:84229035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.243.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365933/; classtype:trojan-activity;sid:84229033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.155.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365934/; classtype:trojan-activity;sid:84229034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.193.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365930/; classtype:trojan-activity;sid:84229030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.132.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365931/; classtype:trojan-activity;sid:84229031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.174.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365932/; classtype:trojan-activity;sid:84229032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365929/; classtype:trojan-activity;sid:84229029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365928)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mkgd.demo.ezra-ai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365928/; classtype:trojan-activity;sid:84229028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.50.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365927/; classtype:trojan-activity;sid:84229027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.153.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365926/; classtype:trojan-activity;sid:84229026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.246.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365925/; classtype:trojan-activity;sid:84229025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365924/; classtype:trojan-activity;sid:84229024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.82.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365923/; classtype:trojan-activity;sid:84229023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.115.79.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365922/; classtype:trojan-activity;sid:84229022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.91.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365921/; classtype:trojan-activity;sid:84229021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.110.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365920/; classtype:trojan-activity;sid:84229020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.179.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365919/; classtype:trojan-activity;sid:84229019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.231.203.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365918/; classtype:trojan-activity;sid:84229018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365917/; classtype:trojan-activity;sid:84229017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.147.66.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365916/; classtype:trojan-activity;sid:84229016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.144.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365915/; classtype:trojan-activity;sid:84229015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.133.189.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365914/; classtype:trojan-activity;sid:84229014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.58.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365912/; classtype:trojan-activity;sid:84229012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365913/; classtype:trojan-activity;sid:84229013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.135.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365911/; classtype:trojan-activity;sid:84229011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.153.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365910/; classtype:trojan-activity;sid:84229010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.179.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365909/; classtype:trojan-activity;sid:84229009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365908/; classtype:trojan-activity;sid:84229008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365907)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/xzl5xn2ld6app226c5vsl/or-amento.msi|3f|rlkey=ryne9zjhycx8m5f739gphmnnf|7c|26|7c|st=v95ow3e8|7c|26|7c|dl=1"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365907/; classtype:trojan-activity;sid:84229007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.229.237.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365906/; classtype:trojan-activity;sid:84229006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.240.85.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365905/; classtype:trojan-activity;sid:84229005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.127.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365902/; classtype:trojan-activity;sid:84229002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.246.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365903/; classtype:trojan-activity;sid:84229003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.91.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365904/; classtype:trojan-activity;sid:84229004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.118.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365901/; classtype:trojan-activity;sid:84229001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365900/; classtype:trojan-activity;sid:84229000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.34.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365899/; classtype:trojan-activity;sid:84228999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.212.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365898/; classtype:trojan-activity;sid:84228998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.231.203.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365897/; classtype:trojan-activity;sid:84228997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.243.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365896/; classtype:trojan-activity;sid:84228996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.125.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365895/; classtype:trojan-activity;sid:84228995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.206.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365894/; classtype:trojan-activity;sid:84228994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.144.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365893/; classtype:trojan-activity;sid:84228993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365892)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.240.54.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365892/; classtype:trojan-activity;sid:84228992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.219.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365891/; classtype:trojan-activity;sid:84228991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365890/; classtype:trojan-activity;sid:84228990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.212.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365885/; classtype:trojan-activity;sid:84228985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.100.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365886/; classtype:trojan-activity;sid:84228986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.27.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365887/; classtype:trojan-activity;sid:84228987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.9.251"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365888/; classtype:trojan-activity;sid:84228988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.243.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365889/; classtype:trojan-activity;sid:84228989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365884)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365884/; classtype:trojan-activity;sid:84228984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365883)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365883/; classtype:trojan-activity;sid:84228983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365882)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365882/; classtype:trojan-activity;sid:84228982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365881)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365881/; classtype:trojan-activity;sid:84228981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365880)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365880/; classtype:trojan-activity;sid:84228980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365863)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365863/; classtype:trojan-activity;sid:84228963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365864)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365864/; classtype:trojan-activity;sid:84228964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365865)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365865/; classtype:trojan-activity;sid:84228965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365866)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365866/; classtype:trojan-activity;sid:84228966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365867)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365867/; classtype:trojan-activity;sid:84228967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365868)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365868/; classtype:trojan-activity;sid:84228968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365869)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365869/; classtype:trojan-activity;sid:84228969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365870)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365870/; classtype:trojan-activity;sid:84228970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365871)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365871/; classtype:trojan-activity;sid:84228971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365872)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365872/; classtype:trojan-activity;sid:84228972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365873)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365873/; classtype:trojan-activity;sid:84228973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365874)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365874/; classtype:trojan-activity;sid:84228974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365875)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365875/; classtype:trojan-activity;sid:84228975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365876)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365876/; classtype:trojan-activity;sid:84228976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365877)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365877/; classtype:trojan-activity;sid:84228977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365878)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365878/; classtype:trojan-activity;sid:84228978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365879)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365879/; classtype:trojan-activity;sid:84228979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365851)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365851/; classtype:trojan-activity;sid:84228951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365852)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365852/; classtype:trojan-activity;sid:84228952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365853)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365853/; classtype:trojan-activity;sid:84228953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365854)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365854/; classtype:trojan-activity;sid:84228954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365855)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365855/; classtype:trojan-activity;sid:84228955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365856)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365856/; classtype:trojan-activity;sid:84228956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365857)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365857/; classtype:trojan-activity;sid:84228957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365858)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365858/; classtype:trojan-activity;sid:84228958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365859)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365859/; classtype:trojan-activity;sid:84228959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365860)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365860/; classtype:trojan-activity;sid:84228960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365861)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365861/; classtype:trojan-activity;sid:84228961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365862)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365862/; classtype:trojan-activity;sid:84228962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365850)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365850/; classtype:trojan-activity;sid:84228950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365848)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365848/; classtype:trojan-activity;sid:84228948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365849)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365849/; classtype:trojan-activity;sid:84228949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365845)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365845/; classtype:trojan-activity;sid:84228945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365846)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365846/; classtype:trojan-activity;sid:84228946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365847)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365847/; classtype:trojan-activity;sid:84228947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365833)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365833/; classtype:trojan-activity;sid:84228933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365834)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365834/; classtype:trojan-activity;sid:84228934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365835)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365835/; classtype:trojan-activity;sid:84228935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365836)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365836/; classtype:trojan-activity;sid:84228936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365837)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365837/; classtype:trojan-activity;sid:84228937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365838)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365838/; classtype:trojan-activity;sid:84228938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365839)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365839/; classtype:trojan-activity;sid:84228939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365840)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365840/; classtype:trojan-activity;sid:84228940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365841)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365841/; classtype:trojan-activity;sid:84228941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365842)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365842/; classtype:trojan-activity;sid:84228942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365843)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365843/; classtype:trojan-activity;sid:84228943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365844)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365844/; classtype:trojan-activity;sid:84228944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365828)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365828/; classtype:trojan-activity;sid:84228928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365829)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365829/; classtype:trojan-activity;sid:84228929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365830)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365830/; classtype:trojan-activity;sid:84228930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365831)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365831/; classtype:trojan-activity;sid:84228931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365832)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365832/; classtype:trojan-activity;sid:84228932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365825)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365825/; classtype:trojan-activity;sid:84228925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365826)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365826/; classtype:trojan-activity;sid:84228926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365827)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365827/; classtype:trojan-activity;sid:84228927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365823)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365823/; classtype:trojan-activity;sid:84228923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365824)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365824/; classtype:trojan-activity;sid:84228924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365821)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365821/; classtype:trojan-activity;sid:84228921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365822)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365822/; classtype:trojan-activity;sid:84228922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365819)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365819/; classtype:trojan-activity;sid:84228919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365820)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365820/; classtype:trojan-activity;sid:84228920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365802)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365802/; classtype:trojan-activity;sid:84228902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365803)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365803/; classtype:trojan-activity;sid:84228903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365804)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365804/; classtype:trojan-activity;sid:84228904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365805)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365805/; classtype:trojan-activity;sid:84228905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365806)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365806/; classtype:trojan-activity;sid:84228906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365807)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365807/; classtype:trojan-activity;sid:84228907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365808)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365808/; classtype:trojan-activity;sid:84228908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365809)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365809/; classtype:trojan-activity;sid:84228909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365810)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365810/; classtype:trojan-activity;sid:84228910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365811)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365811/; classtype:trojan-activity;sid:84228911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365812)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365812/; classtype:trojan-activity;sid:84228912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365813)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365813/; classtype:trojan-activity;sid:84228913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365814)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365814/; classtype:trojan-activity;sid:84228914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365815)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365815/; classtype:trojan-activity;sid:84228915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365816)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365816/; classtype:trojan-activity;sid:84228916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365817)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365817/; classtype:trojan-activity;sid:84228917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365818)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365818/; classtype:trojan-activity;sid:84228918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365793)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365793/; classtype:trojan-activity;sid:84228893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365794)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365794/; classtype:trojan-activity;sid:84228894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365795)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365795/; classtype:trojan-activity;sid:84228895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365796)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365796/; classtype:trojan-activity;sid:84228896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365797)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365797/; classtype:trojan-activity;sid:84228897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365798)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365798/; classtype:trojan-activity;sid:84228898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365799)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365799/; classtype:trojan-activity;sid:84228899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365800)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365800/; classtype:trojan-activity;sid:84228900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365801)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365801/; classtype:trojan-activity;sid:84228901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365787)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365787/; classtype:trojan-activity;sid:84228887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365788)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365788/; classtype:trojan-activity;sid:84228888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365789)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365789/; classtype:trojan-activity;sid:84228889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365790)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365790/; classtype:trojan-activity;sid:84228890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365791)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365791/; classtype:trojan-activity;sid:84228891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365792)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365792/; classtype:trojan-activity;sid:84228892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365785)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365785/; classtype:trojan-activity;sid:84228885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365786)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365786/; classtype:trojan-activity;sid:84228886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365784)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365784/; classtype:trojan-activity;sid:84228884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365778)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365778/; classtype:trojan-activity;sid:84228878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365779)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365779/; classtype:trojan-activity;sid:84228879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365780)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365780/; classtype:trojan-activity;sid:84228880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365781)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365781/; classtype:trojan-activity;sid:84228881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365782)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365782/; classtype:trojan-activity;sid:84228882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365783)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365783/; classtype:trojan-activity;sid:84228883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365768)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365768/; classtype:trojan-activity;sid:84228868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365769)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365769/; classtype:trojan-activity;sid:84228869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365770)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365770/; classtype:trojan-activity;sid:84228870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365771)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365771/; classtype:trojan-activity;sid:84228871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365772)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365772/; classtype:trojan-activity;sid:84228872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365773)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365773/; classtype:trojan-activity;sid:84228873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365774)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365774/; classtype:trojan-activity;sid:84228874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365775)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365775/; classtype:trojan-activity;sid:84228875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365776)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365776/; classtype:trojan-activity;sid:84228876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365777)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365777/; classtype:trojan-activity;sid:84228877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365754)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365754/; classtype:trojan-activity;sid:84228854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365755)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365755/; classtype:trojan-activity;sid:84228855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365756)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365756/; classtype:trojan-activity;sid:84228856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365757)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365757/; classtype:trojan-activity;sid:84228857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365758)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365758/; classtype:trojan-activity;sid:84228858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365759)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365759/; classtype:trojan-activity;sid:84228859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365760)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365760/; classtype:trojan-activity;sid:84228860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365761)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365761/; classtype:trojan-activity;sid:84228861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365762)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365762/; classtype:trojan-activity;sid:84228862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365763)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365763/; classtype:trojan-activity;sid:84228863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365764)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365764/; classtype:trojan-activity;sid:84228864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365765)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365765/; classtype:trojan-activity;sid:84228865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365766)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365766/; classtype:trojan-activity;sid:84228866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365767)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365767/; classtype:trojan-activity;sid:84228867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365753)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365753/; classtype:trojan-activity;sid:84228853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365750)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365750/; classtype:trojan-activity;sid:84228850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365751)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365751/; classtype:trojan-activity;sid:84228851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365752)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365752/; classtype:trojan-activity;sid:84228852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365729)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365729/; classtype:trojan-activity;sid:84228829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365730)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365730/; classtype:trojan-activity;sid:84228830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365731)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365731/; classtype:trojan-activity;sid:84228831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365732)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365732/; classtype:trojan-activity;sid:84228832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365733)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365733/; classtype:trojan-activity;sid:84228833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365734)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365734/; classtype:trojan-activity;sid:84228834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365735)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365735/; classtype:trojan-activity;sid:84228835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365736)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365736/; classtype:trojan-activity;sid:84228836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365737)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365737/; classtype:trojan-activity;sid:84228837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365738)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365738/; classtype:trojan-activity;sid:84228838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365739)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365739/; classtype:trojan-activity;sid:84228839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365740)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365740/; classtype:trojan-activity;sid:84228840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365741)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365741/; classtype:trojan-activity;sid:84228841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365742)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365742/; classtype:trojan-activity;sid:84228842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365743)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365743/; classtype:trojan-activity;sid:84228843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365744)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365744/; classtype:trojan-activity;sid:84228844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365745)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365745/; classtype:trojan-activity;sid:84228845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365746)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365746/; classtype:trojan-activity;sid:84228846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365747)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365747/; classtype:trojan-activity;sid:84228847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365748)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365748/; classtype:trojan-activity;sid:84228848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365749)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365749/; classtype:trojan-activity;sid:84228849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365724)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365724/; classtype:trojan-activity;sid:84228824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365725)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365725/; classtype:trojan-activity;sid:84228825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365726)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365726/; classtype:trojan-activity;sid:84228826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365727)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365727/; classtype:trojan-activity;sid:84228827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365728)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365728/; classtype:trojan-activity;sid:84228828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365719)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365719/; classtype:trojan-activity;sid:84228819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365720)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365720/; classtype:trojan-activity;sid:84228820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365721)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365721/; classtype:trojan-activity;sid:84228821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365722)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365722/; classtype:trojan-activity;sid:84228822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365723)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365723/; classtype:trojan-activity;sid:84228823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365718)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365718/; classtype:trojan-activity;sid:84228818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365717)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365717/; classtype:trojan-activity;sid:84228817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365711)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365711/; classtype:trojan-activity;sid:84228811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365712)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365712/; classtype:trojan-activity;sid:84228812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365713)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365713/; classtype:trojan-activity;sid:84228813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365714)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365714/; classtype:trojan-activity;sid:84228814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365715)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365715/; classtype:trojan-activity;sid:84228815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365716)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365716/; classtype:trojan-activity;sid:84228816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365696)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365696/; classtype:trojan-activity;sid:84228796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365697)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365697/; classtype:trojan-activity;sid:84228797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365698)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365698/; classtype:trojan-activity;sid:84228798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365699)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365699/; classtype:trojan-activity;sid:84228799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365700)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365700/; classtype:trojan-activity;sid:84228800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365701)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365701/; classtype:trojan-activity;sid:84228801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365702)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365702/; classtype:trojan-activity;sid:84228802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365703)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365703/; classtype:trojan-activity;sid:84228803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365704)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365704/; classtype:trojan-activity;sid:84228804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365705)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365705/; classtype:trojan-activity;sid:84228805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365706)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365706/; classtype:trojan-activity;sid:84228806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365707)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365707/; classtype:trojan-activity;sid:84228807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365708)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365708/; classtype:trojan-activity;sid:84228808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365709)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365709/; classtype:trojan-activity;sid:84228809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365710)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365710/; classtype:trojan-activity;sid:84228810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365689)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365689/; classtype:trojan-activity;sid:84228789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365690)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365690/; classtype:trojan-activity;sid:84228790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365691)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365691/; classtype:trojan-activity;sid:84228791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365692)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365692/; classtype:trojan-activity;sid:84228792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365693)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365693/; classtype:trojan-activity;sid:84228793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365694)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365694/; classtype:trojan-activity;sid:84228794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365695)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365695/; classtype:trojan-activity;sid:84228795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365684)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365684/; classtype:trojan-activity;sid:84228784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365685)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365685/; classtype:trojan-activity;sid:84228785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365686)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365686/; classtype:trojan-activity;sid:84228786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365687)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365687/; classtype:trojan-activity;sid:84228787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365688)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365688/; classtype:trojan-activity;sid:84228788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365681)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365681/; classtype:trojan-activity;sid:84228781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365682)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365682/; classtype:trojan-activity;sid:84228782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365683)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365683/; classtype:trojan-activity;sid:84228783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365678)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365678/; classtype:trojan-activity;sid:84228778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365679)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365679/; classtype:trojan-activity;sid:84228779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365680)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365680/; classtype:trojan-activity;sid:84228780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365670)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365670/; classtype:trojan-activity;sid:84228770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365671)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365671/; classtype:trojan-activity;sid:84228771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365672)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365672/; classtype:trojan-activity;sid:84228772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365673)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365673/; classtype:trojan-activity;sid:84228773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365674)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365674/; classtype:trojan-activity;sid:84228774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365675)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365675/; classtype:trojan-activity;sid:84228775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365676)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365676/; classtype:trojan-activity;sid:84228776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365677)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365677/; classtype:trojan-activity;sid:84228777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365656)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365656/; classtype:trojan-activity;sid:84228756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365657)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365657/; classtype:trojan-activity;sid:84228757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365658)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365658/; classtype:trojan-activity;sid:84228758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365659)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365659/; classtype:trojan-activity;sid:84228759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365660)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365660/; classtype:trojan-activity;sid:84228760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365661)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365661/; classtype:trojan-activity;sid:84228761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365662)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365662/; classtype:trojan-activity;sid:84228762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365663)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365663/; classtype:trojan-activity;sid:84228763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365664)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365664/; classtype:trojan-activity;sid:84228764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365665)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365665/; classtype:trojan-activity;sid:84228765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365666)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365666/; classtype:trojan-activity;sid:84228766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365667)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365667/; classtype:trojan-activity;sid:84228767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365668)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365668/; classtype:trojan-activity;sid:84228768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365669)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365669/; classtype:trojan-activity;sid:84228769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365655)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365655/; classtype:trojan-activity;sid:84228755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365648)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365648/; classtype:trojan-activity;sid:84228748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365649)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365649/; classtype:trojan-activity;sid:84228749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365650)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365650/; classtype:trojan-activity;sid:84228750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365651)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365651/; classtype:trojan-activity;sid:84228751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365652)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365652/; classtype:trojan-activity;sid:84228752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365653)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365653/; classtype:trojan-activity;sid:84228753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365654)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365654/; classtype:trojan-activity;sid:84228754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365647)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365647/; classtype:trojan-activity;sid:84228747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365645)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365645/; classtype:trojan-activity;sid:84228745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365646)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365646/; classtype:trojan-activity;sid:84228746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365642)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365642/; classtype:trojan-activity;sid:84228742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365643)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365643/; classtype:trojan-activity;sid:84228743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365644)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365644/; classtype:trojan-activity;sid:84228744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365641)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365641/; classtype:trojan-activity;sid:84228741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365632)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365632/; classtype:trojan-activity;sid:84228732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365633)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365633/; classtype:trojan-activity;sid:84228733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365634)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365634/; classtype:trojan-activity;sid:84228734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365635)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365635/; classtype:trojan-activity;sid:84228735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365636)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365636/; classtype:trojan-activity;sid:84228736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365637)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365637/; classtype:trojan-activity;sid:84228737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365638)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365638/; classtype:trojan-activity;sid:84228738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365639)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365639/; classtype:trojan-activity;sid:84228739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365640)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365640/; classtype:trojan-activity;sid:84228740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365627)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365627/; classtype:trojan-activity;sid:84228727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365628)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365628/; classtype:trojan-activity;sid:84228728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365629)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365629/; classtype:trojan-activity;sid:84228729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365630)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365630/; classtype:trojan-activity;sid:84228730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365631)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365631/; classtype:trojan-activity;sid:84228731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365620)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365620/; classtype:trojan-activity;sid:84228720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365621)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365621/; classtype:trojan-activity;sid:84228721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365622)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365622/; classtype:trojan-activity;sid:84228722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365623)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365623/; classtype:trojan-activity;sid:84228723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365624)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365624/; classtype:trojan-activity;sid:84228724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365625)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365625/; classtype:trojan-activity;sid:84228725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365626)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365626/; classtype:trojan-activity;sid:84228726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365616)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365616/; classtype:trojan-activity;sid:84228716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365617)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365617/; classtype:trojan-activity;sid:84228717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365618)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365618/; classtype:trojan-activity;sid:84228718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365619)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365619/; classtype:trojan-activity;sid:84228719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365614)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365614/; classtype:trojan-activity;sid:84228714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365615)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365615/; classtype:trojan-activity;sid:84228715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365608)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365608/; classtype:trojan-activity;sid:84228708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365609)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365609/; classtype:trojan-activity;sid:84228709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365610)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365610/; classtype:trojan-activity;sid:84228710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365611)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365611/; classtype:trojan-activity;sid:84228711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365612)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365612/; classtype:trojan-activity;sid:84228712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365613)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365613/; classtype:trojan-activity;sid:84228713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365607)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365607/; classtype:trojan-activity;sid:84228707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365604)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365604/; classtype:trojan-activity;sid:84228704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365605)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365605/; classtype:trojan-activity;sid:84228705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365606)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365606/; classtype:trojan-activity;sid:84228706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365602)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365602/; classtype:trojan-activity;sid:84228702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365603)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365603/; classtype:trojan-activity;sid:84228703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365596)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365596/; classtype:trojan-activity;sid:84228696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365597)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365597/; classtype:trojan-activity;sid:84228697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365598)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365598/; classtype:trojan-activity;sid:84228698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365599)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365599/; classtype:trojan-activity;sid:84228699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365600)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365600/; classtype:trojan-activity;sid:84228700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365601)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365601/; classtype:trojan-activity;sid:84228701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365592)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365592/; classtype:trojan-activity;sid:84228692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365593)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365593/; classtype:trojan-activity;sid:84228693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365594)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365594/; classtype:trojan-activity;sid:84228694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365595)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365595/; classtype:trojan-activity;sid:84228695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365585)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365585/; classtype:trojan-activity;sid:84228685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365586)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365586/; classtype:trojan-activity;sid:84228686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365587)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365587/; classtype:trojan-activity;sid:84228687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365588)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365588/; classtype:trojan-activity;sid:84228688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365589)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365589/; classtype:trojan-activity;sid:84228689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365590)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365590/; classtype:trojan-activity;sid:84228690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365591)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365591/; classtype:trojan-activity;sid:84228691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365581)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365581/; classtype:trojan-activity;sid:84228681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365582)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365582/; classtype:trojan-activity;sid:84228682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365583)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365583/; classtype:trojan-activity;sid:84228683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365584)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365584/; classtype:trojan-activity;sid:84228684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365575)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365575/; classtype:trojan-activity;sid:84228675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365576)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365576/; classtype:trojan-activity;sid:84228676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365577)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365577/; classtype:trojan-activity;sid:84228677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365578)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365578/; classtype:trojan-activity;sid:84228678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365579)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365579/; classtype:trojan-activity;sid:84228679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365580)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365580/; classtype:trojan-activity;sid:84228680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365571)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365571/; classtype:trojan-activity;sid:84228671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365572)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365572/; classtype:trojan-activity;sid:84228672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365573)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365573/; classtype:trojan-activity;sid:84228673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365574)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365574/; classtype:trojan-activity;sid:84228674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365569)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365569/; classtype:trojan-activity;sid:84228669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365570)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365570/; classtype:trojan-activity;sid:84228670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365564)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365564/; classtype:trojan-activity;sid:84228664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365565)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365565/; classtype:trojan-activity;sid:84228665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365566)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365566/; classtype:trojan-activity;sid:84228666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365567)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365567/; classtype:trojan-activity;sid:84228667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365568)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365568/; classtype:trojan-activity;sid:84228668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365561)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365561/; classtype:trojan-activity;sid:84228661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365562)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365562/; classtype:trojan-activity;sid:84228662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365563)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365563/; classtype:trojan-activity;sid:84228663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365557)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365557/; classtype:trojan-activity;sid:84228657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365558)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365558/; classtype:trojan-activity;sid:84228658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365559)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365559/; classtype:trojan-activity;sid:84228659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365560)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365560/; classtype:trojan-activity;sid:84228660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365552)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365552/; classtype:trojan-activity;sid:84228652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365553)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365553/; classtype:trojan-activity;sid:84228653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365554)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365554/; classtype:trojan-activity;sid:84228654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365555)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365555/; classtype:trojan-activity;sid:84228655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365556)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365556/; classtype:trojan-activity;sid:84228656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365546)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365546/; classtype:trojan-activity;sid:84228646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365547)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365547/; classtype:trojan-activity;sid:84228647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365548)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365548/; classtype:trojan-activity;sid:84228648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365549)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365549/; classtype:trojan-activity;sid:84228649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365550)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365550/; classtype:trojan-activity;sid:84228650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365551)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365551/; classtype:trojan-activity;sid:84228651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365542)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365542/; classtype:trojan-activity;sid:84228642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365543)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365543/; classtype:trojan-activity;sid:84228643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365544)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365544/; classtype:trojan-activity;sid:84228644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365545)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365545/; classtype:trojan-activity;sid:84228645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365537)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365537/; classtype:trojan-activity;sid:84228637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365538)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365538/; classtype:trojan-activity;sid:84228638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365539)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365539/; classtype:trojan-activity;sid:84228639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365540)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365540/; classtype:trojan-activity;sid:84228640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365541)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365541/; classtype:trojan-activity;sid:84228641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365531)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365531/; classtype:trojan-activity;sid:84228631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365532)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365532/; classtype:trojan-activity;sid:84228632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365533)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365533/; classtype:trojan-activity;sid:84228633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365534)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365534/; classtype:trojan-activity;sid:84228634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365535)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365535/; classtype:trojan-activity;sid:84228635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365536)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365536/; classtype:trojan-activity;sid:84228636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365527)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365527/; classtype:trojan-activity;sid:84228627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365528)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365528/; classtype:trojan-activity;sid:84228628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.206.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365529/; classtype:trojan-activity;sid:84228629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365530)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365530/; classtype:trojan-activity;sid:84228630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365523)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365523/; classtype:trojan-activity;sid:84228623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365524)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365524/; classtype:trojan-activity;sid:84228624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365525)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365525/; classtype:trojan-activity;sid:84228625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365526)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365526/; classtype:trojan-activity;sid:84228626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365520)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365520/; classtype:trojan-activity;sid:84228620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365521)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365521/; classtype:trojan-activity;sid:84228621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365522)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365522/; classtype:trojan-activity;sid:84228622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365516)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365516/; classtype:trojan-activity;sid:84228616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365517)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365517/; classtype:trojan-activity;sid:84228617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365518)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365518/; classtype:trojan-activity;sid:84228618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365519)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365519/; classtype:trojan-activity;sid:84228619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365511)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365511/; classtype:trojan-activity;sid:84228611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365512)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365512/; classtype:trojan-activity;sid:84228612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365513)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365513/; classtype:trojan-activity;sid:84228613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365514)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365514/; classtype:trojan-activity;sid:84228614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365515)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365515/; classtype:trojan-activity;sid:84228615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365509)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365509/; classtype:trojan-activity;sid:84228609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365510)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365510/; classtype:trojan-activity;sid:84228610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365507)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365507/; classtype:trojan-activity;sid:84228607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365508)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365508/; classtype:trojan-activity;sid:84228608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365502)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365502/; classtype:trojan-activity;sid:84228602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365503)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365503/; classtype:trojan-activity;sid:84228603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365504)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365504/; classtype:trojan-activity;sid:84228604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365505)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365505/; classtype:trojan-activity;sid:84228605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365506)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365506/; classtype:trojan-activity;sid:84228606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365497)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365497/; classtype:trojan-activity;sid:84228597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365498)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365498/; classtype:trojan-activity;sid:84228598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365499)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365499/; classtype:trojan-activity;sid:84228599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365500)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365500/; classtype:trojan-activity;sid:84228600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365501)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365501/; classtype:trojan-activity;sid:84228601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365496)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365496/; classtype:trojan-activity;sid:84228596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365488)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365488/; classtype:trojan-activity;sid:84228588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365489)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365489/; classtype:trojan-activity;sid:84228589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365490)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365490/; classtype:trojan-activity;sid:84228590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365491)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365491/; classtype:trojan-activity;sid:84228591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365492)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365492/; classtype:trojan-activity;sid:84228592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365493)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365493/; classtype:trojan-activity;sid:84228593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365494)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365494/; classtype:trojan-activity;sid:84228594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365495)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365495/; classtype:trojan-activity;sid:84228595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365486)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365486/; classtype:trojan-activity;sid:84228586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365487)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365487/; classtype:trojan-activity;sid:84228587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365481)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365481/; classtype:trojan-activity;sid:84228581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365482)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365482/; classtype:trojan-activity;sid:84228582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365483)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365483/; classtype:trojan-activity;sid:84228583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365484)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365484/; classtype:trojan-activity;sid:84228584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365485)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365485/; classtype:trojan-activity;sid:84228585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365475)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365475/; classtype:trojan-activity;sid:84228575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365476)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365476/; classtype:trojan-activity;sid:84228576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365477)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365477/; classtype:trojan-activity;sid:84228577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365478)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365478/; classtype:trojan-activity;sid:84228578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365479)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365479/; classtype:trojan-activity;sid:84228579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365480)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365480/; classtype:trojan-activity;sid:84228580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365473)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365473/; classtype:trojan-activity;sid:84228573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365474)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365474/; classtype:trojan-activity;sid:84228574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365471)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365471/; classtype:trojan-activity;sid:84228571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365472)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365472/; classtype:trojan-activity;sid:84228572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365466)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365466/; classtype:trojan-activity;sid:84228566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365467)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365467/; classtype:trojan-activity;sid:84228567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365468)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365468/; classtype:trojan-activity;sid:84228568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365469)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365469/; classtype:trojan-activity;sid:84228569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365470)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365470/; classtype:trojan-activity;sid:84228570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365461)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365461/; classtype:trojan-activity;sid:84228561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365462)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365462/; classtype:trojan-activity;sid:84228562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365463)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365463/; classtype:trojan-activity;sid:84228563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365464)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365464/; classtype:trojan-activity;sid:84228564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365465)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365465/; classtype:trojan-activity;sid:84228565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365460)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365460/; classtype:trojan-activity;sid:84228560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365457)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365457/; classtype:trojan-activity;sid:84228557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365458)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365458/; classtype:trojan-activity;sid:84228558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365459)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365459/; classtype:trojan-activity;sid:84228559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365451)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365451/; classtype:trojan-activity;sid:84228551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365452)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365452/; classtype:trojan-activity;sid:84228552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365453)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365453/; classtype:trojan-activity;sid:84228553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365454)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365454/; classtype:trojan-activity;sid:84228554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365455)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365455/; classtype:trojan-activity;sid:84228555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365456)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365456/; classtype:trojan-activity;sid:84228556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365447)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365447/; classtype:trojan-activity;sid:84228547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365448)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365448/; classtype:trojan-activity;sid:84228548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365449)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365449/; classtype:trojan-activity;sid:84228549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365450)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365450/; classtype:trojan-activity;sid:84228550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365444)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365444/; classtype:trojan-activity;sid:84228544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365445)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365445/; classtype:trojan-activity;sid:84228545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365446)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365446/; classtype:trojan-activity;sid:84228546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365442)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365442/; classtype:trojan-activity;sid:84228542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365443)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365443/; classtype:trojan-activity;sid:84228543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365440)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365440/; classtype:trojan-activity;sid:84228540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365441)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365441/; classtype:trojan-activity;sid:84228541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365433)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365433/; classtype:trojan-activity;sid:84228533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365434)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365434/; classtype:trojan-activity;sid:84228534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365435)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365435/; classtype:trojan-activity;sid:84228535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365436)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365436/; classtype:trojan-activity;sid:84228536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365437)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365437/; classtype:trojan-activity;sid:84228537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365438)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365438/; classtype:trojan-activity;sid:84228538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365439)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365439/; classtype:trojan-activity;sid:84228539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365430)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365430/; classtype:trojan-activity;sid:84228530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365431)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365431/; classtype:trojan-activity;sid:84228531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365432)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365432/; classtype:trojan-activity;sid:84228532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365423)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365423/; classtype:trojan-activity;sid:84228523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365424)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365424/; classtype:trojan-activity;sid:84228524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365425)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365425/; classtype:trojan-activity;sid:84228525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365426)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365426/; classtype:trojan-activity;sid:84228526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365427)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365427/; classtype:trojan-activity;sid:84228527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365428)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365428/; classtype:trojan-activity;sid:84228528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365429)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365429/; classtype:trojan-activity;sid:84228529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365420)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365420/; classtype:trojan-activity;sid:84228520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365421)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365421/; classtype:trojan-activity;sid:84228521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365422)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365422/; classtype:trojan-activity;sid:84228522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365419)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365419/; classtype:trojan-activity;sid:84228519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365416)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365416/; classtype:trojan-activity;sid:84228516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365417)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365417/; classtype:trojan-activity;sid:84228517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365418)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365418/; classtype:trojan-activity;sid:84228518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365410)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365410/; classtype:trojan-activity;sid:84228510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365411)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365411/; classtype:trojan-activity;sid:84228511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365412)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365412/; classtype:trojan-activity;sid:84228512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365413)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365413/; classtype:trojan-activity;sid:84228513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365414)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365414/; classtype:trojan-activity;sid:84228514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365415)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365415/; classtype:trojan-activity;sid:84228515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365406)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365406/; classtype:trojan-activity;sid:84228506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365407)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365407/; classtype:trojan-activity;sid:84228507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365408)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365408/; classtype:trojan-activity;sid:84228508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365409)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365409/; classtype:trojan-activity;sid:84228509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365401)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365401/; classtype:trojan-activity;sid:84228501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365402)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365402/; classtype:trojan-activity;sid:84228502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365403)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365403/; classtype:trojan-activity;sid:84228503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365404)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365404/; classtype:trojan-activity;sid:84228504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365405)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365405/; classtype:trojan-activity;sid:84228505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365395)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365395/; classtype:trojan-activity;sid:84228495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365396)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365396/; classtype:trojan-activity;sid:84228496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365397)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365397/; classtype:trojan-activity;sid:84228497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365398)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365398/; classtype:trojan-activity;sid:84228498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365399)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365399/; classtype:trojan-activity;sid:84228499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365400)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365400/; classtype:trojan-activity;sid:84228500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365389)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365389/; classtype:trojan-activity;sid:84228489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365390)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365390/; classtype:trojan-activity;sid:84228490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365391)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365391/; classtype:trojan-activity;sid:84228491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365392)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365392/; classtype:trojan-activity;sid:84228492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365393)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365393/; classtype:trojan-activity;sid:84228493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365394)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365394/; classtype:trojan-activity;sid:84228494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365387)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365387/; classtype:trojan-activity;sid:84228487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365388)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365388/; classtype:trojan-activity;sid:84228488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365385)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365385/; classtype:trojan-activity;sid:84228485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365386)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365386/; classtype:trojan-activity;sid:84228486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365380)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365380/; classtype:trojan-activity;sid:84228480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365381)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365381/; classtype:trojan-activity;sid:84228481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365382)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365382/; classtype:trojan-activity;sid:84228482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365383)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365383/; classtype:trojan-activity;sid:84228483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365384)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365384/; classtype:trojan-activity;sid:84228484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365373)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365373/; classtype:trojan-activity;sid:84228473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365374)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365374/; classtype:trojan-activity;sid:84228474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365375)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365375/; classtype:trojan-activity;sid:84228475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365376)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365376/; classtype:trojan-activity;sid:84228476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365377)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365377/; classtype:trojan-activity;sid:84228477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365378)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365378/; classtype:trojan-activity;sid:84228478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365379)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365379/; classtype:trojan-activity;sid:84228479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365370)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365370/; classtype:trojan-activity;sid:84228470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365371)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365371/; classtype:trojan-activity;sid:84228471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365372)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365372/; classtype:trojan-activity;sid:84228472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365367)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365367/; classtype:trojan-activity;sid:84228467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365368)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365368/; classtype:trojan-activity;sid:84228468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365369)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365369/; classtype:trojan-activity;sid:84228469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365363)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365363/; classtype:trojan-activity;sid:84228463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365364)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365364/; classtype:trojan-activity;sid:84228464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365365)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365365/; classtype:trojan-activity;sid:84228465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365366)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365366/; classtype:trojan-activity;sid:84228466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365360)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365360/; classtype:trojan-activity;sid:84228460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365361)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365361/; classtype:trojan-activity;sid:84228461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365362)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365362/; classtype:trojan-activity;sid:84228462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365358)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365358/; classtype:trojan-activity;sid:84228458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365359)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365359/; classtype:trojan-activity;sid:84228459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365351)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365351/; classtype:trojan-activity;sid:84228451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365352)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365352/; classtype:trojan-activity;sid:84228452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365353)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365353/; classtype:trojan-activity;sid:84228453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365354)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365354/; classtype:trojan-activity;sid:84228454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365355)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365355/; classtype:trojan-activity;sid:84228455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365356)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365356/; classtype:trojan-activity;sid:84228456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365357)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365357/; classtype:trojan-activity;sid:84228457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365350)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365350/; classtype:trojan-activity;sid:84228450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365349)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365349/; classtype:trojan-activity;sid:84228449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365346)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365346/; classtype:trojan-activity;sid:84228446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365347)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365347/; classtype:trojan-activity;sid:84228447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365348)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365348/; classtype:trojan-activity;sid:84228448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365335)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365335/; classtype:trojan-activity;sid:84228435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365336)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365336/; classtype:trojan-activity;sid:84228436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365337)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365337/; classtype:trojan-activity;sid:84228437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365338)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365338/; classtype:trojan-activity;sid:84228438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365339)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365339/; classtype:trojan-activity;sid:84228439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365340)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365340/; classtype:trojan-activity;sid:84228440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365341)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365341/; classtype:trojan-activity;sid:84228441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365342)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365342/; classtype:trojan-activity;sid:84228442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365343)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365343/; classtype:trojan-activity;sid:84228443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365344)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365344/; classtype:trojan-activity;sid:84228444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365345)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365345/; classtype:trojan-activity;sid:84228445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365332)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365332/; classtype:trojan-activity;sid:84228432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365333)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365333/; classtype:trojan-activity;sid:84228433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365334)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365334/; classtype:trojan-activity;sid:84228434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365330)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365330/; classtype:trojan-activity;sid:84228430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365331)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365331/; classtype:trojan-activity;sid:84228431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365329)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365329/; classtype:trojan-activity;sid:84228429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365327)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365327/; classtype:trojan-activity;sid:84228427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365328)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365328/; classtype:trojan-activity;sid:84228428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365324)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365324/; classtype:trojan-activity;sid:84228424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365325)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365325/; classtype:trojan-activity;sid:84228425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365326)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365326/; classtype:trojan-activity;sid:84228426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365320)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365320/; classtype:trojan-activity;sid:84228420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365321)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365321/; classtype:trojan-activity;sid:84228421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365322)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365322/; classtype:trojan-activity;sid:84228422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365323)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365323/; classtype:trojan-activity;sid:84228423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365313)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365313/; classtype:trojan-activity;sid:84228413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365314)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365314/; classtype:trojan-activity;sid:84228414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365315)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365315/; classtype:trojan-activity;sid:84228415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365316)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365316/; classtype:trojan-activity;sid:84228416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365317)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365317/; classtype:trojan-activity;sid:84228417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365318)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365318/; classtype:trojan-activity;sid:84228418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365319)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365319/; classtype:trojan-activity;sid:84228419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365310)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365310/; classtype:trojan-activity;sid:84228410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365311)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365311/; classtype:trojan-activity;sid:84228411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365312)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365312/; classtype:trojan-activity;sid:84228412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365302)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365302/; classtype:trojan-activity;sid:84228402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365303)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365303/; classtype:trojan-activity;sid:84228403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365304)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365304/; classtype:trojan-activity;sid:84228404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365305)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365305/; classtype:trojan-activity;sid:84228405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365306)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365306/; classtype:trojan-activity;sid:84228406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365307)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365307/; classtype:trojan-activity;sid:84228407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365308)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365308/; classtype:trojan-activity;sid:84228408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365309)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365309/; classtype:trojan-activity;sid:84228409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365295)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365295/; classtype:trojan-activity;sid:84228395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365296)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365296/; classtype:trojan-activity;sid:84228396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365297)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365297/; classtype:trojan-activity;sid:84228397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365298)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365298/; classtype:trojan-activity;sid:84228398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365299)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365299/; classtype:trojan-activity;sid:84228399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365300)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365300/; classtype:trojan-activity;sid:84228400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365301)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365301/; classtype:trojan-activity;sid:84228401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365294)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365294/; classtype:trojan-activity;sid:84228394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365292)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365292/; classtype:trojan-activity;sid:84228392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365293)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365293/; classtype:trojan-activity;sid:84228393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365291)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365291/; classtype:trojan-activity;sid:84228391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365290)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365290/; classtype:trojan-activity;sid:84228390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365284)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365284/; classtype:trojan-activity;sid:84228384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365285)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365285/; classtype:trojan-activity;sid:84228385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365286)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365286/; classtype:trojan-activity;sid:84228386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365287)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365287/; classtype:trojan-activity;sid:84228387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365288)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365288/; classtype:trojan-activity;sid:84228388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365289)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365289/; classtype:trojan-activity;sid:84228389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365274)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365274/; classtype:trojan-activity;sid:84228374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365275)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365275/; classtype:trojan-activity;sid:84228375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365276)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365276/; classtype:trojan-activity;sid:84228376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365277)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365277/; classtype:trojan-activity;sid:84228377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365278)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365278/; classtype:trojan-activity;sid:84228378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365279)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365279/; classtype:trojan-activity;sid:84228379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365280)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365280/; classtype:trojan-activity;sid:84228380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365281)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365281/; classtype:trojan-activity;sid:84228381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365282)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365282/; classtype:trojan-activity;sid:84228382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365283)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365283/; classtype:trojan-activity;sid:84228383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365267)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365267/; classtype:trojan-activity;sid:84228367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365268)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365268/; classtype:trojan-activity;sid:84228368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365269)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365269/; classtype:trojan-activity;sid:84228369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365270)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365270/; classtype:trojan-activity;sid:84228370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365271)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365271/; classtype:trojan-activity;sid:84228371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365272)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365272/; classtype:trojan-activity;sid:84228372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365273)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365273/; classtype:trojan-activity;sid:84228373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365263)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365263/; classtype:trojan-activity;sid:84228363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365264)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365264/; classtype:trojan-activity;sid:84228364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365265)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365265/; classtype:trojan-activity;sid:84228365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365266)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365266/; classtype:trojan-activity;sid:84228366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365261)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365261/; classtype:trojan-activity;sid:84228361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365262)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365262/; classtype:trojan-activity;sid:84228362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365258)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365258/; classtype:trojan-activity;sid:84228358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365259)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365259/; classtype:trojan-activity;sid:84228359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365260)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365260/; classtype:trojan-activity;sid:84228360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365256)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365256/; classtype:trojan-activity;sid:84228356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.125.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365257/; classtype:trojan-activity;sid:84228357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365254)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365254/; classtype:trojan-activity;sid:84228354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365255)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365255/; classtype:trojan-activity;sid:84228355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365253)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365253/; classtype:trojan-activity;sid:84228353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365242)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365242/; classtype:trojan-activity;sid:84228342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365243)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365243/; classtype:trojan-activity;sid:84228343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365244)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365244/; classtype:trojan-activity;sid:84228344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365245)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365245/; classtype:trojan-activity;sid:84228345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365246)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365246/; classtype:trojan-activity;sid:84228346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365247)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365247/; classtype:trojan-activity;sid:84228347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365248)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365248/; classtype:trojan-activity;sid:84228348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365249)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365249/; classtype:trojan-activity;sid:84228349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365250)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365250/; classtype:trojan-activity;sid:84228350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365251)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365251/; classtype:trojan-activity;sid:84228351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365252)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365252/; classtype:trojan-activity;sid:84228352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365225)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365225/; classtype:trojan-activity;sid:84228325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365226)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365226/; classtype:trojan-activity;sid:84228326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365227)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365227/; classtype:trojan-activity;sid:84228327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365228)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365228/; classtype:trojan-activity;sid:84228328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365229)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365229/; classtype:trojan-activity;sid:84228329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365230)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365230/; classtype:trojan-activity;sid:84228330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365231)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365231/; classtype:trojan-activity;sid:84228331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365232)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365232/; classtype:trojan-activity;sid:84228332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365233)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365233/; classtype:trojan-activity;sid:84228333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365234)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365234/; classtype:trojan-activity;sid:84228334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365235)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365235/; classtype:trojan-activity;sid:84228335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365236)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365236/; classtype:trojan-activity;sid:84228336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365237)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365237/; classtype:trojan-activity;sid:84228337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365238)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365238/; classtype:trojan-activity;sid:84228338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365239)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365239/; classtype:trojan-activity;sid:84228339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365240)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365240/; classtype:trojan-activity;sid:84228340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365241)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365241/; classtype:trojan-activity;sid:84228341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365223)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365223/; classtype:trojan-activity;sid:84228323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365224)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365224/; classtype:trojan-activity;sid:84228324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365219)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365219/; classtype:trojan-activity;sid:84228319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365220)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365220/; classtype:trojan-activity;sid:84228320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365221)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365221/; classtype:trojan-activity;sid:84228321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365222)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365222/; classtype:trojan-activity;sid:84228322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365218)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365218/; classtype:trojan-activity;sid:84228318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365217)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365217/; classtype:trojan-activity;sid:84228317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365216)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365216/; classtype:trojan-activity;sid:84228316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365210)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365210/; classtype:trojan-activity;sid:84228310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365211)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365211/; classtype:trojan-activity;sid:84228311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365212)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365212/; classtype:trojan-activity;sid:84228312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365213)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365213/; classtype:trojan-activity;sid:84228313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365214)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365214/; classtype:trojan-activity;sid:84228314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365215)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365215/; classtype:trojan-activity;sid:84228315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365193)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365193/; classtype:trojan-activity;sid:84228293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365194)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365194/; classtype:trojan-activity;sid:84228294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365195)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365195/; classtype:trojan-activity;sid:84228295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365196)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365196/; classtype:trojan-activity;sid:84228296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365197)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365197/; classtype:trojan-activity;sid:84228297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365198)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365198/; classtype:trojan-activity;sid:84228298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365199)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365199/; classtype:trojan-activity;sid:84228299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365200)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365200/; classtype:trojan-activity;sid:84228300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365201)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365201/; classtype:trojan-activity;sid:84228301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365202)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365202/; classtype:trojan-activity;sid:84228302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365203)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365203/; classtype:trojan-activity;sid:84228303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365204)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365204/; classtype:trojan-activity;sid:84228304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365205)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365205/; classtype:trojan-activity;sid:84228305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365206)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365206/; classtype:trojan-activity;sid:84228306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365207)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365207/; classtype:trojan-activity;sid:84228307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365208)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365208/; classtype:trojan-activity;sid:84228308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365209)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365209/; classtype:trojan-activity;sid:84228309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365188)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365188/; classtype:trojan-activity;sid:84228288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365189)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365189/; classtype:trojan-activity;sid:84228289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365190)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365190/; classtype:trojan-activity;sid:84228290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365191)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365191/; classtype:trojan-activity;sid:84228291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365192)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365192/; classtype:trojan-activity;sid:84228292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365187)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365187/; classtype:trojan-activity;sid:84228287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365186)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365186/; classtype:trojan-activity;sid:84228286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365185)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365185/; classtype:trojan-activity;sid:84228285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365180)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365180/; classtype:trojan-activity;sid:84228280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365181)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365181/; classtype:trojan-activity;sid:84228281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365182)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365182/; classtype:trojan-activity;sid:84228282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365183)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365183/; classtype:trojan-activity;sid:84228283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365184)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365184/; classtype:trojan-activity;sid:84228284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365168)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365168/; classtype:trojan-activity;sid:84228268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365169)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365169/; classtype:trojan-activity;sid:84228269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365170)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365170/; classtype:trojan-activity;sid:84228270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365171)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365171/; classtype:trojan-activity;sid:84228271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365172)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365172/; classtype:trojan-activity;sid:84228272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365173)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365173/; classtype:trojan-activity;sid:84228273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365174)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365174/; classtype:trojan-activity;sid:84228274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365175)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365175/; classtype:trojan-activity;sid:84228275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365176)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365176/; classtype:trojan-activity;sid:84228276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365177)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365177/; classtype:trojan-activity;sid:84228277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365178)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365178/; classtype:trojan-activity;sid:84228278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365179)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365179/; classtype:trojan-activity;sid:84228279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365161)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365161/; classtype:trojan-activity;sid:84228261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365162)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365162/; classtype:trojan-activity;sid:84228262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365163)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365163/; classtype:trojan-activity;sid:84228263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365164)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365164/; classtype:trojan-activity;sid:84228264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365165)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365165/; classtype:trojan-activity;sid:84228265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365166)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365166/; classtype:trojan-activity;sid:84228266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365167)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365167/; classtype:trojan-activity;sid:84228267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365155)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365155/; classtype:trojan-activity;sid:84228255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365156)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365156/; classtype:trojan-activity;sid:84228256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365157)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365157/; classtype:trojan-activity;sid:84228257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365158)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365158/; classtype:trojan-activity;sid:84228258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365159)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365159/; classtype:trojan-activity;sid:84228259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365160)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365160/; classtype:trojan-activity;sid:84228260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365154)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365154/; classtype:trojan-activity;sid:84228254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365152)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365152/; classtype:trojan-activity;sid:84228252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365153)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365153/; classtype:trojan-activity;sid:84228253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365150)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365150/; classtype:trojan-activity;sid:84228250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365151)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365151/; classtype:trojan-activity;sid:84228251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365144)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365144/; classtype:trojan-activity;sid:84228244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365145)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365145/; classtype:trojan-activity;sid:84228245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365146)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365146/; classtype:trojan-activity;sid:84228246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365147)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365147/; classtype:trojan-activity;sid:84228247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365148)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365148/; classtype:trojan-activity;sid:84228248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365149)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365149/; classtype:trojan-activity;sid:84228249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365138)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365138/; classtype:trojan-activity;sid:84228238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365139)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365139/; classtype:trojan-activity;sid:84228239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365140)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365140/; classtype:trojan-activity;sid:84228240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365141)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365141/; classtype:trojan-activity;sid:84228241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365142)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365142/; classtype:trojan-activity;sid:84228242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365143)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365143/; classtype:trojan-activity;sid:84228243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365129)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365129/; classtype:trojan-activity;sid:84228229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365130)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365130/; classtype:trojan-activity;sid:84228230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365131)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365131/; classtype:trojan-activity;sid:84228231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365132)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365132/; classtype:trojan-activity;sid:84228232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365133)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365133/; classtype:trojan-activity;sid:84228233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365134)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365134/; classtype:trojan-activity;sid:84228234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365135)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365135/; classtype:trojan-activity;sid:84228235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365136)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365136/; classtype:trojan-activity;sid:84228236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365137)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365137/; classtype:trojan-activity;sid:84228237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365121)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365121/; classtype:trojan-activity;sid:84228221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365122)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365122/; classtype:trojan-activity;sid:84228222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365123)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365123/; classtype:trojan-activity;sid:84228223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365124)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365124/; classtype:trojan-activity;sid:84228224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365125)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365125/; classtype:trojan-activity;sid:84228225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365126)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365126/; classtype:trojan-activity;sid:84228226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365127)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365127/; classtype:trojan-activity;sid:84228227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365128)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365128/; classtype:trojan-activity;sid:84228228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365115)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365115/; classtype:trojan-activity;sid:84228215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365116)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365116/; classtype:trojan-activity;sid:84228216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365117)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365117/; classtype:trojan-activity;sid:84228217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365118)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365118/; classtype:trojan-activity;sid:84228218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365119)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365119/; classtype:trojan-activity;sid:84228219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365120)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365120/; classtype:trojan-activity;sid:84228220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365114)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365114/; classtype:trojan-activity;sid:84228214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365113)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365113/; classtype:trojan-activity;sid:84228213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365109)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365109/; classtype:trojan-activity;sid:84228209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365110)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365110/; classtype:trojan-activity;sid:84228210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365111)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365111/; classtype:trojan-activity;sid:84228211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365112)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365112/; classtype:trojan-activity;sid:84228212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365094)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365094/; classtype:trojan-activity;sid:84228194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365095)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365095/; classtype:trojan-activity;sid:84228195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365096)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365096/; classtype:trojan-activity;sid:84228196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365097)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365097/; classtype:trojan-activity;sid:84228197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365098)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365098/; classtype:trojan-activity;sid:84228198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365099)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365099/; classtype:trojan-activity;sid:84228199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365100)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365100/; classtype:trojan-activity;sid:84228200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365101)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365101/; classtype:trojan-activity;sid:84228201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365102)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365102/; classtype:trojan-activity;sid:84228202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365103)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365103/; classtype:trojan-activity;sid:84228203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365104)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365104/; classtype:trojan-activity;sid:84228204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365105)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365105/; classtype:trojan-activity;sid:84228205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365106)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365106/; classtype:trojan-activity;sid:84228206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365107)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365107/; classtype:trojan-activity;sid:84228207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365108)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365108/; classtype:trojan-activity;sid:84228208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365083)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365083/; classtype:trojan-activity;sid:84228183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365084)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365084/; classtype:trojan-activity;sid:84228184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365085)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365085/; classtype:trojan-activity;sid:84228185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365086)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365086/; classtype:trojan-activity;sid:84228186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365087)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365087/; classtype:trojan-activity;sid:84228187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365088)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365088/; classtype:trojan-activity;sid:84228188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365089)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365089/; classtype:trojan-activity;sid:84228189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365090)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365090/; classtype:trojan-activity;sid:84228190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365091)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365091/; classtype:trojan-activity;sid:84228191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365092)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365092/; classtype:trojan-activity;sid:84228192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365093)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365093/; classtype:trojan-activity;sid:84228193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365077)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365077/; classtype:trojan-activity;sid:84228177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365078)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365078/; classtype:trojan-activity;sid:84228178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365079)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365079/; classtype:trojan-activity;sid:84228179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365080)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365080/; classtype:trojan-activity;sid:84228180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365081)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365081/; classtype:trojan-activity;sid:84228181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365082)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365082/; classtype:trojan-activity;sid:84228182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365075)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365075/; classtype:trojan-activity;sid:84228175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365076)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365076/; classtype:trojan-activity;sid:84228176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365074)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365074/; classtype:trojan-activity;sid:84228174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365068)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365068/; classtype:trojan-activity;sid:84228168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365069)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365069/; classtype:trojan-activity;sid:84228169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365070)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365070/; classtype:trojan-activity;sid:84228170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365071)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365071/; classtype:trojan-activity;sid:84228171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365072)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365072/; classtype:trojan-activity;sid:84228172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365073)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365073/; classtype:trojan-activity;sid:84228173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365050)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365050/; classtype:trojan-activity;sid:84228150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365051)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365051/; classtype:trojan-activity;sid:84228151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365052)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365052/; classtype:trojan-activity;sid:84228152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365053)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365053/; classtype:trojan-activity;sid:84228153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365054)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365054/; classtype:trojan-activity;sid:84228154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365055)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365055/; classtype:trojan-activity;sid:84228155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365056)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365056/; classtype:trojan-activity;sid:84228156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365057)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365057/; classtype:trojan-activity;sid:84228157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365058)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365058/; classtype:trojan-activity;sid:84228158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365059)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365059/; classtype:trojan-activity;sid:84228159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365060)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365060/; classtype:trojan-activity;sid:84228160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365061)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365061/; classtype:trojan-activity;sid:84228161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365062)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365062/; classtype:trojan-activity;sid:84228162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365063)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365063/; classtype:trojan-activity;sid:84228163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365064)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365064/; classtype:trojan-activity;sid:84228164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365065)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365065/; classtype:trojan-activity;sid:84228165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365066)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365066/; classtype:trojan-activity;sid:84228166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365067)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365067/; classtype:trojan-activity;sid:84228167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365042)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365042/; classtype:trojan-activity;sid:84228142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365043)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365043/; classtype:trojan-activity;sid:84228143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365044)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365044/; classtype:trojan-activity;sid:84228144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365045)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365045/; classtype:trojan-activity;sid:84228145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365046)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365046/; classtype:trojan-activity;sid:84228146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365047)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365047/; classtype:trojan-activity;sid:84228147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365048)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365048/; classtype:trojan-activity;sid:84228148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365049)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365049/; classtype:trojan-activity;sid:84228149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365038)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365038/; classtype:trojan-activity;sid:84228138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365039)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365039/; classtype:trojan-activity;sid:84228139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365040)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365040/; classtype:trojan-activity;sid:84228140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365041)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365041/; classtype:trojan-activity;sid:84228141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365037)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365037/; classtype:trojan-activity;sid:84228137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365036)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365036/; classtype:trojan-activity;sid:84228136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365034)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365034/; classtype:trojan-activity;sid:84228134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365035)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365035/; classtype:trojan-activity;sid:84228135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365023)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365023/; classtype:trojan-activity;sid:84228123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365024)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365024/; classtype:trojan-activity;sid:84228124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365025)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365025/; classtype:trojan-activity;sid:84228125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365026)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365026/; classtype:trojan-activity;sid:84228126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365027)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365027/; classtype:trojan-activity;sid:84228127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365028)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365028/; classtype:trojan-activity;sid:84228128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365029)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365029/; classtype:trojan-activity;sid:84228129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365030)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365030/; classtype:trojan-activity;sid:84228130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365031)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365031/; classtype:trojan-activity;sid:84228131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365032)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365032/; classtype:trojan-activity;sid:84228132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365033)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365033/; classtype:trojan-activity;sid:84228133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365005)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365005/; classtype:trojan-activity;sid:84228105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365006)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365006/; classtype:trojan-activity;sid:84228106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365007)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365007/; classtype:trojan-activity;sid:84228107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365008)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365008/; classtype:trojan-activity;sid:84228108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365009)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365009/; classtype:trojan-activity;sid:84228109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365010)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365010/; classtype:trojan-activity;sid:84228110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365011)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365011/; classtype:trojan-activity;sid:84228111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365012)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365012/; classtype:trojan-activity;sid:84228112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365013)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365013/; classtype:trojan-activity;sid:84228113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365014)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365014/; classtype:trojan-activity;sid:84228114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365015)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365015/; classtype:trojan-activity;sid:84228115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365016)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365016/; classtype:trojan-activity;sid:84228116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365017)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365017/; classtype:trojan-activity;sid:84228117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365018)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365018/; classtype:trojan-activity;sid:84228118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365019)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365019/; classtype:trojan-activity;sid:84228119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365020)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365020/; classtype:trojan-activity;sid:84228120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365021)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365021/; classtype:trojan-activity;sid:84228121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365022)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365022/; classtype:trojan-activity;sid:84228122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365000)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365000/; classtype:trojan-activity;sid:84228100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365001)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365001/; classtype:trojan-activity;sid:84228101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365002)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365002/; classtype:trojan-activity;sid:84228102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365003)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365003/; classtype:trojan-activity;sid:84228103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3365004)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3365004/; classtype:trojan-activity;sid:84228104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364999)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364999/; classtype:trojan-activity;sid:84228099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364996)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364996/; classtype:trojan-activity;sid:84228096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364997)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364997/; classtype:trojan-activity;sid:84228097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364998)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364998/; classtype:trojan-activity;sid:84228098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364991)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364991/; classtype:trojan-activity;sid:84228091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364992)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364992/; classtype:trojan-activity;sid:84228092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364993)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364993/; classtype:trojan-activity;sid:84228093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364994)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364994/; classtype:trojan-activity;sid:84228094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364995)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364995/; classtype:trojan-activity;sid:84228095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364967)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364967/; classtype:trojan-activity;sid:84228067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364968)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364968/; classtype:trojan-activity;sid:84228068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364969)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364969/; classtype:trojan-activity;sid:84228069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364970)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364970/; classtype:trojan-activity;sid:84228070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364971)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364971/; classtype:trojan-activity;sid:84228071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364972)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364972/; classtype:trojan-activity;sid:84228072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364973)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364973/; classtype:trojan-activity;sid:84228073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364974)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364974/; classtype:trojan-activity;sid:84228074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364975)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364975/; classtype:trojan-activity;sid:84228075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364976)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364976/; classtype:trojan-activity;sid:84228076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364977)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364977/; classtype:trojan-activity;sid:84228077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364978)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364978/; classtype:trojan-activity;sid:84228078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364979)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364979/; classtype:trojan-activity;sid:84228079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364980)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364980/; classtype:trojan-activity;sid:84228080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364981)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364981/; classtype:trojan-activity;sid:84228081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364982)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364982/; classtype:trojan-activity;sid:84228082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364983)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364983/; classtype:trojan-activity;sid:84228083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364984)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364984/; classtype:trojan-activity;sid:84228084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364985)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364985/; classtype:trojan-activity;sid:84228085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364986)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364986/; classtype:trojan-activity;sid:84228086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364987)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364987/; classtype:trojan-activity;sid:84228087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364988)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364988/; classtype:trojan-activity;sid:84228088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364989)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364989/; classtype:trojan-activity;sid:84228089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364990)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364990/; classtype:trojan-activity;sid:84228090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364965)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364965/; classtype:trojan-activity;sid:84228065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364966)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364966/; classtype:trojan-activity;sid:84228066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364964)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364964/; classtype:trojan-activity;sid:84228064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364963)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364963/; classtype:trojan-activity;sid:84228063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364959)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364959/; classtype:trojan-activity;sid:84228059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364960)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364960/; classtype:trojan-activity;sid:84228060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364961)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364961/; classtype:trojan-activity;sid:84228061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364962)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364962/; classtype:trojan-activity;sid:84228062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364957)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364957/; classtype:trojan-activity;sid:84228057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364958)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364958/; classtype:trojan-activity;sid:84228058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364955)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364955/; classtype:trojan-activity;sid:84228055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364956)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364956/; classtype:trojan-activity;sid:84228056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364944)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364944/; classtype:trojan-activity;sid:84228044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364945)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364945/; classtype:trojan-activity;sid:84228045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364946)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364946/; classtype:trojan-activity;sid:84228046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364947)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364947/; classtype:trojan-activity;sid:84228047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364948)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364948/; classtype:trojan-activity;sid:84228048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364949)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364949/; classtype:trojan-activity;sid:84228049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364950)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364950/; classtype:trojan-activity;sid:84228050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364951)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364951/; classtype:trojan-activity;sid:84228051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364952)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364952/; classtype:trojan-activity;sid:84228052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364953)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364953/; classtype:trojan-activity;sid:84228053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364954)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364954/; classtype:trojan-activity;sid:84228054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364929)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364929/; classtype:trojan-activity;sid:84228029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364930)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364930/; classtype:trojan-activity;sid:84228030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364931)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364931/; classtype:trojan-activity;sid:84228031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364932)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364932/; classtype:trojan-activity;sid:84228032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364933)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364933/; classtype:trojan-activity;sid:84228033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364934)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364934/; classtype:trojan-activity;sid:84228034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364935)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364935/; classtype:trojan-activity;sid:84228035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364936)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364936/; classtype:trojan-activity;sid:84228036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364937)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364937/; classtype:trojan-activity;sid:84228037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364938)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364938/; classtype:trojan-activity;sid:84228038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364939)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364939/; classtype:trojan-activity;sid:84228039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364940)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364940/; classtype:trojan-activity;sid:84228040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364941)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364941/; classtype:trojan-activity;sid:84228041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364942)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364942/; classtype:trojan-activity;sid:84228042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364943)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364943/; classtype:trojan-activity;sid:84228043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364925)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364925/; classtype:trojan-activity;sid:84228025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364926)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364926/; classtype:trojan-activity;sid:84228026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364927)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364927/; classtype:trojan-activity;sid:84228027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364928)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364928/; classtype:trojan-activity;sid:84228028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364924)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364924/; classtype:trojan-activity;sid:84228024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364923)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364923/; classtype:trojan-activity;sid:84228023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364921)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364921/; classtype:trojan-activity;sid:84228021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364922)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364922/; classtype:trojan-activity;sid:84228022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364919)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364919/; classtype:trojan-activity;sid:84228019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364920)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364920/; classtype:trojan-activity;sid:84228020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364913)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364913/; classtype:trojan-activity;sid:84228013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364914)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364914/; classtype:trojan-activity;sid:84228014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364915)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364915/; classtype:trojan-activity;sid:84228015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364916)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364916/; classtype:trojan-activity;sid:84228016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364917)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364917/; classtype:trojan-activity;sid:84228017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364918)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364918/; classtype:trojan-activity;sid:84228018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364895)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364895/; classtype:trojan-activity;sid:84227995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364896)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364896/; classtype:trojan-activity;sid:84227996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364897)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364897/; classtype:trojan-activity;sid:84227997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364898)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364898/; classtype:trojan-activity;sid:84227998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364899)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364899/; classtype:trojan-activity;sid:84227999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364900)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364900/; classtype:trojan-activity;sid:84228000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364901)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364901/; classtype:trojan-activity;sid:84228001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364902)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364902/; classtype:trojan-activity;sid:84228002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364903)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364903/; classtype:trojan-activity;sid:84228003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364904)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364904/; classtype:trojan-activity;sid:84228004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364905)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364905/; classtype:trojan-activity;sid:84228005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364906)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364906/; classtype:trojan-activity;sid:84228006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364907)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364907/; classtype:trojan-activity;sid:84228007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364908)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364908/; classtype:trojan-activity;sid:84228008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364909)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364909/; classtype:trojan-activity;sid:84228009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364910)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364910/; classtype:trojan-activity;sid:84228010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364911)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364911/; classtype:trojan-activity;sid:84228011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364912)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364912/; classtype:trojan-activity;sid:84228012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364893)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364893/; classtype:trojan-activity;sid:84227993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364894)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364894/; classtype:trojan-activity;sid:84227994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364890)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364890/; classtype:trojan-activity;sid:84227990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364891)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364891/; classtype:trojan-activity;sid:84227991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364892)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364892/; classtype:trojan-activity;sid:84227992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364888)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364888/; classtype:trojan-activity;sid:84227988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364889)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364889/; classtype:trojan-activity;sid:84227989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364886)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364886/; classtype:trojan-activity;sid:84227986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364887)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364887/; classtype:trojan-activity;sid:84227987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364885)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364885/; classtype:trojan-activity;sid:84227985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364882)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364882/; classtype:trojan-activity;sid:84227982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364883)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364883/; classtype:trojan-activity;sid:84227983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364884)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364884/; classtype:trojan-activity;sid:84227984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364878)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364878/; classtype:trojan-activity;sid:84227978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364879)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364879/; classtype:trojan-activity;sid:84227979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364880)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364880/; classtype:trojan-activity;sid:84227980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364881)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364881/; classtype:trojan-activity;sid:84227981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364859)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364859/; classtype:trojan-activity;sid:84227959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364860)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364860/; classtype:trojan-activity;sid:84227960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364861)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364861/; classtype:trojan-activity;sid:84227961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364862)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364862/; classtype:trojan-activity;sid:84227962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364863)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364863/; classtype:trojan-activity;sid:84227963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364864)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364864/; classtype:trojan-activity;sid:84227964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364865)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364865/; classtype:trojan-activity;sid:84227965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364866)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364866/; classtype:trojan-activity;sid:84227966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364867)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364867/; classtype:trojan-activity;sid:84227967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364868)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364868/; classtype:trojan-activity;sid:84227968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364869)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364869/; classtype:trojan-activity;sid:84227969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364870)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364870/; classtype:trojan-activity;sid:84227970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364871)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364871/; classtype:trojan-activity;sid:84227971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364872)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364872/; classtype:trojan-activity;sid:84227972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364873)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364873/; classtype:trojan-activity;sid:84227973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364874)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364874/; classtype:trojan-activity;sid:84227974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364875)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364875/; classtype:trojan-activity;sid:84227975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364876)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364876/; classtype:trojan-activity;sid:84227976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364877)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364877/; classtype:trojan-activity;sid:84227977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364855)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364855/; classtype:trojan-activity;sid:84227955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364856)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364856/; classtype:trojan-activity;sid:84227956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364857)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364857/; classtype:trojan-activity;sid:84227957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364858)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364858/; classtype:trojan-activity;sid:84227958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364853)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364853/; classtype:trojan-activity;sid:84227953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364854)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364854/; classtype:trojan-activity;sid:84227954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364851)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364851/; classtype:trojan-activity;sid:84227951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364852)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364852/; classtype:trojan-activity;sid:84227952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364848)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364848/; classtype:trojan-activity;sid:84227948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364849)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364849/; classtype:trojan-activity;sid:84227949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364850)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364850/; classtype:trojan-activity;sid:84227950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364846)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364846/; classtype:trojan-activity;sid:84227946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364847)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364847/; classtype:trojan-activity;sid:84227947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364845)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364845/; classtype:trojan-activity;sid:84227945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364827)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364827/; classtype:trojan-activity;sid:84227927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364828)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364828/; classtype:trojan-activity;sid:84227928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364829)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364829/; classtype:trojan-activity;sid:84227929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364830)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364830/; classtype:trojan-activity;sid:84227930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364831)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364831/; classtype:trojan-activity;sid:84227931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364832)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364832/; classtype:trojan-activity;sid:84227932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364833)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364833/; classtype:trojan-activity;sid:84227933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364834)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364834/; classtype:trojan-activity;sid:84227934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364835)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364835/; classtype:trojan-activity;sid:84227935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364836)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364836/; classtype:trojan-activity;sid:84227936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364837)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364837/; classtype:trojan-activity;sid:84227937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364838)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364838/; classtype:trojan-activity;sid:84227938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364839)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364839/; classtype:trojan-activity;sid:84227939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364840)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364840/; classtype:trojan-activity;sid:84227940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364841)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364841/; classtype:trojan-activity;sid:84227941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364842)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364842/; classtype:trojan-activity;sid:84227942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364843)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364843/; classtype:trojan-activity;sid:84227943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364844)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364844/; classtype:trojan-activity;sid:84227944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364819)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364819/; classtype:trojan-activity;sid:84227919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364820)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364820/; classtype:trojan-activity;sid:84227920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364821)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364821/; classtype:trojan-activity;sid:84227921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364822)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364822/; classtype:trojan-activity;sid:84227922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364823)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364823/; classtype:trojan-activity;sid:84227923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364824)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364824/; classtype:trojan-activity;sid:84227924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364825)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364825/; classtype:trojan-activity;sid:84227925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364826)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364826/; classtype:trojan-activity;sid:84227926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364818)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364818/; classtype:trojan-activity;sid:84227918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364815)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364815/; classtype:trojan-activity;sid:84227915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364816)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364816/; classtype:trojan-activity;sid:84227916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364817)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364817/; classtype:trojan-activity;sid:84227917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364814)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364814/; classtype:trojan-activity;sid:84227914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364813)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364813/; classtype:trojan-activity;sid:84227913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364811)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364811/; classtype:trojan-activity;sid:84227911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364812)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364812/; classtype:trojan-activity;sid:84227912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364809)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364809/; classtype:trojan-activity;sid:84227909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364810)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364810/; classtype:trojan-activity;sid:84227910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364799)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364799/; classtype:trojan-activity;sid:84227899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364800)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364800/; classtype:trojan-activity;sid:84227900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364801)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364801/; classtype:trojan-activity;sid:84227901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364802)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364802/; classtype:trojan-activity;sid:84227902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364803)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364803/; classtype:trojan-activity;sid:84227903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364804)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364804/; classtype:trojan-activity;sid:84227904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364805)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364805/; classtype:trojan-activity;sid:84227905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364806)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364806/; classtype:trojan-activity;sid:84227906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364807)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364807/; classtype:trojan-activity;sid:84227907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364808)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364808/; classtype:trojan-activity;sid:84227908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364786)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364786/; classtype:trojan-activity;sid:84227886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364787)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364787/; classtype:trojan-activity;sid:84227887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364788)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364788/; classtype:trojan-activity;sid:84227888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364789)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364789/; classtype:trojan-activity;sid:84227889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364790)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364790/; classtype:trojan-activity;sid:84227890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364791)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364791/; classtype:trojan-activity;sid:84227891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364792)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364792/; classtype:trojan-activity;sid:84227892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364793)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364793/; classtype:trojan-activity;sid:84227893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364794)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364794/; classtype:trojan-activity;sid:84227894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364795)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364795/; classtype:trojan-activity;sid:84227895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364796)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364796/; classtype:trojan-activity;sid:84227896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364797)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364797/; classtype:trojan-activity;sid:84227897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364798)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364798/; classtype:trojan-activity;sid:84227898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364781)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364781/; classtype:trojan-activity;sid:84227881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364782)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364782/; classtype:trojan-activity;sid:84227882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364783)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364783/; classtype:trojan-activity;sid:84227883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364784)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364784/; classtype:trojan-activity;sid:84227884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364785)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364785/; classtype:trojan-activity;sid:84227885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364780)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364780/; classtype:trojan-activity;sid:84227880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364778)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364778/; classtype:trojan-activity;sid:84227878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364779)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364779/; classtype:trojan-activity;sid:84227879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364777)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364777/; classtype:trojan-activity;sid:84227877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364769)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364769/; classtype:trojan-activity;sid:84227869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364770)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364770/; classtype:trojan-activity;sid:84227870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364771)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364771/; classtype:trojan-activity;sid:84227871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364772)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364772/; classtype:trojan-activity;sid:84227872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364773)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364773/; classtype:trojan-activity;sid:84227873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364774)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364774/; classtype:trojan-activity;sid:84227874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364775)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364775/; classtype:trojan-activity;sid:84227875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364776)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364776/; classtype:trojan-activity;sid:84227876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364759)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364759/; classtype:trojan-activity;sid:84227859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364760)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364760/; classtype:trojan-activity;sid:84227860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364761)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364761/; classtype:trojan-activity;sid:84227861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364762)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364762/; classtype:trojan-activity;sid:84227862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364763)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364763/; classtype:trojan-activity;sid:84227863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364764)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364764/; classtype:trojan-activity;sid:84227864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364765)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364765/; classtype:trojan-activity;sid:84227865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364766)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364766/; classtype:trojan-activity;sid:84227866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364767)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364767/; classtype:trojan-activity;sid:84227867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364768)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364768/; classtype:trojan-activity;sid:84227868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364741)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364741/; classtype:trojan-activity;sid:84227841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364742)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364742/; classtype:trojan-activity;sid:84227842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364743)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364743/; classtype:trojan-activity;sid:84227843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364744)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364744/; classtype:trojan-activity;sid:84227844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364745)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364745/; classtype:trojan-activity;sid:84227845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364746)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364746/; classtype:trojan-activity;sid:84227846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364747)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364747/; classtype:trojan-activity;sid:84227847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364748)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364748/; classtype:trojan-activity;sid:84227848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364749)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364749/; classtype:trojan-activity;sid:84227849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364750)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364750/; classtype:trojan-activity;sid:84227850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364751)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364751/; classtype:trojan-activity;sid:84227851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364752)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364752/; classtype:trojan-activity;sid:84227852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364753)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364753/; classtype:trojan-activity;sid:84227853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364754)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364754/; classtype:trojan-activity;sid:84227854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364755)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364755/; classtype:trojan-activity;sid:84227855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364756)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364756/; classtype:trojan-activity;sid:84227856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364757)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364757/; classtype:trojan-activity;sid:84227857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364758)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364758/; classtype:trojan-activity;sid:84227858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364740)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364740/; classtype:trojan-activity;sid:84227840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364739)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364739/; classtype:trojan-activity;sid:84227839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364733)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364733/; classtype:trojan-activity;sid:84227833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364734)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364734/; classtype:trojan-activity;sid:84227834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364735)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364735/; classtype:trojan-activity;sid:84227835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364736)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364736/; classtype:trojan-activity;sid:84227836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364737)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364737/; classtype:trojan-activity;sid:84227837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364738)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364738/; classtype:trojan-activity;sid:84227838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364716)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364716/; classtype:trojan-activity;sid:84227816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364717)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364717/; classtype:trojan-activity;sid:84227817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364718)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364718/; classtype:trojan-activity;sid:84227818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364719)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364719/; classtype:trojan-activity;sid:84227819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364720)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364720/; classtype:trojan-activity;sid:84227820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364721)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364721/; classtype:trojan-activity;sid:84227821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364722)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364722/; classtype:trojan-activity;sid:84227822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364723)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364723/; classtype:trojan-activity;sid:84227823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364724)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364724/; classtype:trojan-activity;sid:84227824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364725)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364725/; classtype:trojan-activity;sid:84227825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364726)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364726/; classtype:trojan-activity;sid:84227826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364727)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364727/; classtype:trojan-activity;sid:84227827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364728)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364728/; classtype:trojan-activity;sid:84227828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364729)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364729/; classtype:trojan-activity;sid:84227829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364730)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364730/; classtype:trojan-activity;sid:84227830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364731)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364731/; classtype:trojan-activity;sid:84227831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364732)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364732/; classtype:trojan-activity;sid:84227832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364705)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364705/; classtype:trojan-activity;sid:84227805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364706)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364706/; classtype:trojan-activity;sid:84227806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364707)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364707/; classtype:trojan-activity;sid:84227807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364708)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364708/; classtype:trojan-activity;sid:84227808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364709)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364709/; classtype:trojan-activity;sid:84227809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364710)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364710/; classtype:trojan-activity;sid:84227810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364711)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364711/; classtype:trojan-activity;sid:84227811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364712)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364712/; classtype:trojan-activity;sid:84227812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364713)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364713/; classtype:trojan-activity;sid:84227813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364714)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364714/; classtype:trojan-activity;sid:84227814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364715)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364715/; classtype:trojan-activity;sid:84227815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364703)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364703/; classtype:trojan-activity;sid:84227803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364704)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364704/; classtype:trojan-activity;sid:84227804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364701)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364701/; classtype:trojan-activity;sid:84227801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364702)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364702/; classtype:trojan-activity;sid:84227802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364700)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364700/; classtype:trojan-activity;sid:84227800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364687)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364687/; classtype:trojan-activity;sid:84227787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364688)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364688/; classtype:trojan-activity;sid:84227788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364689)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364689/; classtype:trojan-activity;sid:84227789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364690)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364690/; classtype:trojan-activity;sid:84227790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364691)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364691/; classtype:trojan-activity;sid:84227791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364692)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364692/; classtype:trojan-activity;sid:84227792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364693)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364693/; classtype:trojan-activity;sid:84227793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364694)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364694/; classtype:trojan-activity;sid:84227794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364695)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364695/; classtype:trojan-activity;sid:84227795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364696)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364696/; classtype:trojan-activity;sid:84227796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364697)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364697/; classtype:trojan-activity;sid:84227797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364698)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364698/; classtype:trojan-activity;sid:84227798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364699)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364699/; classtype:trojan-activity;sid:84227799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364678)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364678/; classtype:trojan-activity;sid:84227778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364679)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364679/; classtype:trojan-activity;sid:84227779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364680)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364680/; classtype:trojan-activity;sid:84227780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364681)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364681/; classtype:trojan-activity;sid:84227781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364682)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364682/; classtype:trojan-activity;sid:84227782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364683)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364683/; classtype:trojan-activity;sid:84227783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364684)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364684/; classtype:trojan-activity;sid:84227784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364685)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364685/; classtype:trojan-activity;sid:84227785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364686)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364686/; classtype:trojan-activity;sid:84227786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364671)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364671/; classtype:trojan-activity;sid:84227771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364672)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364672/; classtype:trojan-activity;sid:84227772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364673)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364673/; classtype:trojan-activity;sid:84227773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364674)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364674/; classtype:trojan-activity;sid:84227774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364675)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364675/; classtype:trojan-activity;sid:84227775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364676)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364676/; classtype:trojan-activity;sid:84227776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364677)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364677/; classtype:trojan-activity;sid:84227777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364669)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364669/; classtype:trojan-activity;sid:84227769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364670)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364670/; classtype:trojan-activity;sid:84227770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364668)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364668/; classtype:trojan-activity;sid:84227768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364662)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364662/; classtype:trojan-activity;sid:84227762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364663)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364663/; classtype:trojan-activity;sid:84227763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364664)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364664/; classtype:trojan-activity;sid:84227764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364665)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364665/; classtype:trojan-activity;sid:84227765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364666)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364666/; classtype:trojan-activity;sid:84227766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364667)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364667/; classtype:trojan-activity;sid:84227767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364644)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364644/; classtype:trojan-activity;sid:84227744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364645)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364645/; classtype:trojan-activity;sid:84227745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364646)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364646/; classtype:trojan-activity;sid:84227746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364647)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364647/; classtype:trojan-activity;sid:84227747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364648)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364648/; classtype:trojan-activity;sid:84227748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364649)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364649/; classtype:trojan-activity;sid:84227749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364650)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364650/; classtype:trojan-activity;sid:84227750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364651)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364651/; classtype:trojan-activity;sid:84227751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364652)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364652/; classtype:trojan-activity;sid:84227752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364653)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364653/; classtype:trojan-activity;sid:84227753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364654)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364654/; classtype:trojan-activity;sid:84227754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364655)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364655/; classtype:trojan-activity;sid:84227755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364656)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364656/; classtype:trojan-activity;sid:84227756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364657)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364657/; classtype:trojan-activity;sid:84227757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364658)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364658/; classtype:trojan-activity;sid:84227758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364659)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364659/; classtype:trojan-activity;sid:84227759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364660)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364660/; classtype:trojan-activity;sid:84227760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364661)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364661/; classtype:trojan-activity;sid:84227761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364638)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364638/; classtype:trojan-activity;sid:84227738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364639)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364639/; classtype:trojan-activity;sid:84227739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364640)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364640/; classtype:trojan-activity;sid:84227740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364641)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364641/; classtype:trojan-activity;sid:84227741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364642)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364642/; classtype:trojan-activity;sid:84227742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364643)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364643/; classtype:trojan-activity;sid:84227743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364635)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364635/; classtype:trojan-activity;sid:84227735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364636)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364636/; classtype:trojan-activity;sid:84227736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364637)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364637/; classtype:trojan-activity;sid:84227737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364634)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364634/; classtype:trojan-activity;sid:84227734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364632)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364632/; classtype:trojan-activity;sid:84227732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364633)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364633/; classtype:trojan-activity;sid:84227733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364631)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364631/; classtype:trojan-activity;sid:84227731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364628)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364628/; classtype:trojan-activity;sid:84227728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364629)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364629/; classtype:trojan-activity;sid:84227729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364630)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364630/; classtype:trojan-activity;sid:84227730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364624)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364624/; classtype:trojan-activity;sid:84227724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364625)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364625/; classtype:trojan-activity;sid:84227725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364626)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364626/; classtype:trojan-activity;sid:84227726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364627)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364627/; classtype:trojan-activity;sid:84227727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364610)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364610/; classtype:trojan-activity;sid:84227710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364611)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364611/; classtype:trojan-activity;sid:84227711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364612)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364612/; classtype:trojan-activity;sid:84227712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364613)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364613/; classtype:trojan-activity;sid:84227713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364614)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364614/; classtype:trojan-activity;sid:84227714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364615)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364615/; classtype:trojan-activity;sid:84227715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364616)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364616/; classtype:trojan-activity;sid:84227716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364617)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364617/; classtype:trojan-activity;sid:84227717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364618)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364618/; classtype:trojan-activity;sid:84227718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364619)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364619/; classtype:trojan-activity;sid:84227719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364620)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364620/; classtype:trojan-activity;sid:84227720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364621)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364621/; classtype:trojan-activity;sid:84227721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364622)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364622/; classtype:trojan-activity;sid:84227722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364623)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364623/; classtype:trojan-activity;sid:84227723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364601)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364601/; classtype:trojan-activity;sid:84227701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364602)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364602/; classtype:trojan-activity;sid:84227702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364603)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364603/; classtype:trojan-activity;sid:84227703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364604)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364604/; classtype:trojan-activity;sid:84227704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364605)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364605/; classtype:trojan-activity;sid:84227705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364606)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364606/; classtype:trojan-activity;sid:84227706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364607)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364607/; classtype:trojan-activity;sid:84227707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364608)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364608/; classtype:trojan-activity;sid:84227708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364609)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364609/; classtype:trojan-activity;sid:84227709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364599)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364599/; classtype:trojan-activity;sid:84227699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364600)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364600/; classtype:trojan-activity;sid:84227700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364598)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364598/; classtype:trojan-activity;sid:84227698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364595)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364595/; classtype:trojan-activity;sid:84227695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364596)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364596/; classtype:trojan-activity;sid:84227696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364597)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364597/; classtype:trojan-activity;sid:84227697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364594)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364594/; classtype:trojan-activity;sid:84227694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364587)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364587/; classtype:trojan-activity;sid:84227687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364588)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364588/; classtype:trojan-activity;sid:84227688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364589)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364589/; classtype:trojan-activity;sid:84227689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364590)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364590/; classtype:trojan-activity;sid:84227690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364591)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364591/; classtype:trojan-activity;sid:84227691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364592)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364592/; classtype:trojan-activity;sid:84227692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364593)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364593/; classtype:trojan-activity;sid:84227693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364574)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364574/; classtype:trojan-activity;sid:84227674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364575)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364575/; classtype:trojan-activity;sid:84227675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364576)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364576/; classtype:trojan-activity;sid:84227676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364577)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364577/; classtype:trojan-activity;sid:84227677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364578)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364578/; classtype:trojan-activity;sid:84227678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364579)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364579/; classtype:trojan-activity;sid:84227679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364580)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364580/; classtype:trojan-activity;sid:84227680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364581)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364581/; classtype:trojan-activity;sid:84227681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364582)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364582/; classtype:trojan-activity;sid:84227682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364583)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364583/; classtype:trojan-activity;sid:84227683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364584)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364584/; classtype:trojan-activity;sid:84227684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364585)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364585/; classtype:trojan-activity;sid:84227685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364586)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364586/; classtype:trojan-activity;sid:84227686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364570)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364570/; classtype:trojan-activity;sid:84227670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364571)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364571/; classtype:trojan-activity;sid:84227671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364572)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364572/; classtype:trojan-activity;sid:84227672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364573)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364573/; classtype:trojan-activity;sid:84227673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364566)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364566/; classtype:trojan-activity;sid:84227666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364567)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364567/; classtype:trojan-activity;sid:84227667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364568)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364568/; classtype:trojan-activity;sid:84227668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364569)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364569/; classtype:trojan-activity;sid:84227669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364563)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364563/; classtype:trojan-activity;sid:84227663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364564)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364564/; classtype:trojan-activity;sid:84227664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364565)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364565/; classtype:trojan-activity;sid:84227665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364562)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364562/; classtype:trojan-activity;sid:84227662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364558)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364558/; classtype:trojan-activity;sid:84227658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364559)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364559/; classtype:trojan-activity;sid:84227659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364560)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364560/; classtype:trojan-activity;sid:84227660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364561)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364561/; classtype:trojan-activity;sid:84227661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364545)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364545/; classtype:trojan-activity;sid:84227645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364546)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364546/; classtype:trojan-activity;sid:84227646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364547)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364547/; classtype:trojan-activity;sid:84227647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364548)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364548/; classtype:trojan-activity;sid:84227648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364549)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364549/; classtype:trojan-activity;sid:84227649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364550)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364550/; classtype:trojan-activity;sid:84227650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364551)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364551/; classtype:trojan-activity;sid:84227651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364552)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364552/; classtype:trojan-activity;sid:84227652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364553)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364553/; classtype:trojan-activity;sid:84227653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364554)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364554/; classtype:trojan-activity;sid:84227654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364555)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364555/; classtype:trojan-activity;sid:84227655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364556)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364556/; classtype:trojan-activity;sid:84227656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364557)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364557/; classtype:trojan-activity;sid:84227657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364536)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364536/; classtype:trojan-activity;sid:84227636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364537)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364537/; classtype:trojan-activity;sid:84227637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364538)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364538/; classtype:trojan-activity;sid:84227638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364539)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364539/; classtype:trojan-activity;sid:84227639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364540)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364540/; classtype:trojan-activity;sid:84227640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364541)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364541/; classtype:trojan-activity;sid:84227641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364542)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364542/; classtype:trojan-activity;sid:84227642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364543)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364543/; classtype:trojan-activity;sid:84227643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364544)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364544/; classtype:trojan-activity;sid:84227644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364535)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364535/; classtype:trojan-activity;sid:84227635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364533)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364533/; classtype:trojan-activity;sid:84227633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364534)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364534/; classtype:trojan-activity;sid:84227634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364532)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364532/; classtype:trojan-activity;sid:84227632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364528)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364528/; classtype:trojan-activity;sid:84227628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364529)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364529/; classtype:trojan-activity;sid:84227629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364530)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364530/; classtype:trojan-activity;sid:84227630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364531)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364531/; classtype:trojan-activity;sid:84227631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364524)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364524/; classtype:trojan-activity;sid:84227624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364525)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364525/; classtype:trojan-activity;sid:84227625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364526)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364526/; classtype:trojan-activity;sid:84227626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364527)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364527/; classtype:trojan-activity;sid:84227627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364517)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364517/; classtype:trojan-activity;sid:84227617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364518)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364518/; classtype:trojan-activity;sid:84227618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364519)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364519/; classtype:trojan-activity;sid:84227619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364520)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364520/; classtype:trojan-activity;sid:84227620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364521)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364521/; classtype:trojan-activity;sid:84227621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364522)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364522/; classtype:trojan-activity;sid:84227622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364523)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364523/; classtype:trojan-activity;sid:84227623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364507)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364507/; classtype:trojan-activity;sid:84227607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364508)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364508/; classtype:trojan-activity;sid:84227608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364509)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364509/; classtype:trojan-activity;sid:84227609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364510)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364510/; classtype:trojan-activity;sid:84227610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364511)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364511/; classtype:trojan-activity;sid:84227611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364512)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364512/; classtype:trojan-activity;sid:84227612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364513)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364513/; classtype:trojan-activity;sid:84227613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364514)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364514/; classtype:trojan-activity;sid:84227614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364515)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364515/; classtype:trojan-activity;sid:84227615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364516)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364516/; classtype:trojan-activity;sid:84227616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364502)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364502/; classtype:trojan-activity;sid:84227602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364503)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364503/; classtype:trojan-activity;sid:84227603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364504)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364504/; classtype:trojan-activity;sid:84227604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364505)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364505/; classtype:trojan-activity;sid:84227605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364506)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364506/; classtype:trojan-activity;sid:84227606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364498)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364498/; classtype:trojan-activity;sid:84227598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364499)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364499/; classtype:trojan-activity;sid:84227599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364500)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364500/; classtype:trojan-activity;sid:84227600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364501)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364501/; classtype:trojan-activity;sid:84227601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364497)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364497/; classtype:trojan-activity;sid:84227597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364494)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364494/; classtype:trojan-activity;sid:84227594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364495)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364495/; classtype:trojan-activity;sid:84227595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364496)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364496/; classtype:trojan-activity;sid:84227596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364492)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364492/; classtype:trojan-activity;sid:84227592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364493)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364493/; classtype:trojan-activity;sid:84227593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364487)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364487/; classtype:trojan-activity;sid:84227587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364488)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364488/; classtype:trojan-activity;sid:84227588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364489)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364489/; classtype:trojan-activity;sid:84227589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364490)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364490/; classtype:trojan-activity;sid:84227590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364491)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364491/; classtype:trojan-activity;sid:84227591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364486)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364486/; classtype:trojan-activity;sid:84227586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364477)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364477/; classtype:trojan-activity;sid:84227577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364478)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364478/; classtype:trojan-activity;sid:84227578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364479)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364479/; classtype:trojan-activity;sid:84227579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364480)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364480/; classtype:trojan-activity;sid:84227580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364481)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364481/; classtype:trojan-activity;sid:84227581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364482)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364482/; classtype:trojan-activity;sid:84227582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364483)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364483/; classtype:trojan-activity;sid:84227583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364484)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364484/; classtype:trojan-activity;sid:84227584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364485)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364485/; classtype:trojan-activity;sid:84227585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364472)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364472/; classtype:trojan-activity;sid:84227572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364473)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364473/; classtype:trojan-activity;sid:84227573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364474)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364474/; classtype:trojan-activity;sid:84227574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364475)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364475/; classtype:trojan-activity;sid:84227575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364476)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364476/; classtype:trojan-activity;sid:84227576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364467)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364467/; classtype:trojan-activity;sid:84227567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364468)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364468/; classtype:trojan-activity;sid:84227568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364469)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364469/; classtype:trojan-activity;sid:84227569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364470)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364470/; classtype:trojan-activity;sid:84227570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364471)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364471/; classtype:trojan-activity;sid:84227571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364464)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364464/; classtype:trojan-activity;sid:84227564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364465)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364465/; classtype:trojan-activity;sid:84227565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364466)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364466/; classtype:trojan-activity;sid:84227566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364462)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364462/; classtype:trojan-activity;sid:84227562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364463)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364463/; classtype:trojan-activity;sid:84227563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364461)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364461/; classtype:trojan-activity;sid:84227561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364456)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364456/; classtype:trojan-activity;sid:84227556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364457)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364457/; classtype:trojan-activity;sid:84227557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364458)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364458/; classtype:trojan-activity;sid:84227558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364459)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364459/; classtype:trojan-activity;sid:84227559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364460)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364460/; classtype:trojan-activity;sid:84227560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364454)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364454/; classtype:trojan-activity;sid:84227554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364455)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364455/; classtype:trojan-activity;sid:84227555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364445)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364445/; classtype:trojan-activity;sid:84227545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364446)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364446/; classtype:trojan-activity;sid:84227546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364447)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364447/; classtype:trojan-activity;sid:84227547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364448)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364448/; classtype:trojan-activity;sid:84227548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364449)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364449/; classtype:trojan-activity;sid:84227549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364450)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364450/; classtype:trojan-activity;sid:84227550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364451)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364451/; classtype:trojan-activity;sid:84227551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364452)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364452/; classtype:trojan-activity;sid:84227552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364453)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364453/; classtype:trojan-activity;sid:84227553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364436)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364436/; classtype:trojan-activity;sid:84227536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364437)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364437/; classtype:trojan-activity;sid:84227537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364438)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364438/; classtype:trojan-activity;sid:84227538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364439)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364439/; classtype:trojan-activity;sid:84227539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364440)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364440/; classtype:trojan-activity;sid:84227540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364441)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364441/; classtype:trojan-activity;sid:84227541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364442)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364442/; classtype:trojan-activity;sid:84227542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364443)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364443/; classtype:trojan-activity;sid:84227543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364444)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364444/; classtype:trojan-activity;sid:84227544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364430)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364430/; classtype:trojan-activity;sid:84227530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364431)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364431/; classtype:trojan-activity;sid:84227531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364432)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364432/; classtype:trojan-activity;sid:84227532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364433)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364433/; classtype:trojan-activity;sid:84227533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364434)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364434/; classtype:trojan-activity;sid:84227534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364435)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364435/; classtype:trojan-activity;sid:84227535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364426)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364426/; classtype:trojan-activity;sid:84227526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364427)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364427/; classtype:trojan-activity;sid:84227527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364428)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364428/; classtype:trojan-activity;sid:84227528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364429)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364429/; classtype:trojan-activity;sid:84227529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364425)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364425/; classtype:trojan-activity;sid:84227525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364424)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364424/; classtype:trojan-activity;sid:84227524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364419)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364419/; classtype:trojan-activity;sid:84227519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364420)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364420/; classtype:trojan-activity;sid:84227520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364421)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364421/; classtype:trojan-activity;sid:84227521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364422)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364422/; classtype:trojan-activity;sid:84227522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364423)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364423/; classtype:trojan-activity;sid:84227523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364415)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364415/; classtype:trojan-activity;sid:84227515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364416)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364416/; classtype:trojan-activity;sid:84227516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364417)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364417/; classtype:trojan-activity;sid:84227517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364418)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364418/; classtype:trojan-activity;sid:84227518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364402)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364402/; classtype:trojan-activity;sid:84227502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364403)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364403/; classtype:trojan-activity;sid:84227503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364404)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364404/; classtype:trojan-activity;sid:84227504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364405)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364405/; classtype:trojan-activity;sid:84227505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364406)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364406/; classtype:trojan-activity;sid:84227506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364407)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364407/; classtype:trojan-activity;sid:84227507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364408)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364408/; classtype:trojan-activity;sid:84227508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364409)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364409/; classtype:trojan-activity;sid:84227509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364410)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364410/; classtype:trojan-activity;sid:84227510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364411)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364411/; classtype:trojan-activity;sid:84227511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364412)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364412/; classtype:trojan-activity;sid:84227512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364413)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364413/; classtype:trojan-activity;sid:84227513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364414)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364414/; classtype:trojan-activity;sid:84227514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364393)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364393/; classtype:trojan-activity;sid:84227493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364394)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364394/; classtype:trojan-activity;sid:84227494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364395)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364395/; classtype:trojan-activity;sid:84227495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364396)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364396/; classtype:trojan-activity;sid:84227496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364397)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364397/; classtype:trojan-activity;sid:84227497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364398)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364398/; classtype:trojan-activity;sid:84227498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364399)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364399/; classtype:trojan-activity;sid:84227499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364400)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364400/; classtype:trojan-activity;sid:84227500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364401)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364401/; classtype:trojan-activity;sid:84227501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364389)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364389/; classtype:trojan-activity;sid:84227489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364390)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364390/; classtype:trojan-activity;sid:84227490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364391)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364391/; classtype:trojan-activity;sid:84227491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364392)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364392/; classtype:trojan-activity;sid:84227492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364386)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364386/; classtype:trojan-activity;sid:84227486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364387)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364387/; classtype:trojan-activity;sid:84227487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364388)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364388/; classtype:trojan-activity;sid:84227488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364382)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364382/; classtype:trojan-activity;sid:84227482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364383)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364383/; classtype:trojan-activity;sid:84227483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364384)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364384/; classtype:trojan-activity;sid:84227484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364385)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364385/; classtype:trojan-activity;sid:84227485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364380)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364380/; classtype:trojan-activity;sid:84227480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364381)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364381/; classtype:trojan-activity;sid:84227481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364379)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364379/; classtype:trojan-activity;sid:84227479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364378)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364378/; classtype:trojan-activity;sid:84227478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364369)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364369/; classtype:trojan-activity;sid:84227469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364370)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364370/; classtype:trojan-activity;sid:84227470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364371)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364371/; classtype:trojan-activity;sid:84227471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364372)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364372/; classtype:trojan-activity;sid:84227472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364373)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364373/; classtype:trojan-activity;sid:84227473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364374)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364374/; classtype:trojan-activity;sid:84227474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364375)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364375/; classtype:trojan-activity;sid:84227475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364376)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364376/; classtype:trojan-activity;sid:84227476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364377)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364377/; classtype:trojan-activity;sid:84227477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364356)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364356/; classtype:trojan-activity;sid:84227456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364357)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364357/; classtype:trojan-activity;sid:84227457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364358)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364358/; classtype:trojan-activity;sid:84227458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364359)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364359/; classtype:trojan-activity;sid:84227459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364360)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364360/; classtype:trojan-activity;sid:84227460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364361)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364361/; classtype:trojan-activity;sid:84227461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364362)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364362/; classtype:trojan-activity;sid:84227462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364363)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364363/; classtype:trojan-activity;sid:84227463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364364)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364364/; classtype:trojan-activity;sid:84227464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364365)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364365/; classtype:trojan-activity;sid:84227465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364366)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364366/; classtype:trojan-activity;sid:84227466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364367)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364367/; classtype:trojan-activity;sid:84227467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364368)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364368/; classtype:trojan-activity;sid:84227468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364351)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364351/; classtype:trojan-activity;sid:84227451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364352)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364352/; classtype:trojan-activity;sid:84227452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364353)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364353/; classtype:trojan-activity;sid:84227453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364354)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364354/; classtype:trojan-activity;sid:84227454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364355)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364355/; classtype:trojan-activity;sid:84227455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364350)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364350/; classtype:trojan-activity;sid:84227450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364347)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364347/; classtype:trojan-activity;sid:84227447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364348)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364348/; classtype:trojan-activity;sid:84227448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364349)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364349/; classtype:trojan-activity;sid:84227449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364346)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364346/; classtype:trojan-activity;sid:84227446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364344)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364344/; classtype:trojan-activity;sid:84227444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364345)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364345/; classtype:trojan-activity;sid:84227445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364340)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364340/; classtype:trojan-activity;sid:84227440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364341)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364341/; classtype:trojan-activity;sid:84227441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364342)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364342/; classtype:trojan-activity;sid:84227442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364343)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364343/; classtype:trojan-activity;sid:84227443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364335)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364335/; classtype:trojan-activity;sid:84227435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364336)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364336/; classtype:trojan-activity;sid:84227436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364337)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364337/; classtype:trojan-activity;sid:84227437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364338)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364338/; classtype:trojan-activity;sid:84227438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364339)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364339/; classtype:trojan-activity;sid:84227439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364328)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364328/; classtype:trojan-activity;sid:84227428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364329)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364329/; classtype:trojan-activity;sid:84227429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364330)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364330/; classtype:trojan-activity;sid:84227430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364331)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364331/; classtype:trojan-activity;sid:84227431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364332)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364332/; classtype:trojan-activity;sid:84227432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364333)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364333/; classtype:trojan-activity;sid:84227433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364334)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364334/; classtype:trojan-activity;sid:84227434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364313)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364313/; classtype:trojan-activity;sid:84227413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364314)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364314/; classtype:trojan-activity;sid:84227414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364315)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364315/; classtype:trojan-activity;sid:84227415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364316)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364316/; classtype:trojan-activity;sid:84227416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364317)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364317/; classtype:trojan-activity;sid:84227417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364318)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364318/; classtype:trojan-activity;sid:84227418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364319)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364319/; classtype:trojan-activity;sid:84227419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364320)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364320/; classtype:trojan-activity;sid:84227420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364321)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364321/; classtype:trojan-activity;sid:84227421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364322)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364322/; classtype:trojan-activity;sid:84227422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364323)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364323/; classtype:trojan-activity;sid:84227423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364324)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364324/; classtype:trojan-activity;sid:84227424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364325)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364325/; classtype:trojan-activity;sid:84227425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364326)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364326/; classtype:trojan-activity;sid:84227426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364327)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364327/; classtype:trojan-activity;sid:84227427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364312)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364312/; classtype:trojan-activity;sid:84227412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364310)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364310/; classtype:trojan-activity;sid:84227410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364311)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364311/; classtype:trojan-activity;sid:84227411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364308)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364308/; classtype:trojan-activity;sid:84227408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364309)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364309/; classtype:trojan-activity;sid:84227409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364307)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364307/; classtype:trojan-activity;sid:84227407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364306)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364306/; classtype:trojan-activity;sid:84227406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364303)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364303/; classtype:trojan-activity;sid:84227403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364304)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364304/; classtype:trojan-activity;sid:84227404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364305)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364305/; classtype:trojan-activity;sid:84227405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364296)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364296/; classtype:trojan-activity;sid:84227396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364297)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364297/; classtype:trojan-activity;sid:84227397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364298)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364298/; classtype:trojan-activity;sid:84227398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364299)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364299/; classtype:trojan-activity;sid:84227399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364300)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364300/; classtype:trojan-activity;sid:84227400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364301)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364301/; classtype:trojan-activity;sid:84227401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364302)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364302/; classtype:trojan-activity;sid:84227402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364282)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364282/; classtype:trojan-activity;sid:84227382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364283)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364283/; classtype:trojan-activity;sid:84227383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364284)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364284/; classtype:trojan-activity;sid:84227384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364285)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364285/; classtype:trojan-activity;sid:84227385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364286)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364286/; classtype:trojan-activity;sid:84227386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364287)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364287/; classtype:trojan-activity;sid:84227387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364288)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364288/; classtype:trojan-activity;sid:84227388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364289)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364289/; classtype:trojan-activity;sid:84227389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364290)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364290/; classtype:trojan-activity;sid:84227390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364291)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364291/; classtype:trojan-activity;sid:84227391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364292)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364292/; classtype:trojan-activity;sid:84227392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364293)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364293/; classtype:trojan-activity;sid:84227393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364294)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364294/; classtype:trojan-activity;sid:84227394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364295)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364295/; classtype:trojan-activity;sid:84227395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364281)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364281/; classtype:trojan-activity;sid:84227381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364277)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364277/; classtype:trojan-activity;sid:84227377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364278)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364278/; classtype:trojan-activity;sid:84227378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364279)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364279/; classtype:trojan-activity;sid:84227379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364280)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364280/; classtype:trojan-activity;sid:84227380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364272)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364272/; classtype:trojan-activity;sid:84227372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364273)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364273/; classtype:trojan-activity;sid:84227373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364274)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364274/; classtype:trojan-activity;sid:84227374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364275)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364275/; classtype:trojan-activity;sid:84227375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364276)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364276/; classtype:trojan-activity;sid:84227376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364270)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364270/; classtype:trojan-activity;sid:84227370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364271)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364271/; classtype:trojan-activity;sid:84227371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364268)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364268/; classtype:trojan-activity;sid:84227368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364269)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364269/; classtype:trojan-activity;sid:84227369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364267)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364267/; classtype:trojan-activity;sid:84227367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364261)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364261/; classtype:trojan-activity;sid:84227361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364262)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364262/; classtype:trojan-activity;sid:84227362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364263)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364263/; classtype:trojan-activity;sid:84227363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364264)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364264/; classtype:trojan-activity;sid:84227364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364265)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364265/; classtype:trojan-activity;sid:84227365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364266)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364266/; classtype:trojan-activity;sid:84227366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364258)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364258/; classtype:trojan-activity;sid:84227358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364259)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364259/; classtype:trojan-activity;sid:84227359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364260)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364260/; classtype:trojan-activity;sid:84227360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364251)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364251/; classtype:trojan-activity;sid:84227351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364252)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364252/; classtype:trojan-activity;sid:84227352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364253)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364253/; classtype:trojan-activity;sid:84227353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364254)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364254/; classtype:trojan-activity;sid:84227354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364255)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364255/; classtype:trojan-activity;sid:84227355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364256)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364256/; classtype:trojan-activity;sid:84227356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364257)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364257/; classtype:trojan-activity;sid:84227357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364244)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364244/; classtype:trojan-activity;sid:84227344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364245)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364245/; classtype:trojan-activity;sid:84227345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364246)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364246/; classtype:trojan-activity;sid:84227346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364247)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364247/; classtype:trojan-activity;sid:84227347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364248)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364248/; classtype:trojan-activity;sid:84227348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364249)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364249/; classtype:trojan-activity;sid:84227349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364250)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364250/; classtype:trojan-activity;sid:84227350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364240)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364240/; classtype:trojan-activity;sid:84227340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364241)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364241/; classtype:trojan-activity;sid:84227341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364242)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364242/; classtype:trojan-activity;sid:84227342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364243)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364243/; classtype:trojan-activity;sid:84227343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364237)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364237/; classtype:trojan-activity;sid:84227337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364238)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364238/; classtype:trojan-activity;sid:84227338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364239)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364239/; classtype:trojan-activity;sid:84227339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364232)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364232/; classtype:trojan-activity;sid:84227332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364233)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364233/; classtype:trojan-activity;sid:84227333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364234)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364234/; classtype:trojan-activity;sid:84227334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364235)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364235/; classtype:trojan-activity;sid:84227335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364236)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364236/; classtype:trojan-activity;sid:84227336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364231)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364231/; classtype:trojan-activity;sid:84227331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364229)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364229/; classtype:trojan-activity;sid:84227329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364230)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364230/; classtype:trojan-activity;sid:84227330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364224)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364224/; classtype:trojan-activity;sid:84227324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364225)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364225/; classtype:trojan-activity;sid:84227325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364226)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364226/; classtype:trojan-activity;sid:84227326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364227)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364227/; classtype:trojan-activity;sid:84227327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364228)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364228/; classtype:trojan-activity;sid:84227328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364221)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364221/; classtype:trojan-activity;sid:84227321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364222)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364222/; classtype:trojan-activity;sid:84227322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364223)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364223/; classtype:trojan-activity;sid:84227323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364215)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364215/; classtype:trojan-activity;sid:84227315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364216)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364216/; classtype:trojan-activity;sid:84227316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364217)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364217/; classtype:trojan-activity;sid:84227317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364218)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364218/; classtype:trojan-activity;sid:84227318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364219)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364219/; classtype:trojan-activity;sid:84227319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364220)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364220/; classtype:trojan-activity;sid:84227320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364212)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364212/; classtype:trojan-activity;sid:84227312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364213)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364213/; classtype:trojan-activity;sid:84227313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364214)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364214/; classtype:trojan-activity;sid:84227314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364205)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364205/; classtype:trojan-activity;sid:84227305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364206)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364206/; classtype:trojan-activity;sid:84227306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364207)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364207/; classtype:trojan-activity;sid:84227307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364208)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364208/; classtype:trojan-activity;sid:84227308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364209)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364209/; classtype:trojan-activity;sid:84227309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364210)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364210/; classtype:trojan-activity;sid:84227310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364211)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364211/; classtype:trojan-activity;sid:84227311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364200)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364200/; classtype:trojan-activity;sid:84227300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364201)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364201/; classtype:trojan-activity;sid:84227301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364202)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364202/; classtype:trojan-activity;sid:84227302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364203)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364203/; classtype:trojan-activity;sid:84227303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364204)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364204/; classtype:trojan-activity;sid:84227304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364197)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364197/; classtype:trojan-activity;sid:84227297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364198)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364198/; classtype:trojan-activity;sid:84227298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364199)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364199/; classtype:trojan-activity;sid:84227299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364195)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364195/; classtype:trojan-activity;sid:84227295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364196)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364196/; classtype:trojan-activity;sid:84227296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364190)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364190/; classtype:trojan-activity;sid:84227290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364191)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364191/; classtype:trojan-activity;sid:84227291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364192)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364192/; classtype:trojan-activity;sid:84227292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364193)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364193/; classtype:trojan-activity;sid:84227293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364194)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364194/; classtype:trojan-activity;sid:84227294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364188)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364188/; classtype:trojan-activity;sid:84227288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364189)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364189/; classtype:trojan-activity;sid:84227289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364179)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364179/; classtype:trojan-activity;sid:84227279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364180)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364180/; classtype:trojan-activity;sid:84227280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364181)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364181/; classtype:trojan-activity;sid:84227281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364182)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364182/; classtype:trojan-activity;sid:84227282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364183)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364183/; classtype:trojan-activity;sid:84227283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364184)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364184/; classtype:trojan-activity;sid:84227284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364185)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364185/; classtype:trojan-activity;sid:84227285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364186)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364186/; classtype:trojan-activity;sid:84227286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364187)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364187/; classtype:trojan-activity;sid:84227287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364175)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364175/; classtype:trojan-activity;sid:84227275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364176)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364176/; classtype:trojan-activity;sid:84227276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364177)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364177/; classtype:trojan-activity;sid:84227277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364178)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364178/; classtype:trojan-activity;sid:84227278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364173)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364173/; classtype:trojan-activity;sid:84227273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364174)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364174/; classtype:trojan-activity;sid:84227274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364165)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364165/; classtype:trojan-activity;sid:84227265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364166)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364166/; classtype:trojan-activity;sid:84227266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364167)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364167/; classtype:trojan-activity;sid:84227267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364168)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364168/; classtype:trojan-activity;sid:84227268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364169)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364169/; classtype:trojan-activity;sid:84227269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364170)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364170/; classtype:trojan-activity;sid:84227270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364171)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364171/; classtype:trojan-activity;sid:84227271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364172)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364172/; classtype:trojan-activity;sid:84227272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364164)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364164/; classtype:trojan-activity;sid:84227264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364160)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364160/; classtype:trojan-activity;sid:84227260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364161)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364161/; classtype:trojan-activity;sid:84227261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364162)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364162/; classtype:trojan-activity;sid:84227262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364163)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364163/; classtype:trojan-activity;sid:84227263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364156)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364156/; classtype:trojan-activity;sid:84227256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364157)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364157/; classtype:trojan-activity;sid:84227257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364158)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364158/; classtype:trojan-activity;sid:84227258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364159)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364159/; classtype:trojan-activity;sid:84227259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364154)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364154/; classtype:trojan-activity;sid:84227254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364155)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364155/; classtype:trojan-activity;sid:84227255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364150)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364150/; classtype:trojan-activity;sid:84227250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364151)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364151/; classtype:trojan-activity;sid:84227251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364152)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364152/; classtype:trojan-activity;sid:84227252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364153)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364153/; classtype:trojan-activity;sid:84227253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364145)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364145/; classtype:trojan-activity;sid:84227245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364146)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364146/; classtype:trojan-activity;sid:84227246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364147)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364147/; classtype:trojan-activity;sid:84227247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364148)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364148/; classtype:trojan-activity;sid:84227248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364149)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364149/; classtype:trojan-activity;sid:84227249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364138)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364138/; classtype:trojan-activity;sid:84227238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364139)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364139/; classtype:trojan-activity;sid:84227239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364140)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364140/; classtype:trojan-activity;sid:84227240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364141)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364141/; classtype:trojan-activity;sid:84227241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364142)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364142/; classtype:trojan-activity;sid:84227242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364143)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364143/; classtype:trojan-activity;sid:84227243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364144)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364144/; classtype:trojan-activity;sid:84227244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364134)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364134/; classtype:trojan-activity;sid:84227234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364135)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364135/; classtype:trojan-activity;sid:84227235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364136)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364136/; classtype:trojan-activity;sid:84227236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364137)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364137/; classtype:trojan-activity;sid:84227237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364130)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364130/; classtype:trojan-activity;sid:84227230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364131)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364131/; classtype:trojan-activity;sid:84227231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364132)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364132/; classtype:trojan-activity;sid:84227232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364133)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364133/; classtype:trojan-activity;sid:84227233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364128)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364128/; classtype:trojan-activity;sid:84227228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364129)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364129/; classtype:trojan-activity;sid:84227229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364127)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364127/; classtype:trojan-activity;sid:84227227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364121)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364121/; classtype:trojan-activity;sid:84227221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364122)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364122/; classtype:trojan-activity;sid:84227222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364123)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364123/; classtype:trojan-activity;sid:84227223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364124)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364124/; classtype:trojan-activity;sid:84227224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364125)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364125/; classtype:trojan-activity;sid:84227225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364126)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364126/; classtype:trojan-activity;sid:84227226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364119)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364119/; classtype:trojan-activity;sid:84227219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364120)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364120/; classtype:trojan-activity;sid:84227220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364117)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364117/; classtype:trojan-activity;sid:84227217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364118)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364118/; classtype:trojan-activity;sid:84227218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364111)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364111/; classtype:trojan-activity;sid:84227211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364112)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364112/; classtype:trojan-activity;sid:84227212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364113)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364113/; classtype:trojan-activity;sid:84227213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364114)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364114/; classtype:trojan-activity;sid:84227214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364115)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364115/; classtype:trojan-activity;sid:84227215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364116)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364116/; classtype:trojan-activity;sid:84227216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364104)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364104/; classtype:trojan-activity;sid:84227204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364105)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364105/; classtype:trojan-activity;sid:84227205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364106)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364106/; classtype:trojan-activity;sid:84227206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364107)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364107/; classtype:trojan-activity;sid:84227207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364108)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364108/; classtype:trojan-activity;sid:84227208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364109)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364109/; classtype:trojan-activity;sid:84227209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364110)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364110/; classtype:trojan-activity;sid:84227210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364100)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364100/; classtype:trojan-activity;sid:84227200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364101)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364101/; classtype:trojan-activity;sid:84227201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364102)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364102/; classtype:trojan-activity;sid:84227202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364103)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364103/; classtype:trojan-activity;sid:84227203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364094)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364094/; classtype:trojan-activity;sid:84227194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364095)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364095/; classtype:trojan-activity;sid:84227195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364096)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364096/; classtype:trojan-activity;sid:84227196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364097)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364097/; classtype:trojan-activity;sid:84227197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364098)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364098/; classtype:trojan-activity;sid:84227198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364099)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364099/; classtype:trojan-activity;sid:84227199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364093)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364093/; classtype:trojan-activity;sid:84227193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364089)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364089/; classtype:trojan-activity;sid:84227189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364090)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364090/; classtype:trojan-activity;sid:84227190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364091)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364091/; classtype:trojan-activity;sid:84227191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364092)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364092/; classtype:trojan-activity;sid:84227192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364087)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364087/; classtype:trojan-activity;sid:84227187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364088)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364088/; classtype:trojan-activity;sid:84227188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364085)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364085/; classtype:trojan-activity;sid:84227185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364086)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364086/; classtype:trojan-activity;sid:84227186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364083)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364083/; classtype:trojan-activity;sid:84227183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364084)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364084/; classtype:trojan-activity;sid:84227184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364080)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364080/; classtype:trojan-activity;sid:84227180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364081)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364081/; classtype:trojan-activity;sid:84227181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364082)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364082/; classtype:trojan-activity;sid:84227182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364074)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364074/; classtype:trojan-activity;sid:84227174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364075)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364075/; classtype:trojan-activity;sid:84227175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364076)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364076/; classtype:trojan-activity;sid:84227176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364077)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364077/; classtype:trojan-activity;sid:84227177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364078)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364078/; classtype:trojan-activity;sid:84227178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364079)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364079/; classtype:trojan-activity;sid:84227179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364068)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364068/; classtype:trojan-activity;sid:84227168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364069)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364069/; classtype:trojan-activity;sid:84227169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364070)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364070/; classtype:trojan-activity;sid:84227170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364071)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364071/; classtype:trojan-activity;sid:84227171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364072)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364072/; classtype:trojan-activity;sid:84227172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364073)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364073/; classtype:trojan-activity;sid:84227173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364058)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364058/; classtype:trojan-activity;sid:84227158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364059)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364059/; classtype:trojan-activity;sid:84227159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364060)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364060/; classtype:trojan-activity;sid:84227160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364061)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364061/; classtype:trojan-activity;sid:84227161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364062)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364062/; classtype:trojan-activity;sid:84227162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364063)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364063/; classtype:trojan-activity;sid:84227163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364064)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364064/; classtype:trojan-activity;sid:84227164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364065)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364065/; classtype:trojan-activity;sid:84227165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364066)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364066/; classtype:trojan-activity;sid:84227166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364067)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364067/; classtype:trojan-activity;sid:84227167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364056)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364056/; classtype:trojan-activity;sid:84227156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364057)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364057/; classtype:trojan-activity;sid:84227157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364053)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364053/; classtype:trojan-activity;sid:84227153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364054)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364054/; classtype:trojan-activity;sid:84227154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364055)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364055/; classtype:trojan-activity;sid:84227155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364048)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364048/; classtype:trojan-activity;sid:84227148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364049)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364049/; classtype:trojan-activity;sid:84227149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364050)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364050/; classtype:trojan-activity;sid:84227150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364051)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364051/; classtype:trojan-activity;sid:84227151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364052)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364052/; classtype:trojan-activity;sid:84227152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364042)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364042/; classtype:trojan-activity;sid:84227142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364043)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364043/; classtype:trojan-activity;sid:84227143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364044)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364044/; classtype:trojan-activity;sid:84227144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364045)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364045/; classtype:trojan-activity;sid:84227145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364046)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364046/; classtype:trojan-activity;sid:84227146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364047)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364047/; classtype:trojan-activity;sid:84227147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364037)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364037/; classtype:trojan-activity;sid:84227137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364038)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364038/; classtype:trojan-activity;sid:84227138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364039)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364039/; classtype:trojan-activity;sid:84227139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364040)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364040/; classtype:trojan-activity;sid:84227140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364041)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364041/; classtype:trojan-activity;sid:84227141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364029)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364029/; classtype:trojan-activity;sid:84227129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364030)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364030/; classtype:trojan-activity;sid:84227130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364031)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364031/; classtype:trojan-activity;sid:84227131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364032)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364032/; classtype:trojan-activity;sid:84227132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364033)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364033/; classtype:trojan-activity;sid:84227133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364034)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364034/; classtype:trojan-activity;sid:84227134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364035)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364035/; classtype:trojan-activity;sid:84227135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364036)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364036/; classtype:trojan-activity;sid:84227136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364024)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364024/; classtype:trojan-activity;sid:84227124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364025)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364025/; classtype:trojan-activity;sid:84227125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364026)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364026/; classtype:trojan-activity;sid:84227126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364027)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364027/; classtype:trojan-activity;sid:84227127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364028)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364028/; classtype:trojan-activity;sid:84227128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364021)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364021/; classtype:trojan-activity;sid:84227121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364022)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364022/; classtype:trojan-activity;sid:84227122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364023)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364023/; classtype:trojan-activity;sid:84227123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364020)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364020/; classtype:trojan-activity;sid:84227120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364019)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364019/; classtype:trojan-activity;sid:84227119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364017)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364017/; classtype:trojan-activity;sid:84227117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364018)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364018/; classtype:trojan-activity;sid:84227118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364013)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364013/; classtype:trojan-activity;sid:84227113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364014)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364014/; classtype:trojan-activity;sid:84227114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364015)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364015/; classtype:trojan-activity;sid:84227115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364016)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364016/; classtype:trojan-activity;sid:84227116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364012)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364012/; classtype:trojan-activity;sid:84227112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364009)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364009/; classtype:trojan-activity;sid:84227109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364010)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364010/; classtype:trojan-activity;sid:84227110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364011)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364011/; classtype:trojan-activity;sid:84227111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364004)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364004/; classtype:trojan-activity;sid:84227104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364005)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364005/; classtype:trojan-activity;sid:84227105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364006)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364006/; classtype:trojan-activity;sid:84227106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364007)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364007/; classtype:trojan-activity;sid:84227107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364008)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364008/; classtype:trojan-activity;sid:84227108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363996)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363996/; classtype:trojan-activity;sid:84227096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363997)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363997/; classtype:trojan-activity;sid:84227097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363998)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363998/; classtype:trojan-activity;sid:84227098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363999)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363999/; classtype:trojan-activity;sid:84227099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364000)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364000/; classtype:trojan-activity;sid:84227100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364001)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364001/; classtype:trojan-activity;sid:84227101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364002)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364002/; classtype:trojan-activity;sid:84227102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3364003)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3364003/; classtype:trojan-activity;sid:84227103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363988)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363988/; classtype:trojan-activity;sid:84227088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363989)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363989/; classtype:trojan-activity;sid:84227089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363990)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363990/; classtype:trojan-activity;sid:84227090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363991)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363991/; classtype:trojan-activity;sid:84227091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363992)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363992/; classtype:trojan-activity;sid:84227092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363993)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363993/; classtype:trojan-activity;sid:84227093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363994)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363994/; classtype:trojan-activity;sid:84227094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363995)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363995/; classtype:trojan-activity;sid:84227095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363983)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363983/; classtype:trojan-activity;sid:84227083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363984)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363984/; classtype:trojan-activity;sid:84227084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363985)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363985/; classtype:trojan-activity;sid:84227085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363986)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363986/; classtype:trojan-activity;sid:84227086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363987)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363987/; classtype:trojan-activity;sid:84227087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363981)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363981/; classtype:trojan-activity;sid:84227081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363982)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363982/; classtype:trojan-activity;sid:84227082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363980)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363980/; classtype:trojan-activity;sid:84227080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363974)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363974/; classtype:trojan-activity;sid:84227074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363975)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363975/; classtype:trojan-activity;sid:84227075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363976)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363976/; classtype:trojan-activity;sid:84227076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363977)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363977/; classtype:trojan-activity;sid:84227077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363978)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363978/; classtype:trojan-activity;sid:84227078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363979)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363979/; classtype:trojan-activity;sid:84227079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363966)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363966/; classtype:trojan-activity;sid:84227066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363967)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363967/; classtype:trojan-activity;sid:84227067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363968)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363968/; classtype:trojan-activity;sid:84227068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363969)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363969/; classtype:trojan-activity;sid:84227069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363970)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363970/; classtype:trojan-activity;sid:84227070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363971)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363971/; classtype:trojan-activity;sid:84227071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363972)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363972/; classtype:trojan-activity;sid:84227072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363973)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363973/; classtype:trojan-activity;sid:84227073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363952)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363952/; classtype:trojan-activity;sid:84227052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363953)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363953/; classtype:trojan-activity;sid:84227053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363954)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363954/; classtype:trojan-activity;sid:84227054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363955)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363955/; classtype:trojan-activity;sid:84227055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363956)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363956/; classtype:trojan-activity;sid:84227056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363957)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363957/; classtype:trojan-activity;sid:84227057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363958)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363958/; classtype:trojan-activity;sid:84227058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363959)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363959/; classtype:trojan-activity;sid:84227059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363960)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363960/; classtype:trojan-activity;sid:84227060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363961)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363961/; classtype:trojan-activity;sid:84227061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363962)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363962/; classtype:trojan-activity;sid:84227062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363963)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363963/; classtype:trojan-activity;sid:84227063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363964)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363964/; classtype:trojan-activity;sid:84227064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363965)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363965/; classtype:trojan-activity;sid:84227065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363941)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363941/; classtype:trojan-activity;sid:84227041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363942)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363942/; classtype:trojan-activity;sid:84227042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363943)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363943/; classtype:trojan-activity;sid:84227043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363944)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363944/; classtype:trojan-activity;sid:84227044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363945)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363945/; classtype:trojan-activity;sid:84227045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363946)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363946/; classtype:trojan-activity;sid:84227046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363947)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363947/; classtype:trojan-activity;sid:84227047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363948)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363948/; classtype:trojan-activity;sid:84227048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363949)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363949/; classtype:trojan-activity;sid:84227049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363950)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363950/; classtype:trojan-activity;sid:84227050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363951)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363951/; classtype:trojan-activity;sid:84227051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363940)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363940/; classtype:trojan-activity;sid:84227040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363938)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363938/; classtype:trojan-activity;sid:84227038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363939)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363939/; classtype:trojan-activity;sid:84227039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363934)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363934/; classtype:trojan-activity;sid:84227034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363935)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363935/; classtype:trojan-activity;sid:84227035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363936)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363936/; classtype:trojan-activity;sid:84227036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363937)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363937/; classtype:trojan-activity;sid:84227037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363918)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363918/; classtype:trojan-activity;sid:84227018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363919)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363919/; classtype:trojan-activity;sid:84227019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363920)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363920/; classtype:trojan-activity;sid:84227020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363921)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363921/; classtype:trojan-activity;sid:84227021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363922)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363922/; classtype:trojan-activity;sid:84227022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363923)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363923/; classtype:trojan-activity;sid:84227023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363924)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363924/; classtype:trojan-activity;sid:84227024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363925)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363925/; classtype:trojan-activity;sid:84227025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363926)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363926/; classtype:trojan-activity;sid:84227026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363927)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363927/; classtype:trojan-activity;sid:84227027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363928)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363928/; classtype:trojan-activity;sid:84227028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363929)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363929/; classtype:trojan-activity;sid:84227029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363930)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363930/; classtype:trojan-activity;sid:84227030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363931)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363931/; classtype:trojan-activity;sid:84227031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363932)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363932/; classtype:trojan-activity;sid:84227032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363933)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363933/; classtype:trojan-activity;sid:84227033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363908)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363908/; classtype:trojan-activity;sid:84227008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363909)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363909/; classtype:trojan-activity;sid:84227009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363910)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363910/; classtype:trojan-activity;sid:84227010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363911)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363911/; classtype:trojan-activity;sid:84227011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363912)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363912/; classtype:trojan-activity;sid:84227012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363913)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363913/; classtype:trojan-activity;sid:84227013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363914)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363914/; classtype:trojan-activity;sid:84227014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363915)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363915/; classtype:trojan-activity;sid:84227015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363916)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363916/; classtype:trojan-activity;sid:84227016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363917)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363917/; classtype:trojan-activity;sid:84227017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363904)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363904/; classtype:trojan-activity;sid:84227004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363905)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363905/; classtype:trojan-activity;sid:84227005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363906)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363906/; classtype:trojan-activity;sid:84227006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363907)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363907/; classtype:trojan-activity;sid:84227007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363902)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363902/; classtype:trojan-activity;sid:84227002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363903)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363903/; classtype:trojan-activity;sid:84227003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363900)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363900/; classtype:trojan-activity;sid:84227000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363901)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363901/; classtype:trojan-activity;sid:84227001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363899)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363899/; classtype:trojan-activity;sid:84226999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363896)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363896/; classtype:trojan-activity;sid:84226996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363897)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363897/; classtype:trojan-activity;sid:84226997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363898)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363898/; classtype:trojan-activity;sid:84226998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363888)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363888/; classtype:trojan-activity;sid:84226988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363889)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363889/; classtype:trojan-activity;sid:84226989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363890)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363890/; classtype:trojan-activity;sid:84226990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363891)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363891/; classtype:trojan-activity;sid:84226991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363892)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363892/; classtype:trojan-activity;sid:84226992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363893)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363893/; classtype:trojan-activity;sid:84226993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363894)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363894/; classtype:trojan-activity;sid:84226994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363895)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363895/; classtype:trojan-activity;sid:84226995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363874)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363874/; classtype:trojan-activity;sid:84226974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363875)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363875/; classtype:trojan-activity;sid:84226975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363876)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363876/; classtype:trojan-activity;sid:84226976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363877)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363877/; classtype:trojan-activity;sid:84226977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363878)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363878/; classtype:trojan-activity;sid:84226978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363879)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363879/; classtype:trojan-activity;sid:84226979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363880)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363880/; classtype:trojan-activity;sid:84226980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363881)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363881/; classtype:trojan-activity;sid:84226981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363882)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363882/; classtype:trojan-activity;sid:84226982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363883)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363883/; classtype:trojan-activity;sid:84226983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363884)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363884/; classtype:trojan-activity;sid:84226984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363885)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363885/; classtype:trojan-activity;sid:84226985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363886)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363886/; classtype:trojan-activity;sid:84226986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363887)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363887/; classtype:trojan-activity;sid:84226987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363868)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363868/; classtype:trojan-activity;sid:84226968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363869)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363869/; classtype:trojan-activity;sid:84226969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363870)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363870/; classtype:trojan-activity;sid:84226970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363871)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363871/; classtype:trojan-activity;sid:84226971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363872)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363872/; classtype:trojan-activity;sid:84226972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363873)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363873/; classtype:trojan-activity;sid:84226973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363863)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363863/; classtype:trojan-activity;sid:84226963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363864)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363864/; classtype:trojan-activity;sid:84226964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363865)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363865/; classtype:trojan-activity;sid:84226965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363866)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363866/; classtype:trojan-activity;sid:84226966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363867)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363867/; classtype:trojan-activity;sid:84226967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363859)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363859/; classtype:trojan-activity;sid:84226959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363860)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363860/; classtype:trojan-activity;sid:84226960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363861)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363861/; classtype:trojan-activity;sid:84226961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363862)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363862/; classtype:trojan-activity;sid:84226962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363843)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363843/; classtype:trojan-activity;sid:84226943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363844)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363844/; classtype:trojan-activity;sid:84226944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363845)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363845/; classtype:trojan-activity;sid:84226945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363846)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363846/; classtype:trojan-activity;sid:84226946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363847)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363847/; classtype:trojan-activity;sid:84226947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363848)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363848/; classtype:trojan-activity;sid:84226948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363849)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363849/; classtype:trojan-activity;sid:84226949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363850)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363850/; classtype:trojan-activity;sid:84226950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363851)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363851/; classtype:trojan-activity;sid:84226951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363852)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363852/; classtype:trojan-activity;sid:84226952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363853)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363853/; classtype:trojan-activity;sid:84226953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363854)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363854/; classtype:trojan-activity;sid:84226954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363855)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363855/; classtype:trojan-activity;sid:84226955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363856)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363856/; classtype:trojan-activity;sid:84226956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363857)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363857/; classtype:trojan-activity;sid:84226957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363858)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363858/; classtype:trojan-activity;sid:84226958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363839)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363839/; classtype:trojan-activity;sid:84226939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363840)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363840/; classtype:trojan-activity;sid:84226940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363841)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363841/; classtype:trojan-activity;sid:84226941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363842)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363842/; classtype:trojan-activity;sid:84226942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363829)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363829/; classtype:trojan-activity;sid:84226929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363830)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363830/; classtype:trojan-activity;sid:84226930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363831)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363831/; classtype:trojan-activity;sid:84226931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363832)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363832/; classtype:trojan-activity;sid:84226932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363833)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363833/; classtype:trojan-activity;sid:84226933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363834)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363834/; classtype:trojan-activity;sid:84226934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363835)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363835/; classtype:trojan-activity;sid:84226935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363836)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363836/; classtype:trojan-activity;sid:84226936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363837)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363837/; classtype:trojan-activity;sid:84226937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363838)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363838/; classtype:trojan-activity;sid:84226938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363827)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363827/; classtype:trojan-activity;sid:84226927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363828)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363828/; classtype:trojan-activity;sid:84226928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363826)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363826/; classtype:trojan-activity;sid:84226926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363825)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363825/; classtype:trojan-activity;sid:84226925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363823)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363823/; classtype:trojan-activity;sid:84226923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363824)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363824/; classtype:trojan-activity;sid:84226924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363815)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363815/; classtype:trojan-activity;sid:84226915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363816)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363816/; classtype:trojan-activity;sid:84226916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363817)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363817/; classtype:trojan-activity;sid:84226917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363818)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363818/; classtype:trojan-activity;sid:84226918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363819)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363819/; classtype:trojan-activity;sid:84226919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363820)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363820/; classtype:trojan-activity;sid:84226920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363821)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363821/; classtype:trojan-activity;sid:84226921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363822)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363822/; classtype:trojan-activity;sid:84226922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363801)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363801/; classtype:trojan-activity;sid:84226901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363802)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363802/; classtype:trojan-activity;sid:84226902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363803)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363803/; classtype:trojan-activity;sid:84226903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.102.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363804/; classtype:trojan-activity;sid:84226904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363805)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363805/; classtype:trojan-activity;sid:84226905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363806)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363806/; classtype:trojan-activity;sid:84226906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363807)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363807/; classtype:trojan-activity;sid:84226907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363808)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363808/; classtype:trojan-activity;sid:84226908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363809)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363809/; classtype:trojan-activity;sid:84226909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363810)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363810/; classtype:trojan-activity;sid:84226910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363811)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363811/; classtype:trojan-activity;sid:84226911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363812)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363812/; classtype:trojan-activity;sid:84226912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363813)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363813/; classtype:trojan-activity;sid:84226913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363814)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363814/; classtype:trojan-activity;sid:84226914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363787)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363787/; classtype:trojan-activity;sid:84226887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363788)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363788/; classtype:trojan-activity;sid:84226888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363789)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363789/; classtype:trojan-activity;sid:84226889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363790)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363790/; classtype:trojan-activity;sid:84226890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363791)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363791/; classtype:trojan-activity;sid:84226891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363792)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363792/; classtype:trojan-activity;sid:84226892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363793)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363793/; classtype:trojan-activity;sid:84226893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363794)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363794/; classtype:trojan-activity;sid:84226894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363795)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363795/; classtype:trojan-activity;sid:84226895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363796)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363796/; classtype:trojan-activity;sid:84226896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363797)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363797/; classtype:trojan-activity;sid:84226897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363798)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363798/; classtype:trojan-activity;sid:84226898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363799)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363799/; classtype:trojan-activity;sid:84226899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363800)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363800/; classtype:trojan-activity;sid:84226900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363786)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363786/; classtype:trojan-activity;sid:84226886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363785)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363785/; classtype:trojan-activity;sid:84226885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363784)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363784/; classtype:trojan-activity;sid:84226884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363773)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363773/; classtype:trojan-activity;sid:84226873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363774)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363774/; classtype:trojan-activity;sid:84226874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363775)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363775/; classtype:trojan-activity;sid:84226875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363776)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363776/; classtype:trojan-activity;sid:84226876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363777)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363777/; classtype:trojan-activity;sid:84226877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363778)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363778/; classtype:trojan-activity;sid:84226878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363779)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363779/; classtype:trojan-activity;sid:84226879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363780)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363780/; classtype:trojan-activity;sid:84226880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363781)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363781/; classtype:trojan-activity;sid:84226881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363782)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363782/; classtype:trojan-activity;sid:84226882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363783)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363783/; classtype:trojan-activity;sid:84226883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363756)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363756/; classtype:trojan-activity;sid:84226856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363757)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363757/; classtype:trojan-activity;sid:84226857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363758)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363758/; classtype:trojan-activity;sid:84226858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363759)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363759/; classtype:trojan-activity;sid:84226859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363760)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363760/; classtype:trojan-activity;sid:84226860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363761)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363761/; classtype:trojan-activity;sid:84226861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363762)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363762/; classtype:trojan-activity;sid:84226862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363763)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363763/; classtype:trojan-activity;sid:84226863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363764)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363764/; classtype:trojan-activity;sid:84226864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363765)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363765/; classtype:trojan-activity;sid:84226865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363766)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363766/; classtype:trojan-activity;sid:84226866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363767)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363767/; classtype:trojan-activity;sid:84226867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363768)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363768/; classtype:trojan-activity;sid:84226868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363769)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363769/; classtype:trojan-activity;sid:84226869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363770)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363770/; classtype:trojan-activity;sid:84226870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363771)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363771/; classtype:trojan-activity;sid:84226871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363772)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363772/; classtype:trojan-activity;sid:84226872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363749)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363749/; classtype:trojan-activity;sid:84226849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363750)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363750/; classtype:trojan-activity;sid:84226850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363751)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363751/; classtype:trojan-activity;sid:84226851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363752)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363752/; classtype:trojan-activity;sid:84226852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363753)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363753/; classtype:trojan-activity;sid:84226853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363754)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363754/; classtype:trojan-activity;sid:84226854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363755)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363755/; classtype:trojan-activity;sid:84226855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363748)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363748/; classtype:trojan-activity;sid:84226848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363746)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363746/; classtype:trojan-activity;sid:84226846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363747)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363747/; classtype:trojan-activity;sid:84226847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363742)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363742/; classtype:trojan-activity;sid:84226842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363743)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363743/; classtype:trojan-activity;sid:84226843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363744)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363744/; classtype:trojan-activity;sid:84226844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363745)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363745/; classtype:trojan-activity;sid:84226845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363729)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363729/; classtype:trojan-activity;sid:84226829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363730)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363730/; classtype:trojan-activity;sid:84226830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363731)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363731/; classtype:trojan-activity;sid:84226831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363732)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363732/; classtype:trojan-activity;sid:84226832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363733)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363733/; classtype:trojan-activity;sid:84226833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363734)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363734/; classtype:trojan-activity;sid:84226834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363735)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363735/; classtype:trojan-activity;sid:84226835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363736)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363736/; classtype:trojan-activity;sid:84226836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363737)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363737/; classtype:trojan-activity;sid:84226837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363738)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363738/; classtype:trojan-activity;sid:84226838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363739)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363739/; classtype:trojan-activity;sid:84226839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363740)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363740/; classtype:trojan-activity;sid:84226840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363741)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363741/; classtype:trojan-activity;sid:84226841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363721)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363721/; classtype:trojan-activity;sid:84226821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363722)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363722/; classtype:trojan-activity;sid:84226822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363723)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363723/; classtype:trojan-activity;sid:84226823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363724)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363724/; classtype:trojan-activity;sid:84226824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363725)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363725/; classtype:trojan-activity;sid:84226825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363726)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363726/; classtype:trojan-activity;sid:84226826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363727)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363727/; classtype:trojan-activity;sid:84226827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363728)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363728/; classtype:trojan-activity;sid:84226828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363715)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363715/; classtype:trojan-activity;sid:84226815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363716)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363716/; classtype:trojan-activity;sid:84226816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363717)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363717/; classtype:trojan-activity;sid:84226817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363718)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363718/; classtype:trojan-activity;sid:84226818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363719)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363719/; classtype:trojan-activity;sid:84226819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363720)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363720/; classtype:trojan-activity;sid:84226820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363711)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363711/; classtype:trojan-activity;sid:84226811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363712)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363712/; classtype:trojan-activity;sid:84226812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363713)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363713/; classtype:trojan-activity;sid:84226813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363714)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363714/; classtype:trojan-activity;sid:84226814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363710)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363710/; classtype:trojan-activity;sid:84226810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363709)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363709/; classtype:trojan-activity;sid:84226809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363708)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363708/; classtype:trojan-activity;sid:84226808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363704)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363704/; classtype:trojan-activity;sid:84226804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363705)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363705/; classtype:trojan-activity;sid:84226805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363706)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363706/; classtype:trojan-activity;sid:84226806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363707)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363707/; classtype:trojan-activity;sid:84226807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363696)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363696/; classtype:trojan-activity;sid:84226796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363697)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363697/; classtype:trojan-activity;sid:84226797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363698)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363698/; classtype:trojan-activity;sid:84226798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363699)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363699/; classtype:trojan-activity;sid:84226799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363700)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363700/; classtype:trojan-activity;sid:84226800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363701)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363701/; classtype:trojan-activity;sid:84226801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363702)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363702/; classtype:trojan-activity;sid:84226802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363703)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363703/; classtype:trojan-activity;sid:84226803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363680)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363680/; classtype:trojan-activity;sid:84226780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363681)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363681/; classtype:trojan-activity;sid:84226781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363682)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363682/; classtype:trojan-activity;sid:84226782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363683)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363683/; classtype:trojan-activity;sid:84226783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363684)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363684/; classtype:trojan-activity;sid:84226784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363685)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363685/; classtype:trojan-activity;sid:84226785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363686)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363686/; classtype:trojan-activity;sid:84226786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363687)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363687/; classtype:trojan-activity;sid:84226787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363688)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363688/; classtype:trojan-activity;sid:84226788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363689)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363689/; classtype:trojan-activity;sid:84226789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363690)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363690/; classtype:trojan-activity;sid:84226790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363691)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363691/; classtype:trojan-activity;sid:84226791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363692)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363692/; classtype:trojan-activity;sid:84226792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363693)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363693/; classtype:trojan-activity;sid:84226793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363694)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363694/; classtype:trojan-activity;sid:84226794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363695)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363695/; classtype:trojan-activity;sid:84226795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363679)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363679/; classtype:trojan-activity;sid:84226779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363675)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363675/; classtype:trojan-activity;sid:84226775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363676)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363676/; classtype:trojan-activity;sid:84226776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363677)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363677/; classtype:trojan-activity;sid:84226777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363678)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363678/; classtype:trojan-activity;sid:84226778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363671)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363671/; classtype:trojan-activity;sid:84226771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363672)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363672/; classtype:trojan-activity;sid:84226772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363673)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363673/; classtype:trojan-activity;sid:84226773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363674)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363674/; classtype:trojan-activity;sid:84226774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363669)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363669/; classtype:trojan-activity;sid:84226769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363670)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363670/; classtype:trojan-activity;sid:84226770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363657)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363657/; classtype:trojan-activity;sid:84226757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363658)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363658/; classtype:trojan-activity;sid:84226758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363659)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363659/; classtype:trojan-activity;sid:84226759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363660)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363660/; classtype:trojan-activity;sid:84226760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363661)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363661/; classtype:trojan-activity;sid:84226761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363662)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363662/; classtype:trojan-activity;sid:84226762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363663)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363663/; classtype:trojan-activity;sid:84226763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363664)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363664/; classtype:trojan-activity;sid:84226764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363665)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363665/; classtype:trojan-activity;sid:84226765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363666)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363666/; classtype:trojan-activity;sid:84226766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363667)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363667/; classtype:trojan-activity;sid:84226767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363668)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363668/; classtype:trojan-activity;sid:84226768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363648)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363648/; classtype:trojan-activity;sid:84226748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363649)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363649/; classtype:trojan-activity;sid:84226749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363650)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363650/; classtype:trojan-activity;sid:84226750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363651)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363651/; classtype:trojan-activity;sid:84226751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363652)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363652/; classtype:trojan-activity;sid:84226752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363653)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363653/; classtype:trojan-activity;sid:84226753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363654)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363654/; classtype:trojan-activity;sid:84226754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363655)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363655/; classtype:trojan-activity;sid:84226755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363656)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363656/; classtype:trojan-activity;sid:84226756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363636)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363636/; classtype:trojan-activity;sid:84226736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363637)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363637/; classtype:trojan-activity;sid:84226737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363638)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363638/; classtype:trojan-activity;sid:84226738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363639)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363639/; classtype:trojan-activity;sid:84226739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363640)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363640/; classtype:trojan-activity;sid:84226740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363641)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363641/; classtype:trojan-activity;sid:84226741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363642)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363642/; classtype:trojan-activity;sid:84226742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363643)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363643/; classtype:trojan-activity;sid:84226743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363644)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363644/; classtype:trojan-activity;sid:84226744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363645)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363645/; classtype:trojan-activity;sid:84226745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363646)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363646/; classtype:trojan-activity;sid:84226746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363647)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363647/; classtype:trojan-activity;sid:84226747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363633)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363633/; classtype:trojan-activity;sid:84226733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363634)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363634/; classtype:trojan-activity;sid:84226734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363635)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363635/; classtype:trojan-activity;sid:84226735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363631)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363631/; classtype:trojan-activity;sid:84226731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363632)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363632/; classtype:trojan-activity;sid:84226732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363630)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363630/; classtype:trojan-activity;sid:84226730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363629)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363629/; classtype:trojan-activity;sid:84226729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363627)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363627/; classtype:trojan-activity;sid:84226727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363628)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363628/; classtype:trojan-activity;sid:84226728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363615)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363615/; classtype:trojan-activity;sid:84226715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363616)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363616/; classtype:trojan-activity;sid:84226716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363617)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363617/; classtype:trojan-activity;sid:84226717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363618)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363618/; classtype:trojan-activity;sid:84226718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.163.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363619/; classtype:trojan-activity;sid:84226719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363620)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363620/; classtype:trojan-activity;sid:84226720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363621)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363621/; classtype:trojan-activity;sid:84226721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363622)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363622/; classtype:trojan-activity;sid:84226722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363623)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363623/; classtype:trojan-activity;sid:84226723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363624)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363624/; classtype:trojan-activity;sid:84226724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363625)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363625/; classtype:trojan-activity;sid:84226725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363626)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363626/; classtype:trojan-activity;sid:84226726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363596)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363596/; classtype:trojan-activity;sid:84226696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363597)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363597/; classtype:trojan-activity;sid:84226697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363598)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363598/; classtype:trojan-activity;sid:84226698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363599)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363599/; classtype:trojan-activity;sid:84226699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363600)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363600/; classtype:trojan-activity;sid:84226700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363601)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"supportameli.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363601/; classtype:trojan-activity;sid:84226701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363602)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363602/; classtype:trojan-activity;sid:84226702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363603)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"organisme-renouvellement.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363603/; classtype:trojan-activity;sid:84226703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363604)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363604/; classtype:trojan-activity;sid:84226704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363605)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363605/; classtype:trojan-activity;sid:84226705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363606)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-macommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363606/; classtype:trojan-activity;sid:84226706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363607)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363607/; classtype:trojan-activity;sid:84226707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363608)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363608/; classtype:trojan-activity;sid:84226708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363609)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363609/; classtype:trojan-activity;sid:84226709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363610)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363610/; classtype:trojan-activity;sid:84226710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363611)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363611/; classtype:trojan-activity;sid:84226711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363612)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363612/; classtype:trojan-activity;sid:84226712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363613)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363613/; classtype:trojan-activity;sid:84226713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363614)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363614/; classtype:trojan-activity;sid:84226714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363593)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363593/; classtype:trojan-activity;sid:84226693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363594)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363594/; classtype:trojan-activity;sid:84226694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363595)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363595/; classtype:trojan-activity;sid:84226695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363592)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363592/; classtype:trojan-activity;sid:84226692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363591)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363591/; classtype:trojan-activity;sid:84226691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363590)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363590/; classtype:trojan-activity;sid:84226690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363583)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363583/; classtype:trojan-activity;sid:84226683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363584)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363584/; classtype:trojan-activity;sid:84226684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363585)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363585/; classtype:trojan-activity;sid:84226685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363586)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363586/; classtype:trojan-activity;sid:84226686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363587)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"info-paiement-ligne.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363587/; classtype:trojan-activity;sid:84226687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363588)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363588/; classtype:trojan-activity;sid:84226688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363589)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363589/; classtype:trojan-activity;sid:84226689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363557)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363557/; classtype:trojan-activity;sid:84226657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363558)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363558/; classtype:trojan-activity;sid:84226658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363559)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363559/; classtype:trojan-activity;sid:84226659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363560)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363560/; classtype:trojan-activity;sid:84226660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363561)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363561/; classtype:trojan-activity;sid:84226661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363562)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363562/; classtype:trojan-activity;sid:84226662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363563)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363563/; classtype:trojan-activity;sid:84226663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363564)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363564/; classtype:trojan-activity;sid:84226664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363565)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363565/; classtype:trojan-activity;sid:84226665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363566)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assuresform.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363566/; classtype:trojan-activity;sid:84226666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363567)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363567/; classtype:trojan-activity;sid:84226667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363568)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363568/; classtype:trojan-activity;sid:84226668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363569)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363569/; classtype:trojan-activity;sid:84226669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.153.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363570/; classtype:trojan-activity;sid:84226670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363571)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363571/; classtype:trojan-activity;sid:84226671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363572)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363572/; classtype:trojan-activity;sid:84226672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363573)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363573/; classtype:trojan-activity;sid:84226673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363574)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363574/; classtype:trojan-activity;sid:84226674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363575)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363575/; classtype:trojan-activity;sid:84226675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363576)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zolldienst.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363576/; classtype:trojan-activity;sid:84226676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363577)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363577/; classtype:trojan-activity;sid:84226677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363578)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363578/; classtype:trojan-activity;sid:84226678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363579)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363579/; classtype:trojan-activity;sid:84226679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363580)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363580/; classtype:trojan-activity;sid:84226680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363581)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"your-upsdelivery.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363581/; classtype:trojan-activity;sid:84226681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363582)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363582/; classtype:trojan-activity;sid:84226682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363554)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363554/; classtype:trojan-activity;sid:84226654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363555)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363555/; classtype:trojan-activity;sid:84226655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363556)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363556/; classtype:trojan-activity;sid:84226656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363553)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363553/; classtype:trojan-activity;sid:84226653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363552)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363552/; classtype:trojan-activity;sid:84226652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363546)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363546/; classtype:trojan-activity;sid:84226646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363547)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363547/; classtype:trojan-activity;sid:84226647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363548)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363548/; classtype:trojan-activity;sid:84226648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363549)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363549/; classtype:trojan-activity;sid:84226649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363550)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363550/; classtype:trojan-activity;sid:84226650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363551)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363551/; classtype:trojan-activity;sid:84226651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363515)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363515/; classtype:trojan-activity;sid:84226615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363516)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363516/; classtype:trojan-activity;sid:84226616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363517)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363517/; classtype:trojan-activity;sid:84226617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363518)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363518/; classtype:trojan-activity;sid:84226618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363519)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363519/; classtype:trojan-activity;sid:84226619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363520)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363520/; classtype:trojan-activity;sid:84226620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363521)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363521/; classtype:trojan-activity;sid:84226621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363522)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363522/; classtype:trojan-activity;sid:84226622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363523)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363523/; classtype:trojan-activity;sid:84226623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363524)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363524/; classtype:trojan-activity;sid:84226624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363525)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363525/; classtype:trojan-activity;sid:84226625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363526)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363526/; classtype:trojan-activity;sid:84226626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363527)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessorbook.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363527/; classtype:trojan-activity;sid:84226627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363528)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363528/; classtype:trojan-activity;sid:84226628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363529)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mississippistemacademy.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363529/; classtype:trojan-activity;sid:84226629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363530)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363530/; classtype:trojan-activity;sid:84226630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363531)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363531/; classtype:trojan-activity;sid:84226631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363532)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363532/; classtype:trojan-activity;sid:84226632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363533)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363533/; classtype:trojan-activity;sid:84226633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363534)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363534/; classtype:trojan-activity;sid:84226634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.103.153.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363535/; classtype:trojan-activity;sid:84226635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363536)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363536/; classtype:trojan-activity;sid:84226636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363537)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363537/; classtype:trojan-activity;sid:84226637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363538)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363538/; classtype:trojan-activity;sid:84226638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363539)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363539/; classtype:trojan-activity;sid:84226639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363540)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363540/; classtype:trojan-activity;sid:84226640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363541)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amelcarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363541/; classtype:trojan-activity;sid:84226641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363542)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363542/; classtype:trojan-activity;sid:84226642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363543)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363543/; classtype:trojan-activity;sid:84226643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363544)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"new-consigne-sms-track.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363544/; classtype:trojan-activity;sid:84226644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363545)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363545/; classtype:trojan-activity;sid:84226645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363513)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363513/; classtype:trojan-activity;sid:84226613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363514)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363514/; classtype:trojan-activity;sid:84226614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363501)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-ma-livraison.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363501/; classtype:trojan-activity;sid:84226601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363502)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"adresse-confirmation.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363502/; classtype:trojan-activity;sid:84226602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363503)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363503/; classtype:trojan-activity;sid:84226603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363504)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monformulaire-sante.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363504/; classtype:trojan-activity;sid:84226604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363505)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-zollkontrolle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363505/; classtype:trojan-activity;sid:84226605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363506)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"info-comptevitale.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363506/; classtype:trojan-activity;sid:84226606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363507)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lieferdienste-deutsche.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363507/; classtype:trojan-activity;sid:84226607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363508)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"parcel-track-find.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363508/; classtype:trojan-activity;sid:84226608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363509)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363509/; classtype:trojan-activity;sid:84226609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363510)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--espace-vitale--niveau-sms-zbc.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363510/; classtype:trojan-activity;sid:84226610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363511)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363511/; classtype:trojan-activity;sid:84226611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363512)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mariafgilbert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363512/; classtype:trojan-activity;sid:84226612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363473)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363473/; classtype:trojan-activity;sid:84226573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363474)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-suivi-logistique.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363474/; classtype:trojan-activity;sid:84226574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363475)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--espace-vitale--jours-sms-87b.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363475/; classtype:trojan-activity;sid:84226575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363476)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-colis-info.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363476/; classtype:trojan-activity;sid:84226576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363477)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363477/; classtype:trojan-activity;sid:84226577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363478)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363478/; classtype:trojan-activity;sid:84226578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363479)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363479/; classtype:trojan-activity;sid:84226579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363480)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"consulter-mon-amende.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363480/; classtype:trojan-activity;sid:84226580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363481)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-liefern.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363481/; classtype:trojan-activity;sid:84226581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363482)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363482/; classtype:trojan-activity;sid:84226582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363483)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363483/; classtype:trojan-activity;sid:84226583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363484)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363484/; classtype:trojan-activity;sid:84226584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363485)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espacesantefr-assurance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363485/; classtype:trojan-activity;sid:84226585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363486)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363486/; classtype:trojan-activity;sid:84226586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363487)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363487/; classtype:trojan-activity;sid:84226587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363488)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363488/; classtype:trojan-activity;sid:84226588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363489)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guichet-bpost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363489/; classtype:trojan-activity;sid:84226589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363490)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"securite-traitement-gouv.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363490/; classtype:trojan-activity;sid:84226590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363491)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"chronopost-suivi-fr.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363491/; classtype:trojan-activity;sid:84226591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363492)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--ameli--niveau-sms-tob.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363492/; classtype:trojan-activity;sid:84226592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363493)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simit-pagos.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363493/; classtype:trojan-activity;sid:84226593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363494)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"centre-de-tri-ups.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363494/; classtype:trojan-activity;sid:84226594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363495)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-stationnement-suivis.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363495/; classtype:trojan-activity;sid:84226595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363496)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363496/; classtype:trojan-activity;sid:84226596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363497)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tricazo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363497/; classtype:trojan-activity;sid:84226597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363498)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-dienste.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363498/; classtype:trojan-activity;sid:84226598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363499)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmaintenancewebmeil.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363499/; classtype:trojan-activity;sid:84226599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363500)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assu-vitale.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363500/; classtype:trojan-activity;sid:84226600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363458)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363458/; classtype:trojan-activity;sid:84226558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363459)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363459/; classtype:trojan-activity;sid:84226559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363460)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363460/; classtype:trojan-activity;sid:84226560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363461)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363461/; classtype:trojan-activity;sid:84226561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363462)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363462/; classtype:trojan-activity;sid:84226562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363463)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363463/; classtype:trojan-activity;sid:84226563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363464)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363464/; classtype:trojan-activity;sid:84226564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363465)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363465/; classtype:trojan-activity;sid:84226565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363466)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363466/; classtype:trojan-activity;sid:84226566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363467)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363467/; classtype:trojan-activity;sid:84226567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363468)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363468/; classtype:trojan-activity;sid:84226568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363469)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363469/; classtype:trojan-activity;sid:84226569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363470)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363470/; classtype:trojan-activity;sid:84226570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363471)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363471/; classtype:trojan-activity;sid:84226571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363472)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363472/; classtype:trojan-activity;sid:84226572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363450)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363450/; classtype:trojan-activity;sid:84226550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363451)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363451/; classtype:trojan-activity;sid:84226551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363452)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363452/; classtype:trojan-activity;sid:84226552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363453)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363453/; classtype:trojan-activity;sid:84226553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363454)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363454/; classtype:trojan-activity;sid:84226554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363455)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363455/; classtype:trojan-activity;sid:84226555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363456)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363456/; classtype:trojan-activity;sid:84226556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363457)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363457/; classtype:trojan-activity;sid:84226557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363448)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363448/; classtype:trojan-activity;sid:84226548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363449)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363449/; classtype:trojan-activity;sid:84226549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363444)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363444/; classtype:trojan-activity;sid:84226544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363445)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363445/; classtype:trojan-activity;sid:84226545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363446)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363446/; classtype:trojan-activity;sid:84226546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363447)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363447/; classtype:trojan-activity;sid:84226547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363437)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363437/; classtype:trojan-activity;sid:84226537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363438)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363438/; classtype:trojan-activity;sid:84226538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363439)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363439/; classtype:trojan-activity;sid:84226539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363440)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363440/; classtype:trojan-activity;sid:84226540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363441)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363441/; classtype:trojan-activity;sid:84226541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363442)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363442/; classtype:trojan-activity;sid:84226542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363443)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363443/; classtype:trojan-activity;sid:84226543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363431)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363431/; classtype:trojan-activity;sid:84226531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363432)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363432/; classtype:trojan-activity;sid:84226532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363433)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363433/; classtype:trojan-activity;sid:84226533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363434)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363434/; classtype:trojan-activity;sid:84226534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363435)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363435/; classtype:trojan-activity;sid:84226535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363436)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363436/; classtype:trojan-activity;sid:84226536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363429)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363429/; classtype:trojan-activity;sid:84226529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363430)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363430/; classtype:trojan-activity;sid:84226530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363423)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363423/; classtype:trojan-activity;sid:84226523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363424)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363424/; classtype:trojan-activity;sid:84226524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363425)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363425/; classtype:trojan-activity;sid:84226525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363426)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363426/; classtype:trojan-activity;sid:84226526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363427)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363427/; classtype:trojan-activity;sid:84226527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363428)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363428/; classtype:trojan-activity;sid:84226528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363418)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363418/; classtype:trojan-activity;sid:84226518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363419)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363419/; classtype:trojan-activity;sid:84226519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363420)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363420/; classtype:trojan-activity;sid:84226520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363421)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363421/; classtype:trojan-activity;sid:84226521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363422)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363422/; classtype:trojan-activity;sid:84226522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363413)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363413/; classtype:trojan-activity;sid:84226513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363414)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363414/; classtype:trojan-activity;sid:84226514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363415)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363415/; classtype:trojan-activity;sid:84226515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363416)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363416/; classtype:trojan-activity;sid:84226516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363417)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363417/; classtype:trojan-activity;sid:84226517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363410)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363410/; classtype:trojan-activity;sid:84226510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363411)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363411/; classtype:trojan-activity;sid:84226511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363412)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363412/; classtype:trojan-activity;sid:84226512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363408)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363408/; classtype:trojan-activity;sid:84226508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363409)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363409/; classtype:trojan-activity;sid:84226509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363405)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363405/; classtype:trojan-activity;sid:84226505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363406)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363406/; classtype:trojan-activity;sid:84226506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363407)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363407/; classtype:trojan-activity;sid:84226507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363400)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363400/; classtype:trojan-activity;sid:84226500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363401)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363401/; classtype:trojan-activity;sid:84226501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363402)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363402/; classtype:trojan-activity;sid:84226502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363403)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363403/; classtype:trojan-activity;sid:84226503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363404)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363404/; classtype:trojan-activity;sid:84226504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363391)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363391/; classtype:trojan-activity;sid:84226491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363392)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363392/; classtype:trojan-activity;sid:84226492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363393)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363393/; classtype:trojan-activity;sid:84226493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363394)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363394/; classtype:trojan-activity;sid:84226494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363395)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363395/; classtype:trojan-activity;sid:84226495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363396)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363396/; classtype:trojan-activity;sid:84226496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363397)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363397/; classtype:trojan-activity;sid:84226497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363398)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363398/; classtype:trojan-activity;sid:84226498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363399)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363399/; classtype:trojan-activity;sid:84226499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363384)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363384/; classtype:trojan-activity;sid:84226484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363385)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363385/; classtype:trojan-activity;sid:84226485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363386)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363386/; classtype:trojan-activity;sid:84226486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363387)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363387/; classtype:trojan-activity;sid:84226487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363388)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363388/; classtype:trojan-activity;sid:84226488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363389)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363389/; classtype:trojan-activity;sid:84226489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363390)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363390/; classtype:trojan-activity;sid:84226490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363379)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363379/; classtype:trojan-activity;sid:84226479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363380)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363380/; classtype:trojan-activity;sid:84226480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363381)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363381/; classtype:trojan-activity;sid:84226481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363382)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363382/; classtype:trojan-activity;sid:84226482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363383)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363383/; classtype:trojan-activity;sid:84226483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363372)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363372/; classtype:trojan-activity;sid:84226472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363373)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363373/; classtype:trojan-activity;sid:84226473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363374)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363374/; classtype:trojan-activity;sid:84226474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363375)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363375/; classtype:trojan-activity;sid:84226475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363376)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363376/; classtype:trojan-activity;sid:84226476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363377)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363377/; classtype:trojan-activity;sid:84226477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363378)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363378/; classtype:trojan-activity;sid:84226478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363371)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363371/; classtype:trojan-activity;sid:84226471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363368)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363368/; classtype:trojan-activity;sid:84226468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363369)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363369/; classtype:trojan-activity;sid:84226469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363370)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363370/; classtype:trojan-activity;sid:84226470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363367)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363367/; classtype:trojan-activity;sid:84226467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363362)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363362/; classtype:trojan-activity;sid:84226462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363363)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363363/; classtype:trojan-activity;sid:84226463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363364)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363364/; classtype:trojan-activity;sid:84226464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363365)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363365/; classtype:trojan-activity;sid:84226465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363366)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363366/; classtype:trojan-activity;sid:84226466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363353)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363353/; classtype:trojan-activity;sid:84226453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363354)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363354/; classtype:trojan-activity;sid:84226454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363355)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363355/; classtype:trojan-activity;sid:84226455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363356)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363356/; classtype:trojan-activity;sid:84226456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363357)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363357/; classtype:trojan-activity;sid:84226457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363358)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363358/; classtype:trojan-activity;sid:84226458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363359)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363359/; classtype:trojan-activity;sid:84226459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363360)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363360/; classtype:trojan-activity;sid:84226460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363361)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363361/; classtype:trojan-activity;sid:84226461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363351)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363351/; classtype:trojan-activity;sid:84226451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363352)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363352/; classtype:trojan-activity;sid:84226452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363343)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363343/; classtype:trojan-activity;sid:84226443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363344)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363344/; classtype:trojan-activity;sid:84226444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363345)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363345/; classtype:trojan-activity;sid:84226445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363346)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363346/; classtype:trojan-activity;sid:84226446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363347)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363347/; classtype:trojan-activity;sid:84226447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363348)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363348/; classtype:trojan-activity;sid:84226448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363349)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363349/; classtype:trojan-activity;sid:84226449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363350)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363350/; classtype:trojan-activity;sid:84226450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363337)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363337/; classtype:trojan-activity;sid:84226437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363338)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363338/; classtype:trojan-activity;sid:84226438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363339)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363339/; classtype:trojan-activity;sid:84226439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363340)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363340/; classtype:trojan-activity;sid:84226440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363341)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363341/; classtype:trojan-activity;sid:84226441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363342)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363342/; classtype:trojan-activity;sid:84226442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363332)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363332/; classtype:trojan-activity;sid:84226432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363333)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363333/; classtype:trojan-activity;sid:84226433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363334)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363334/; classtype:trojan-activity;sid:84226434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363335)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363335/; classtype:trojan-activity;sid:84226435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363336)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363336/; classtype:trojan-activity;sid:84226436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363331)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363331/; classtype:trojan-activity;sid:84226431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363328)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363328/; classtype:trojan-activity;sid:84226428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363329)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363329/; classtype:trojan-activity;sid:84226429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363330)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363330/; classtype:trojan-activity;sid:84226430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363320)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363320/; classtype:trojan-activity;sid:84226420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363321)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363321/; classtype:trojan-activity;sid:84226421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363322)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363322/; classtype:trojan-activity;sid:84226422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363323)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363323/; classtype:trojan-activity;sid:84226423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363324)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363324/; classtype:trojan-activity;sid:84226424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363325)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363325/; classtype:trojan-activity;sid:84226425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363326)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363326/; classtype:trojan-activity;sid:84226426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363327)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363327/; classtype:trojan-activity;sid:84226427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363317)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363317/; classtype:trojan-activity;sid:84226417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363318)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363318/; classtype:trojan-activity;sid:84226418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363319)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363319/; classtype:trojan-activity;sid:84226419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363314)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363314/; classtype:trojan-activity;sid:84226414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363315)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363315/; classtype:trojan-activity;sid:84226415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363316)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363316/; classtype:trojan-activity;sid:84226416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363308)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363308/; classtype:trojan-activity;sid:84226408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363309)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363309/; classtype:trojan-activity;sid:84226409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363310)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363310/; classtype:trojan-activity;sid:84226410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363311)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363311/; classtype:trojan-activity;sid:84226411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363312)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363312/; classtype:trojan-activity;sid:84226412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363313)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363313/; classtype:trojan-activity;sid:84226413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363303)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363303/; classtype:trojan-activity;sid:84226403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363304)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363304/; classtype:trojan-activity;sid:84226404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363305)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363305/; classtype:trojan-activity;sid:84226405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363306)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363306/; classtype:trojan-activity;sid:84226406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363307)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363307/; classtype:trojan-activity;sid:84226407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363296)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363296/; classtype:trojan-activity;sid:84226396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363297)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363297/; classtype:trojan-activity;sid:84226397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363298)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363298/; classtype:trojan-activity;sid:84226398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363299)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363299/; classtype:trojan-activity;sid:84226399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363300)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363300/; classtype:trojan-activity;sid:84226400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363301)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363301/; classtype:trojan-activity;sid:84226401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363302)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363302/; classtype:trojan-activity;sid:84226402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363293)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363293/; classtype:trojan-activity;sid:84226393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363294)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363294/; classtype:trojan-activity;sid:84226394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363295)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363295/; classtype:trojan-activity;sid:84226395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363288)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363288/; classtype:trojan-activity;sid:84226388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363289)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363289/; classtype:trojan-activity;sid:84226389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363290)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363290/; classtype:trojan-activity;sid:84226390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363291)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363291/; classtype:trojan-activity;sid:84226391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363292)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363292/; classtype:trojan-activity;sid:84226392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363286)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363286/; classtype:trojan-activity;sid:84226386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363287)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363287/; classtype:trojan-activity;sid:84226387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363284)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363284/; classtype:trojan-activity;sid:84226384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363285)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363285/; classtype:trojan-activity;sid:84226385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363278)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363278/; classtype:trojan-activity;sid:84226378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363279)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363279/; classtype:trojan-activity;sid:84226379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363280)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363280/; classtype:trojan-activity;sid:84226380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363281)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363281/; classtype:trojan-activity;sid:84226381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363282)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363282/; classtype:trojan-activity;sid:84226382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363283)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363283/; classtype:trojan-activity;sid:84226383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363273)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363273/; classtype:trojan-activity;sid:84226373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363274)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363274/; classtype:trojan-activity;sid:84226374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363275)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363275/; classtype:trojan-activity;sid:84226375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363276)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363276/; classtype:trojan-activity;sid:84226376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363277)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363277/; classtype:trojan-activity;sid:84226377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363270)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363270/; classtype:trojan-activity;sid:84226370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363271)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363271/; classtype:trojan-activity;sid:84226371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363272)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363272/; classtype:trojan-activity;sid:84226372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363263)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363263/; classtype:trojan-activity;sid:84226363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363264)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363264/; classtype:trojan-activity;sid:84226364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363265)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363265/; classtype:trojan-activity;sid:84226365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363266)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363266/; classtype:trojan-activity;sid:84226366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363267)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363267/; classtype:trojan-activity;sid:84226367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363268)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363268/; classtype:trojan-activity;sid:84226368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363269)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363269/; classtype:trojan-activity;sid:84226369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363257)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363257/; classtype:trojan-activity;sid:84226357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363258)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363258/; classtype:trojan-activity;sid:84226358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363259)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363259/; classtype:trojan-activity;sid:84226359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363260)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363260/; classtype:trojan-activity;sid:84226360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363261)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363261/; classtype:trojan-activity;sid:84226361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363262)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363262/; classtype:trojan-activity;sid:84226362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363254)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363254/; classtype:trojan-activity;sid:84226354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363255)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363255/; classtype:trojan-activity;sid:84226355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363256)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363256/; classtype:trojan-activity;sid:84226356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363251)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363251/; classtype:trojan-activity;sid:84226351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363252)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363252/; classtype:trojan-activity;sid:84226352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363253)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363253/; classtype:trojan-activity;sid:84226353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363247)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363247/; classtype:trojan-activity;sid:84226347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363248)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363248/; classtype:trojan-activity;sid:84226348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363249)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363249/; classtype:trojan-activity;sid:84226349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363250)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363250/; classtype:trojan-activity;sid:84226350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363246)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363246/; classtype:trojan-activity;sid:84226346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363238)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363238/; classtype:trojan-activity;sid:84226338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363239)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363239/; classtype:trojan-activity;sid:84226339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363240)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363240/; classtype:trojan-activity;sid:84226340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363241)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363241/; classtype:trojan-activity;sid:84226341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363242)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363242/; classtype:trojan-activity;sid:84226342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363243)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363243/; classtype:trojan-activity;sid:84226343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363244)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363244/; classtype:trojan-activity;sid:84226344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363245)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363245/; classtype:trojan-activity;sid:84226345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363236)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363236/; classtype:trojan-activity;sid:84226336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363237)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363237/; classtype:trojan-activity;sid:84226337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363232)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363232/; classtype:trojan-activity;sid:84226332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363233)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363233/; classtype:trojan-activity;sid:84226333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363234)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363234/; classtype:trojan-activity;sid:84226334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363235)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363235/; classtype:trojan-activity;sid:84226335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363231)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363231/; classtype:trojan-activity;sid:84226331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363227)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363227/; classtype:trojan-activity;sid:84226327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363228)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363228/; classtype:trojan-activity;sid:84226328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363229)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363229/; classtype:trojan-activity;sid:84226329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363230)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363230/; classtype:trojan-activity;sid:84226330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363222)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363222/; classtype:trojan-activity;sid:84226322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363223)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363223/; classtype:trojan-activity;sid:84226323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363224)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363224/; classtype:trojan-activity;sid:84226324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363225)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363225/; classtype:trojan-activity;sid:84226325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363226)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363226/; classtype:trojan-activity;sid:84226326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363213)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363213/; classtype:trojan-activity;sid:84226313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363214)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363214/; classtype:trojan-activity;sid:84226314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363215)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363215/; classtype:trojan-activity;sid:84226315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363216)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363216/; classtype:trojan-activity;sid:84226316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363217)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363217/; classtype:trojan-activity;sid:84226317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363218)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363218/; classtype:trojan-activity;sid:84226318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363219)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363219/; classtype:trojan-activity;sid:84226319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363220)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363220/; classtype:trojan-activity;sid:84226320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363221)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363221/; classtype:trojan-activity;sid:84226321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363211)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363211/; classtype:trojan-activity;sid:84226311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363212)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363212/; classtype:trojan-activity;sid:84226312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363200)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363200/; classtype:trojan-activity;sid:84226300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363201)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363201/; classtype:trojan-activity;sid:84226301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363202)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363202/; classtype:trojan-activity;sid:84226302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363203)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363203/; classtype:trojan-activity;sid:84226303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363204)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363204/; classtype:trojan-activity;sid:84226304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363205)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363205/; classtype:trojan-activity;sid:84226305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363206)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363206/; classtype:trojan-activity;sid:84226306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363207)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363207/; classtype:trojan-activity;sid:84226307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363208)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363208/; classtype:trojan-activity;sid:84226308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363209)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363209/; classtype:trojan-activity;sid:84226309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363210)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363210/; classtype:trojan-activity;sid:84226310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363199)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363199/; classtype:trojan-activity;sid:84226299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363198)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363198/; classtype:trojan-activity;sid:84226298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363196)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363196/; classtype:trojan-activity;sid:84226296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363197)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363197/; classtype:trojan-activity;sid:84226297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363194)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363194/; classtype:trojan-activity;sid:84226294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363195)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363195/; classtype:trojan-activity;sid:84226295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363192)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363192/; classtype:trojan-activity;sid:84226292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363193)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363193/; classtype:trojan-activity;sid:84226293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363189)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363189/; classtype:trojan-activity;sid:84226289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363190)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363190/; classtype:trojan-activity;sid:84226290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363191)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363191/; classtype:trojan-activity;sid:84226291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363180)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363180/; classtype:trojan-activity;sid:84226280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363181)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363181/; classtype:trojan-activity;sid:84226281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363182)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363182/; classtype:trojan-activity;sid:84226282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363183)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363183/; classtype:trojan-activity;sid:84226283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363184)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363184/; classtype:trojan-activity;sid:84226284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363185)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363185/; classtype:trojan-activity;sid:84226285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363186)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363186/; classtype:trojan-activity;sid:84226286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363187)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363187/; classtype:trojan-activity;sid:84226287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363188)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363188/; classtype:trojan-activity;sid:84226288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363173)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363173/; classtype:trojan-activity;sid:84226273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363174)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363174/; classtype:trojan-activity;sid:84226274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363175)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363175/; classtype:trojan-activity;sid:84226275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363176)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363176/; classtype:trojan-activity;sid:84226276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363177)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363177/; classtype:trojan-activity;sid:84226277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363178)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363178/; classtype:trojan-activity;sid:84226278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363179)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363179/; classtype:trojan-activity;sid:84226279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363166)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363166/; classtype:trojan-activity;sid:84226266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363167)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363167/; classtype:trojan-activity;sid:84226267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363168)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363168/; classtype:trojan-activity;sid:84226268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363169)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363169/; classtype:trojan-activity;sid:84226269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363170)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363170/; classtype:trojan-activity;sid:84226270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363171)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363171/; classtype:trojan-activity;sid:84226271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363172)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363172/; classtype:trojan-activity;sid:84226272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363162)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363162/; classtype:trojan-activity;sid:84226262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363163)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363163/; classtype:trojan-activity;sid:84226263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363164)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363164/; classtype:trojan-activity;sid:84226264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363165)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363165/; classtype:trojan-activity;sid:84226265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363161)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363161/; classtype:trojan-activity;sid:84226261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363159)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363159/; classtype:trojan-activity;sid:84226259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363160)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363160/; classtype:trojan-activity;sid:84226260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363158)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363158/; classtype:trojan-activity;sid:84226258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363154)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363154/; classtype:trojan-activity;sid:84226254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363155)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363155/; classtype:trojan-activity;sid:84226255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363156)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363156/; classtype:trojan-activity;sid:84226256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363157)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363157/; classtype:trojan-activity;sid:84226257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363153)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363153/; classtype:trojan-activity;sid:84226253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363144)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363144/; classtype:trojan-activity;sid:84226244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363145)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363145/; classtype:trojan-activity;sid:84226245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363146)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363146/; classtype:trojan-activity;sid:84226246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363147)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363147/; classtype:trojan-activity;sid:84226247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363148)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363148/; classtype:trojan-activity;sid:84226248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363149)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363149/; classtype:trojan-activity;sid:84226249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363150)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363150/; classtype:trojan-activity;sid:84226250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363151)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363151/; classtype:trojan-activity;sid:84226251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363152)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363152/; classtype:trojan-activity;sid:84226252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363136)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363136/; classtype:trojan-activity;sid:84226236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363137)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363137/; classtype:trojan-activity;sid:84226237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363138)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363138/; classtype:trojan-activity;sid:84226238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363139)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363139/; classtype:trojan-activity;sid:84226239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363140)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363140/; classtype:trojan-activity;sid:84226240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363141)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363141/; classtype:trojan-activity;sid:84226241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363142)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363142/; classtype:trojan-activity;sid:84226242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363143)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363143/; classtype:trojan-activity;sid:84226243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363127)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363127/; classtype:trojan-activity;sid:84226227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363128)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363128/; classtype:trojan-activity;sid:84226228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363129)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363129/; classtype:trojan-activity;sid:84226229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363130)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363130/; classtype:trojan-activity;sid:84226230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363131)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363131/; classtype:trojan-activity;sid:84226231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363132)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363132/; classtype:trojan-activity;sid:84226232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363133)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363133/; classtype:trojan-activity;sid:84226233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363134)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363134/; classtype:trojan-activity;sid:84226234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363135)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363135/; classtype:trojan-activity;sid:84226235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363125)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363125/; classtype:trojan-activity;sid:84226225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363126)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363126/; classtype:trojan-activity;sid:84226226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363122)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363122/; classtype:trojan-activity;sid:84226222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363123)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363123/; classtype:trojan-activity;sid:84226223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363124)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363124/; classtype:trojan-activity;sid:84226224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363118)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363118/; classtype:trojan-activity;sid:84226218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363119)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363119/; classtype:trojan-activity;sid:84226219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363120)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363120/; classtype:trojan-activity;sid:84226220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363121)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363121/; classtype:trojan-activity;sid:84226221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363116)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363116/; classtype:trojan-activity;sid:84226216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363117)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363117/; classtype:trojan-activity;sid:84226217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363115)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363115/; classtype:trojan-activity;sid:84226215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363104)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363104/; classtype:trojan-activity;sid:84226204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363105)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363105/; classtype:trojan-activity;sid:84226205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363106)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363106/; classtype:trojan-activity;sid:84226206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363107)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363107/; classtype:trojan-activity;sid:84226207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363108)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363108/; classtype:trojan-activity;sid:84226208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363109)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363109/; classtype:trojan-activity;sid:84226209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363110)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363110/; classtype:trojan-activity;sid:84226210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363111)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363111/; classtype:trojan-activity;sid:84226211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363112)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363112/; classtype:trojan-activity;sid:84226212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363113)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363113/; classtype:trojan-activity;sid:84226213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363114)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363114/; classtype:trojan-activity;sid:84226214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363099)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363099/; classtype:trojan-activity;sid:84226199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363100)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363100/; classtype:trojan-activity;sid:84226200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363101)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363101/; classtype:trojan-activity;sid:84226201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363102)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363102/; classtype:trojan-activity;sid:84226202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363103)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363103/; classtype:trojan-activity;sid:84226203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363095)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363095/; classtype:trojan-activity;sid:84226195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363096)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363096/; classtype:trojan-activity;sid:84226196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363097)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363097/; classtype:trojan-activity;sid:84226197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363098)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363098/; classtype:trojan-activity;sid:84226198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363088)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363088/; classtype:trojan-activity;sid:84226188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363089)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363089/; classtype:trojan-activity;sid:84226189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363090)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363090/; classtype:trojan-activity;sid:84226190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363091)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363091/; classtype:trojan-activity;sid:84226191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363092)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363092/; classtype:trojan-activity;sid:84226192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363093)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363093/; classtype:trojan-activity;sid:84226193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363094)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363094/; classtype:trojan-activity;sid:84226194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363086)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363086/; classtype:trojan-activity;sid:84226186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363087)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363087/; classtype:trojan-activity;sid:84226187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363082)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363082/; classtype:trojan-activity;sid:84226182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363083)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363083/; classtype:trojan-activity;sid:84226183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363084)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363084/; classtype:trojan-activity;sid:84226184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363085)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363085/; classtype:trojan-activity;sid:84226185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363080)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363080/; classtype:trojan-activity;sid:84226180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363081)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363081/; classtype:trojan-activity;sid:84226181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363079)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363079/; classtype:trojan-activity;sid:84226179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363076)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363076/; classtype:trojan-activity;sid:84226176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363077)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363077/; classtype:trojan-activity;sid:84226177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363078)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363078/; classtype:trojan-activity;sid:84226178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363073)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363073/; classtype:trojan-activity;sid:84226173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.207.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363074/; classtype:trojan-activity;sid:84226174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363075)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363075/; classtype:trojan-activity;sid:84226175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363060)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363060/; classtype:trojan-activity;sid:84226160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363061)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363061/; classtype:trojan-activity;sid:84226161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363062)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363062/; classtype:trojan-activity;sid:84226162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363063)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363063/; classtype:trojan-activity;sid:84226163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363064)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363064/; classtype:trojan-activity;sid:84226164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363065)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363065/; classtype:trojan-activity;sid:84226165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363066)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363066/; classtype:trojan-activity;sid:84226166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363067)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363067/; classtype:trojan-activity;sid:84226167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363068)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363068/; classtype:trojan-activity;sid:84226168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363069)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363069/; classtype:trojan-activity;sid:84226169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363070)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363070/; classtype:trojan-activity;sid:84226170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363071)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363071/; classtype:trojan-activity;sid:84226171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363072)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363072/; classtype:trojan-activity;sid:84226172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363055)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363055/; classtype:trojan-activity;sid:84226155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363056)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363056/; classtype:trojan-activity;sid:84226156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363057)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363057/; classtype:trojan-activity;sid:84226157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363058)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363058/; classtype:trojan-activity;sid:84226158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363059)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363059/; classtype:trojan-activity;sid:84226159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363052)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363052/; classtype:trojan-activity;sid:84226152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363053)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363053/; classtype:trojan-activity;sid:84226153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363054)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363054/; classtype:trojan-activity;sid:84226154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363050)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363050/; classtype:trojan-activity;sid:84226150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363051)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363051/; classtype:trojan-activity;sid:84226151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363046)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363046/; classtype:trojan-activity;sid:84226146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363047)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363047/; classtype:trojan-activity;sid:84226147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363048)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363048/; classtype:trojan-activity;sid:84226148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363049)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363049/; classtype:trojan-activity;sid:84226149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363042)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363042/; classtype:trojan-activity;sid:84226142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363043)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363043/; classtype:trojan-activity;sid:84226143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363044)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363044/; classtype:trojan-activity;sid:84226144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363045)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363045/; classtype:trojan-activity;sid:84226145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363040)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363040/; classtype:trojan-activity;sid:84226140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363041)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363041/; classtype:trojan-activity;sid:84226141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363036)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363036/; classtype:trojan-activity;sid:84226136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363037)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363037/; classtype:trojan-activity;sid:84226137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363038)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363038/; classtype:trojan-activity;sid:84226138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363039)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363039/; classtype:trojan-activity;sid:84226139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363033)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363033/; classtype:trojan-activity;sid:84226133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363034)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363034/; classtype:trojan-activity;sid:84226134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363035)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363035/; classtype:trojan-activity;sid:84226135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363029)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363029/; classtype:trojan-activity;sid:84226129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363030)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363030/; classtype:trojan-activity;sid:84226130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363031)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363031/; classtype:trojan-activity;sid:84226131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363032)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363032/; classtype:trojan-activity;sid:84226132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363024)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363024/; classtype:trojan-activity;sid:84226124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363025)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363025/; classtype:trojan-activity;sid:84226125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363026)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363026/; classtype:trojan-activity;sid:84226126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363027)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363027/; classtype:trojan-activity;sid:84226127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363028)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363028/; classtype:trojan-activity;sid:84226128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363019)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363019/; classtype:trojan-activity;sid:84226119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363020)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363020/; classtype:trojan-activity;sid:84226120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363021)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363021/; classtype:trojan-activity;sid:84226121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363022)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363022/; classtype:trojan-activity;sid:84226122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363023)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363023/; classtype:trojan-activity;sid:84226123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363016)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363016/; classtype:trojan-activity;sid:84226116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363017)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363017/; classtype:trojan-activity;sid:84226117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363018)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363018/; classtype:trojan-activity;sid:84226118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363012)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363012/; classtype:trojan-activity;sid:84226112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363013)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363013/; classtype:trojan-activity;sid:84226113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363014)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363014/; classtype:trojan-activity;sid:84226114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363015)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363015/; classtype:trojan-activity;sid:84226115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363010)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363010/; classtype:trojan-activity;sid:84226110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363011)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363011/; classtype:trojan-activity;sid:84226111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363007)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363007/; classtype:trojan-activity;sid:84226107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363008)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363008/; classtype:trojan-activity;sid:84226108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363009)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363009/; classtype:trojan-activity;sid:84226109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363004)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363004/; classtype:trojan-activity;sid:84226104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363005)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363005/; classtype:trojan-activity;sid:84226105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363006)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363006/; classtype:trojan-activity;sid:84226106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363001)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363001/; classtype:trojan-activity;sid:84226101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363002)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363002/; classtype:trojan-activity;sid:84226102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363003)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363003/; classtype:trojan-activity;sid:84226103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362999)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362999/; classtype:trojan-activity;sid:84226099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3363000)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3363000/; classtype:trojan-activity;sid:84226100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362996)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362996/; classtype:trojan-activity;sid:84226096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362997)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362997/; classtype:trojan-activity;sid:84226097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362998)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362998/; classtype:trojan-activity;sid:84226098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362995)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362995/; classtype:trojan-activity;sid:84226095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362994)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362994/; classtype:trojan-activity;sid:84226094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362990)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362990/; classtype:trojan-activity;sid:84226090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362991)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362991/; classtype:trojan-activity;sid:84226091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362992)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362992/; classtype:trojan-activity;sid:84226092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362993)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362993/; classtype:trojan-activity;sid:84226093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362985)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362985/; classtype:trojan-activity;sid:84226085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362986)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362986/; classtype:trojan-activity;sid:84226086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362987)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362987/; classtype:trojan-activity;sid:84226087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362988)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362988/; classtype:trojan-activity;sid:84226088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362989)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362989/; classtype:trojan-activity;sid:84226089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362981)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362981/; classtype:trojan-activity;sid:84226081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362982)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362982/; classtype:trojan-activity;sid:84226082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362983)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362983/; classtype:trojan-activity;sid:84226083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362984)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362984/; classtype:trojan-activity;sid:84226084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362971)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362971/; classtype:trojan-activity;sid:84226071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362972)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362972/; classtype:trojan-activity;sid:84226072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362973)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362973/; classtype:trojan-activity;sid:84226073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362974)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362974/; classtype:trojan-activity;sid:84226074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362975)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362975/; classtype:trojan-activity;sid:84226075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362976)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362976/; classtype:trojan-activity;sid:84226076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362977)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362977/; classtype:trojan-activity;sid:84226077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362978)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362978/; classtype:trojan-activity;sid:84226078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362979)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362979/; classtype:trojan-activity;sid:84226079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362980)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362980/; classtype:trojan-activity;sid:84226080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362963)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362963/; classtype:trojan-activity;sid:84226063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362964)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362964/; classtype:trojan-activity;sid:84226064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362965)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362965/; classtype:trojan-activity;sid:84226065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362966)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362966/; classtype:trojan-activity;sid:84226066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362967)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362967/; classtype:trojan-activity;sid:84226067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362968)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362968/; classtype:trojan-activity;sid:84226068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362969)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362969/; classtype:trojan-activity;sid:84226069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362970)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362970/; classtype:trojan-activity;sid:84226070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362960)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362960/; classtype:trojan-activity;sid:84226060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362961)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362961/; classtype:trojan-activity;sid:84226061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362962)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362962/; classtype:trojan-activity;sid:84226062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362956)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362956/; classtype:trojan-activity;sid:84226056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362957)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362957/; classtype:trojan-activity;sid:84226057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362958)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362958/; classtype:trojan-activity;sid:84226058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362959)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362959/; classtype:trojan-activity;sid:84226059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362955)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362955/; classtype:trojan-activity;sid:84226055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362952)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362952/; classtype:trojan-activity;sid:84226052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362953)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362953/; classtype:trojan-activity;sid:84226053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362954)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362954/; classtype:trojan-activity;sid:84226054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362948)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362948/; classtype:trojan-activity;sid:84226048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362949)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362949/; classtype:trojan-activity;sid:84226049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362950)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362950/; classtype:trojan-activity;sid:84226050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362951)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362951/; classtype:trojan-activity;sid:84226051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362938)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362938/; classtype:trojan-activity;sid:84226038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362939)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362939/; classtype:trojan-activity;sid:84226039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362940)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362940/; classtype:trojan-activity;sid:84226040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362941)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362941/; classtype:trojan-activity;sid:84226041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362942)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362942/; classtype:trojan-activity;sid:84226042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362943)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362943/; classtype:trojan-activity;sid:84226043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362944)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362944/; classtype:trojan-activity;sid:84226044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362945)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362945/; classtype:trojan-activity;sid:84226045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362946)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362946/; classtype:trojan-activity;sid:84226046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362947)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362947/; classtype:trojan-activity;sid:84226047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362924)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362924/; classtype:trojan-activity;sid:84226024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362925)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362925/; classtype:trojan-activity;sid:84226025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362926)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362926/; classtype:trojan-activity;sid:84226026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362927)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362927/; classtype:trojan-activity;sid:84226027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362928)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362928/; classtype:trojan-activity;sid:84226028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362929)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362929/; classtype:trojan-activity;sid:84226029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362930)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362930/; classtype:trojan-activity;sid:84226030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362931)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362931/; classtype:trojan-activity;sid:84226031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362932)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362932/; classtype:trojan-activity;sid:84226032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362933)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362933/; classtype:trojan-activity;sid:84226033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362934)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362934/; classtype:trojan-activity;sid:84226034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362935)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362935/; classtype:trojan-activity;sid:84226035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362936)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362936/; classtype:trojan-activity;sid:84226036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362937)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362937/; classtype:trojan-activity;sid:84226037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362921)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362921/; classtype:trojan-activity;sid:84226021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362922)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362922/; classtype:trojan-activity;sid:84226022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362923)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362923/; classtype:trojan-activity;sid:84226023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362919)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362919/; classtype:trojan-activity;sid:84226019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362920)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362920/; classtype:trojan-activity;sid:84226020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362916)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362916/; classtype:trojan-activity;sid:84226016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362917)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362917/; classtype:trojan-activity;sid:84226017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362918)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362918/; classtype:trojan-activity;sid:84226018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362913)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362913/; classtype:trojan-activity;sid:84226013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362914)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362914/; classtype:trojan-activity;sid:84226014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362915)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362915/; classtype:trojan-activity;sid:84226015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362911)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362911/; classtype:trojan-activity;sid:84226011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362912)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362912/; classtype:trojan-activity;sid:84226012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362898)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362898/; classtype:trojan-activity;sid:84225998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362899)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362899/; classtype:trojan-activity;sid:84225999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362900)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362900/; classtype:trojan-activity;sid:84226000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362901)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362901/; classtype:trojan-activity;sid:84226001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362902)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362902/; classtype:trojan-activity;sid:84226002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362903)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362903/; classtype:trojan-activity;sid:84226003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362904)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362904/; classtype:trojan-activity;sid:84226004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362905)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362905/; classtype:trojan-activity;sid:84226005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362906)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362906/; classtype:trojan-activity;sid:84226006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362907)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362907/; classtype:trojan-activity;sid:84226007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362908)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362908/; classtype:trojan-activity;sid:84226008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362909)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362909/; classtype:trojan-activity;sid:84226009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362910)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362910/; classtype:trojan-activity;sid:84226010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362887)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362887/; classtype:trojan-activity;sid:84225987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362888)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362888/; classtype:trojan-activity;sid:84225988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362889)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362889/; classtype:trojan-activity;sid:84225989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362890)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362890/; classtype:trojan-activity;sid:84225990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362891)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362891/; classtype:trojan-activity;sid:84225991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362892)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362892/; classtype:trojan-activity;sid:84225992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362893)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362893/; classtype:trojan-activity;sid:84225993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362894)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362894/; classtype:trojan-activity;sid:84225994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362895)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362895/; classtype:trojan-activity;sid:84225995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362896)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362896/; classtype:trojan-activity;sid:84225996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362897)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362897/; classtype:trojan-activity;sid:84225997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362882)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362882/; classtype:trojan-activity;sid:84225982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362883)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362883/; classtype:trojan-activity;sid:84225983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362884)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362884/; classtype:trojan-activity;sid:84225984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362885)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362885/; classtype:trojan-activity;sid:84225985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362886)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362886/; classtype:trojan-activity;sid:84225986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362881)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362881/; classtype:trojan-activity;sid:84225981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362880)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362880/; classtype:trojan-activity;sid:84225980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362879)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362879/; classtype:trojan-activity;sid:84225979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362877)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362877/; classtype:trojan-activity;sid:84225977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362878)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362878/; classtype:trojan-activity;sid:84225978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362874)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362874/; classtype:trojan-activity;sid:84225974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362875)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362875/; classtype:trojan-activity;sid:84225975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362876)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362876/; classtype:trojan-activity;sid:84225976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362871)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362871/; classtype:trojan-activity;sid:84225971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362872)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362872/; classtype:trojan-activity;sid:84225972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362873)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362873/; classtype:trojan-activity;sid:84225973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362858)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362858/; classtype:trojan-activity;sid:84225958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362859)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362859/; classtype:trojan-activity;sid:84225959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362860)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362860/; classtype:trojan-activity;sid:84225960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362861)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362861/; classtype:trojan-activity;sid:84225961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362862)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362862/; classtype:trojan-activity;sid:84225962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362863)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362863/; classtype:trojan-activity;sid:84225963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362864)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362864/; classtype:trojan-activity;sid:84225964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362865)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362865/; classtype:trojan-activity;sid:84225965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362866)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362866/; classtype:trojan-activity;sid:84225966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362867)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362867/; classtype:trojan-activity;sid:84225967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362868)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362868/; classtype:trojan-activity;sid:84225968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362869)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362869/; classtype:trojan-activity;sid:84225969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362870)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362870/; classtype:trojan-activity;sid:84225970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362847)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362847/; classtype:trojan-activity;sid:84225947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362848)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362848/; classtype:trojan-activity;sid:84225948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362849)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362849/; classtype:trojan-activity;sid:84225949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362850)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362850/; classtype:trojan-activity;sid:84225950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362851)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362851/; classtype:trojan-activity;sid:84225951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362852)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362852/; classtype:trojan-activity;sid:84225952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362853)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362853/; classtype:trojan-activity;sid:84225953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362854)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362854/; classtype:trojan-activity;sid:84225954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362855)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362855/; classtype:trojan-activity;sid:84225955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362856)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362856/; classtype:trojan-activity;sid:84225956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362857)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362857/; classtype:trojan-activity;sid:84225957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362844)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362844/; classtype:trojan-activity;sid:84225944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362845)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362845/; classtype:trojan-activity;sid:84225945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362846)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362846/; classtype:trojan-activity;sid:84225946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362842)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362842/; classtype:trojan-activity;sid:84225942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362843)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362843/; classtype:trojan-activity;sid:84225943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362838)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362838/; classtype:trojan-activity;sid:84225938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362839)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362839/; classtype:trojan-activity;sid:84225939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362840)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362840/; classtype:trojan-activity;sid:84225940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362841)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362841/; classtype:trojan-activity;sid:84225941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362837)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362837/; classtype:trojan-activity;sid:84225937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362831)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362831/; classtype:trojan-activity;sid:84225931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362832)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362832/; classtype:trojan-activity;sid:84225932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362833)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362833/; classtype:trojan-activity;sid:84225933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362834)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362834/; classtype:trojan-activity;sid:84225934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362835)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362835/; classtype:trojan-activity;sid:84225935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362836)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362836/; classtype:trojan-activity;sid:84225936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362825)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362825/; classtype:trojan-activity;sid:84225925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362826)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362826/; classtype:trojan-activity;sid:84225926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362827)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362827/; classtype:trojan-activity;sid:84225927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362828)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362828/; classtype:trojan-activity;sid:84225928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362829)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362829/; classtype:trojan-activity;sid:84225929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362830)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362830/; classtype:trojan-activity;sid:84225930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362812)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362812/; classtype:trojan-activity;sid:84225912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362813)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362813/; classtype:trojan-activity;sid:84225913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362814)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362814/; classtype:trojan-activity;sid:84225914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362815)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362815/; classtype:trojan-activity;sid:84225915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362816)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362816/; classtype:trojan-activity;sid:84225916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362817)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362817/; classtype:trojan-activity;sid:84225917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362818)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362818/; classtype:trojan-activity;sid:84225918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362819)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362819/; classtype:trojan-activity;sid:84225919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362820)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362820/; classtype:trojan-activity;sid:84225920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362821)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362821/; classtype:trojan-activity;sid:84225921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362822)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362822/; classtype:trojan-activity;sid:84225922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362823)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362823/; classtype:trojan-activity;sid:84225923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362824)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362824/; classtype:trojan-activity;sid:84225924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362805)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362805/; classtype:trojan-activity;sid:84225905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362806)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362806/; classtype:trojan-activity;sid:84225906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362807)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362807/; classtype:trojan-activity;sid:84225907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362808)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362808/; classtype:trojan-activity;sid:84225908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362809)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362809/; classtype:trojan-activity;sid:84225909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362810)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362810/; classtype:trojan-activity;sid:84225910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362811)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362811/; classtype:trojan-activity;sid:84225911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362804)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362804/; classtype:trojan-activity;sid:84225904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362801)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362801/; classtype:trojan-activity;sid:84225901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362802)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362802/; classtype:trojan-activity;sid:84225902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362803)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362803/; classtype:trojan-activity;sid:84225903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362799)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362799/; classtype:trojan-activity;sid:84225899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362800)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362800/; classtype:trojan-activity;sid:84225900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362794)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362794/; classtype:trojan-activity;sid:84225894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362795)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362795/; classtype:trojan-activity;sid:84225895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362796)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362796/; classtype:trojan-activity;sid:84225896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362797)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362797/; classtype:trojan-activity;sid:84225897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362798)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362798/; classtype:trojan-activity;sid:84225898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362791)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362791/; classtype:trojan-activity;sid:84225891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362792)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362792/; classtype:trojan-activity;sid:84225892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362793)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362793/; classtype:trojan-activity;sid:84225893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362780)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362780/; classtype:trojan-activity;sid:84225880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362781)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362781/; classtype:trojan-activity;sid:84225881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362782)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362782/; classtype:trojan-activity;sid:84225882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362783)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362783/; classtype:trojan-activity;sid:84225883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362784)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362784/; classtype:trojan-activity;sid:84225884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362785)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362785/; classtype:trojan-activity;sid:84225885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362786)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362786/; classtype:trojan-activity;sid:84225886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362787)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362787/; classtype:trojan-activity;sid:84225887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362788)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362788/; classtype:trojan-activity;sid:84225888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362789)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362789/; classtype:trojan-activity;sid:84225889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362790)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362790/; classtype:trojan-activity;sid:84225890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362769)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362769/; classtype:trojan-activity;sid:84225869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362770)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362770/; classtype:trojan-activity;sid:84225870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362771)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362771/; classtype:trojan-activity;sid:84225871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362772)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362772/; classtype:trojan-activity;sid:84225872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362773)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362773/; classtype:trojan-activity;sid:84225873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362774)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362774/; classtype:trojan-activity;sid:84225874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362775)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362775/; classtype:trojan-activity;sid:84225875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362776)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362776/; classtype:trojan-activity;sid:84225876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362777)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362777/; classtype:trojan-activity;sid:84225877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362778)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362778/; classtype:trojan-activity;sid:84225878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362779)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362779/; classtype:trojan-activity;sid:84225879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362765)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362765/; classtype:trojan-activity;sid:84225865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362766)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362766/; classtype:trojan-activity;sid:84225866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362767)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362767/; classtype:trojan-activity;sid:84225867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362768)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362768/; classtype:trojan-activity;sid:84225868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362763)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362763/; classtype:trojan-activity;sid:84225863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362764)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362764/; classtype:trojan-activity;sid:84225864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362762)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362762/; classtype:trojan-activity;sid:84225862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362761)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362761/; classtype:trojan-activity;sid:84225861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362754)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362754/; classtype:trojan-activity;sid:84225854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362755)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362755/; classtype:trojan-activity;sid:84225855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362756)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362756/; classtype:trojan-activity;sid:84225856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362757)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362757/; classtype:trojan-activity;sid:84225857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362758)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362758/; classtype:trojan-activity;sid:84225858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362759)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362759/; classtype:trojan-activity;sid:84225859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362760)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362760/; classtype:trojan-activity;sid:84225860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362750)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362750/; classtype:trojan-activity;sid:84225850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362751)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362751/; classtype:trojan-activity;sid:84225851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362752)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362752/; classtype:trojan-activity;sid:84225852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362753)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362753/; classtype:trojan-activity;sid:84225853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362743)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362743/; classtype:trojan-activity;sid:84225843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362744)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362744/; classtype:trojan-activity;sid:84225844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362745)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362745/; classtype:trojan-activity;sid:84225845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362746)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362746/; classtype:trojan-activity;sid:84225846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362747)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362747/; classtype:trojan-activity;sid:84225847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362748)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362748/; classtype:trojan-activity;sid:84225848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362749)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362749/; classtype:trojan-activity;sid:84225849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362739)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362739/; classtype:trojan-activity;sid:84225839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362740)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362740/; classtype:trojan-activity;sid:84225840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362741)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362741/; classtype:trojan-activity;sid:84225841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362742)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362742/; classtype:trojan-activity;sid:84225842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362732)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362732/; classtype:trojan-activity;sid:84225832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362733)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362733/; classtype:trojan-activity;sid:84225833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362734)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362734/; classtype:trojan-activity;sid:84225834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362735)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362735/; classtype:trojan-activity;sid:84225835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362736)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362736/; classtype:trojan-activity;sid:84225836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362737)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362737/; classtype:trojan-activity;sid:84225837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362738)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362738/; classtype:trojan-activity;sid:84225838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362730)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362730/; classtype:trojan-activity;sid:84225830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362731)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362731/; classtype:trojan-activity;sid:84225831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362727)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362727/; classtype:trojan-activity;sid:84225827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362728)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362728/; classtype:trojan-activity;sid:84225828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362729)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362729/; classtype:trojan-activity;sid:84225829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362724)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362724/; classtype:trojan-activity;sid:84225824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362725)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362725/; classtype:trojan-activity;sid:84225825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362726)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362726/; classtype:trojan-activity;sid:84225826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362719)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362719/; classtype:trojan-activity;sid:84225819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362720)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362720/; classtype:trojan-activity;sid:84225820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362721)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362721/; classtype:trojan-activity;sid:84225821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362722)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362722/; classtype:trojan-activity;sid:84225822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362723)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362723/; classtype:trojan-activity;sid:84225823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362713)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362713/; classtype:trojan-activity;sid:84225813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362714)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362714/; classtype:trojan-activity;sid:84225814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362715)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362715/; classtype:trojan-activity;sid:84225815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362716)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362716/; classtype:trojan-activity;sid:84225816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362717)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362717/; classtype:trojan-activity;sid:84225817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362718)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362718/; classtype:trojan-activity;sid:84225818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362711)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362711/; classtype:trojan-activity;sid:84225811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362712)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362712/; classtype:trojan-activity;sid:84225812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362707)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362707/; classtype:trojan-activity;sid:84225807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362708)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362708/; classtype:trojan-activity;sid:84225808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362709)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362709/; classtype:trojan-activity;sid:84225809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362710)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362710/; classtype:trojan-activity;sid:84225810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362701)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362701/; classtype:trojan-activity;sid:84225801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362702)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362702/; classtype:trojan-activity;sid:84225802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362703)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362703/; classtype:trojan-activity;sid:84225803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362704)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362704/; classtype:trojan-activity;sid:84225804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362705)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362705/; classtype:trojan-activity;sid:84225805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362706)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362706/; classtype:trojan-activity;sid:84225806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362694)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362694/; classtype:trojan-activity;sid:84225794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362695)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362695/; classtype:trojan-activity;sid:84225795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362696)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362696/; classtype:trojan-activity;sid:84225796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362697)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362697/; classtype:trojan-activity;sid:84225797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362698)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362698/; classtype:trojan-activity;sid:84225798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362699)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362699/; classtype:trojan-activity;sid:84225799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362700)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362700/; classtype:trojan-activity;sid:84225800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362687)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362687/; classtype:trojan-activity;sid:84225787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362688)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362688/; classtype:trojan-activity;sid:84225788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362689)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362689/; classtype:trojan-activity;sid:84225789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362690)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362690/; classtype:trojan-activity;sid:84225790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362691)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362691/; classtype:trojan-activity;sid:84225791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362692)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362692/; classtype:trojan-activity;sid:84225792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362693)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362693/; classtype:trojan-activity;sid:84225793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362684)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362684/; classtype:trojan-activity;sid:84225784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362685)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362685/; classtype:trojan-activity;sid:84225785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362686)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362686/; classtype:trojan-activity;sid:84225786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362675)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362675/; classtype:trojan-activity;sid:84225775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362676)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362676/; classtype:trojan-activity;sid:84225776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362677)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362677/; classtype:trojan-activity;sid:84225777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362678)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362678/; classtype:trojan-activity;sid:84225778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362679)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362679/; classtype:trojan-activity;sid:84225779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362680)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362680/; classtype:trojan-activity;sid:84225780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362681)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362681/; classtype:trojan-activity;sid:84225781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362682)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362682/; classtype:trojan-activity;sid:84225782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362683)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362683/; classtype:trojan-activity;sid:84225783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362672)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362672/; classtype:trojan-activity;sid:84225772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362673)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362673/; classtype:trojan-activity;sid:84225773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362674)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362674/; classtype:trojan-activity;sid:84225774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362668)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362668/; classtype:trojan-activity;sid:84225768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362669)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362669/; classtype:trojan-activity;sid:84225769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362670)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362670/; classtype:trojan-activity;sid:84225770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362671)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362671/; classtype:trojan-activity;sid:84225771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362664)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362664/; classtype:trojan-activity;sid:84225764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362665)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362665/; classtype:trojan-activity;sid:84225765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362666)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362666/; classtype:trojan-activity;sid:84225766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362667)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362667/; classtype:trojan-activity;sid:84225767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362663)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362663/; classtype:trojan-activity;sid:84225763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362660)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362660/; classtype:trojan-activity;sid:84225760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362661)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362661/; classtype:trojan-activity;sid:84225761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362662)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362662/; classtype:trojan-activity;sid:84225762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362652)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362652/; classtype:trojan-activity;sid:84225752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362653)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362653/; classtype:trojan-activity;sid:84225753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362654)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362654/; classtype:trojan-activity;sid:84225754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362655)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362655/; classtype:trojan-activity;sid:84225755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362656)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362656/; classtype:trojan-activity;sid:84225756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362657)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362657/; classtype:trojan-activity;sid:84225757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362658)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362658/; classtype:trojan-activity;sid:84225758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362659)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362659/; classtype:trojan-activity;sid:84225759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362646)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362646/; classtype:trojan-activity;sid:84225746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362647)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362647/; classtype:trojan-activity;sid:84225747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362648)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362648/; classtype:trojan-activity;sid:84225748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362649)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362649/; classtype:trojan-activity;sid:84225749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362650)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362650/; classtype:trojan-activity;sid:84225750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362651)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362651/; classtype:trojan-activity;sid:84225751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362639)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362639/; classtype:trojan-activity;sid:84225739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362640)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362640/; classtype:trojan-activity;sid:84225740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362641)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362641/; classtype:trojan-activity;sid:84225741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362642)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362642/; classtype:trojan-activity;sid:84225742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362643)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362643/; classtype:trojan-activity;sid:84225743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362644)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362644/; classtype:trojan-activity;sid:84225744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362645)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362645/; classtype:trojan-activity;sid:84225745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362633)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362633/; classtype:trojan-activity;sid:84225733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362634)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362634/; classtype:trojan-activity;sid:84225734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362635)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362635/; classtype:trojan-activity;sid:84225735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362636)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362636/; classtype:trojan-activity;sid:84225736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362637)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362637/; classtype:trojan-activity;sid:84225737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362638)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362638/; classtype:trojan-activity;sid:84225738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362630)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362630/; classtype:trojan-activity;sid:84225730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362631)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362631/; classtype:trojan-activity;sid:84225731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362632)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362632/; classtype:trojan-activity;sid:84225732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362627)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362627/; classtype:trojan-activity;sid:84225727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362628)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362628/; classtype:trojan-activity;sid:84225728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362629)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362629/; classtype:trojan-activity;sid:84225729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362626)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362626/; classtype:trojan-activity;sid:84225726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362623)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362623/; classtype:trojan-activity;sid:84225723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362624)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362624/; classtype:trojan-activity;sid:84225724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362625)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362625/; classtype:trojan-activity;sid:84225725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362617)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362617/; classtype:trojan-activity;sid:84225717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362618)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362618/; classtype:trojan-activity;sid:84225718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362619)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362619/; classtype:trojan-activity;sid:84225719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362620)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362620/; classtype:trojan-activity;sid:84225720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362621)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362621/; classtype:trojan-activity;sid:84225721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362622)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362622/; classtype:trojan-activity;sid:84225722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362607)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362607/; classtype:trojan-activity;sid:84225707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362608)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362608/; classtype:trojan-activity;sid:84225708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362609)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362609/; classtype:trojan-activity;sid:84225709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362610)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362610/; classtype:trojan-activity;sid:84225710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362611)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362611/; classtype:trojan-activity;sid:84225711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362612)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362612/; classtype:trojan-activity;sid:84225712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362613)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362613/; classtype:trojan-activity;sid:84225713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362614)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362614/; classtype:trojan-activity;sid:84225714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362615)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362615/; classtype:trojan-activity;sid:84225715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362616)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362616/; classtype:trojan-activity;sid:84225716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362599)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362599/; classtype:trojan-activity;sid:84225699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362600)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362600/; classtype:trojan-activity;sid:84225700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362601)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362601/; classtype:trojan-activity;sid:84225701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362602)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362602/; classtype:trojan-activity;sid:84225702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362603)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362603/; classtype:trojan-activity;sid:84225703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362604)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362604/; classtype:trojan-activity;sid:84225704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362605)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362605/; classtype:trojan-activity;sid:84225705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362606)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362606/; classtype:trojan-activity;sid:84225706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362596)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362596/; classtype:trojan-activity;sid:84225696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362597)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362597/; classtype:trojan-activity;sid:84225697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362598)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362598/; classtype:trojan-activity;sid:84225698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362592)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362592/; classtype:trojan-activity;sid:84225692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362593)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362593/; classtype:trojan-activity;sid:84225693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362594)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362594/; classtype:trojan-activity;sid:84225694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362595)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362595/; classtype:trojan-activity;sid:84225695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362589)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362589/; classtype:trojan-activity;sid:84225689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362590)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362590/; classtype:trojan-activity;sid:84225690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362591)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362591/; classtype:trojan-activity;sid:84225691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362588)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362588/; classtype:trojan-activity;sid:84225688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362586)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362586/; classtype:trojan-activity;sid:84225686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362587)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362587/; classtype:trojan-activity;sid:84225687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362584)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362584/; classtype:trojan-activity;sid:84225684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362585)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362585/; classtype:trojan-activity;sid:84225685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362576)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362576/; classtype:trojan-activity;sid:84225676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362577)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362577/; classtype:trojan-activity;sid:84225677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362578)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362578/; classtype:trojan-activity;sid:84225678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362579)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362579/; classtype:trojan-activity;sid:84225679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362580)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362580/; classtype:trojan-activity;sid:84225680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362581)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362581/; classtype:trojan-activity;sid:84225681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362582)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362582/; classtype:trojan-activity;sid:84225682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362583)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362583/; classtype:trojan-activity;sid:84225683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362567)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362567/; classtype:trojan-activity;sid:84225667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362568)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362568/; classtype:trojan-activity;sid:84225668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362569)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362569/; classtype:trojan-activity;sid:84225669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362570)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362570/; classtype:trojan-activity;sid:84225670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362571)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362571/; classtype:trojan-activity;sid:84225671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362572)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362572/; classtype:trojan-activity;sid:84225672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362573)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362573/; classtype:trojan-activity;sid:84225673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362574)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362574/; classtype:trojan-activity;sid:84225674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362575)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362575/; classtype:trojan-activity;sid:84225675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362561)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362561/; classtype:trojan-activity;sid:84225661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362562)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362562/; classtype:trojan-activity;sid:84225662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362563)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362563/; classtype:trojan-activity;sid:84225663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362564)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362564/; classtype:trojan-activity;sid:84225664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362565)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362565/; classtype:trojan-activity;sid:84225665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362566)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362566/; classtype:trojan-activity;sid:84225666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362557)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362557/; classtype:trojan-activity;sid:84225657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362558)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362558/; classtype:trojan-activity;sid:84225658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362559)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362559/; classtype:trojan-activity;sid:84225659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362560)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362560/; classtype:trojan-activity;sid:84225660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362554)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362554/; classtype:trojan-activity;sid:84225654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362555)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362555/; classtype:trojan-activity;sid:84225655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362556)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362556/; classtype:trojan-activity;sid:84225656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362551)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362551/; classtype:trojan-activity;sid:84225651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362552)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362552/; classtype:trojan-activity;sid:84225652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362553)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362553/; classtype:trojan-activity;sid:84225653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362547)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362547/; classtype:trojan-activity;sid:84225647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362548)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362548/; classtype:trojan-activity;sid:84225648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362549)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362549/; classtype:trojan-activity;sid:84225649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362550)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362550/; classtype:trojan-activity;sid:84225650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362546)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362546/; classtype:trojan-activity;sid:84225646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362543)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362543/; classtype:trojan-activity;sid:84225643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362544)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362544/; classtype:trojan-activity;sid:84225644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362545)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362545/; classtype:trojan-activity;sid:84225645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362536)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362536/; classtype:trojan-activity;sid:84225636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362537)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362537/; classtype:trojan-activity;sid:84225637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362538)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362538/; classtype:trojan-activity;sid:84225638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362539)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362539/; classtype:trojan-activity;sid:84225639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362540)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362540/; classtype:trojan-activity;sid:84225640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362541)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362541/; classtype:trojan-activity;sid:84225641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362542)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362542/; classtype:trojan-activity;sid:84225642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362526)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362526/; classtype:trojan-activity;sid:84225626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362527)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362527/; classtype:trojan-activity;sid:84225627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362528)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362528/; classtype:trojan-activity;sid:84225628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362529)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362529/; classtype:trojan-activity;sid:84225629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362530)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362530/; classtype:trojan-activity;sid:84225630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362531)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362531/; classtype:trojan-activity;sid:84225631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362532)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362532/; classtype:trojan-activity;sid:84225632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362533)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362533/; classtype:trojan-activity;sid:84225633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362534)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362534/; classtype:trojan-activity;sid:84225634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362535)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362535/; classtype:trojan-activity;sid:84225635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362520)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362520/; classtype:trojan-activity;sid:84225620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362521)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362521/; classtype:trojan-activity;sid:84225621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362522)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362522/; classtype:trojan-activity;sid:84225622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362523)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362523/; classtype:trojan-activity;sid:84225623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362524)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362524/; classtype:trojan-activity;sid:84225624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362525)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362525/; classtype:trojan-activity;sid:84225625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362518)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362518/; classtype:trojan-activity;sid:84225618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362519)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362519/; classtype:trojan-activity;sid:84225619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362517)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362517/; classtype:trojan-activity;sid:84225617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362514)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362514/; classtype:trojan-activity;sid:84225614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362515)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362515/; classtype:trojan-activity;sid:84225615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362516)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362516/; classtype:trojan-activity;sid:84225616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362509)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362509/; classtype:trojan-activity;sid:84225609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362510)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362510/; classtype:trojan-activity;sid:84225610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362511)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362511/; classtype:trojan-activity;sid:84225611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362512)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362512/; classtype:trojan-activity;sid:84225612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362513)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362513/; classtype:trojan-activity;sid:84225613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362505)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362505/; classtype:trojan-activity;sid:84225605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362506)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362506/; classtype:trojan-activity;sid:84225606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362507)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362507/; classtype:trojan-activity;sid:84225607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362508)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362508/; classtype:trojan-activity;sid:84225608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362498)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362498/; classtype:trojan-activity;sid:84225598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362499)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362499/; classtype:trojan-activity;sid:84225599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362500)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362500/; classtype:trojan-activity;sid:84225600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362501)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362501/; classtype:trojan-activity;sid:84225601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362502)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362502/; classtype:trojan-activity;sid:84225602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362503)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362503/; classtype:trojan-activity;sid:84225603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362504)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362504/; classtype:trojan-activity;sid:84225604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362494)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362494/; classtype:trojan-activity;sid:84225594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362495)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362495/; classtype:trojan-activity;sid:84225595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362496)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362496/; classtype:trojan-activity;sid:84225596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362497)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362497/; classtype:trojan-activity;sid:84225597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362484)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362484/; classtype:trojan-activity;sid:84225584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362485)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362485/; classtype:trojan-activity;sid:84225585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362486)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362486/; classtype:trojan-activity;sid:84225586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362487)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362487/; classtype:trojan-activity;sid:84225587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362488)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362488/; classtype:trojan-activity;sid:84225588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362489)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362489/; classtype:trojan-activity;sid:84225589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362490)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362490/; classtype:trojan-activity;sid:84225590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362491)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362491/; classtype:trojan-activity;sid:84225591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362492)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362492/; classtype:trojan-activity;sid:84225592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362493)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362493/; classtype:trojan-activity;sid:84225593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362481)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362481/; classtype:trojan-activity;sid:84225581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362482)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362482/; classtype:trojan-activity;sid:84225582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362483)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362483/; classtype:trojan-activity;sid:84225583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362480)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362480/; classtype:trojan-activity;sid:84225580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362476)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362476/; classtype:trojan-activity;sid:84225576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362477)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362477/; classtype:trojan-activity;sid:84225577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362478)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362478/; classtype:trojan-activity;sid:84225578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362479)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362479/; classtype:trojan-activity;sid:84225579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362471)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362471/; classtype:trojan-activity;sid:84225571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362472)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362472/; classtype:trojan-activity;sid:84225572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362473)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362473/; classtype:trojan-activity;sid:84225573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362474)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362474/; classtype:trojan-activity;sid:84225574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362475)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362475/; classtype:trojan-activity;sid:84225575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362466)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362466/; classtype:trojan-activity;sid:84225566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362467)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362467/; classtype:trojan-activity;sid:84225567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362468)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362468/; classtype:trojan-activity;sid:84225568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362469)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362469/; classtype:trojan-activity;sid:84225569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362470)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362470/; classtype:trojan-activity;sid:84225570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362458)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362458/; classtype:trojan-activity;sid:84225558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362459)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362459/; classtype:trojan-activity;sid:84225559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362460)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362460/; classtype:trojan-activity;sid:84225560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362461)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362461/; classtype:trojan-activity;sid:84225561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362462)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362462/; classtype:trojan-activity;sid:84225562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362463)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362463/; classtype:trojan-activity;sid:84225563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362464)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362464/; classtype:trojan-activity;sid:84225564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362465)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362465/; classtype:trojan-activity;sid:84225565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362450)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362450/; classtype:trojan-activity;sid:84225550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362451)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362451/; classtype:trojan-activity;sid:84225551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362452)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362452/; classtype:trojan-activity;sid:84225552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362453)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362453/; classtype:trojan-activity;sid:84225553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362454)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362454/; classtype:trojan-activity;sid:84225554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362455)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362455/; classtype:trojan-activity;sid:84225555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362456)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362456/; classtype:trojan-activity;sid:84225556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362457)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362457/; classtype:trojan-activity;sid:84225557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362445)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362445/; classtype:trojan-activity;sid:84225545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362446)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362446/; classtype:trojan-activity;sid:84225546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362447)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362447/; classtype:trojan-activity;sid:84225547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362448)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362448/; classtype:trojan-activity;sid:84225548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362449)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362449/; classtype:trojan-activity;sid:84225549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362442)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362442/; classtype:trojan-activity;sid:84225542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362443)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362443/; classtype:trojan-activity;sid:84225543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362444)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362444/; classtype:trojan-activity;sid:84225544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362441)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362441/; classtype:trojan-activity;sid:84225541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362440)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362440/; classtype:trojan-activity;sid:84225540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362439)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362439/; classtype:trojan-activity;sid:84225539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362437)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362437/; classtype:trojan-activity;sid:84225537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362438)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362438/; classtype:trojan-activity;sid:84225538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362429)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362429/; classtype:trojan-activity;sid:84225529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362430)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362430/; classtype:trojan-activity;sid:84225530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362431)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362431/; classtype:trojan-activity;sid:84225531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362432)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362432/; classtype:trojan-activity;sid:84225532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362433)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362433/; classtype:trojan-activity;sid:84225533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362434)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362434/; classtype:trojan-activity;sid:84225534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362435)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362435/; classtype:trojan-activity;sid:84225535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362436)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362436/; classtype:trojan-activity;sid:84225536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362417)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362417/; classtype:trojan-activity;sid:84225517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362418)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362418/; classtype:trojan-activity;sid:84225518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362419)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362419/; classtype:trojan-activity;sid:84225519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362420)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362420/; classtype:trojan-activity;sid:84225520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362421)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362421/; classtype:trojan-activity;sid:84225521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362422)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362422/; classtype:trojan-activity;sid:84225522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362423)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362423/; classtype:trojan-activity;sid:84225523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362424)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362424/; classtype:trojan-activity;sid:84225524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362425)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362425/; classtype:trojan-activity;sid:84225525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362426)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362426/; classtype:trojan-activity;sid:84225526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362427)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362427/; classtype:trojan-activity;sid:84225527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362428)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362428/; classtype:trojan-activity;sid:84225528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362408)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362408/; classtype:trojan-activity;sid:84225508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362409)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362409/; classtype:trojan-activity;sid:84225509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362410)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362410/; classtype:trojan-activity;sid:84225510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362411)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362411/; classtype:trojan-activity;sid:84225511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362412)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362412/; classtype:trojan-activity;sid:84225512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362413)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362413/; classtype:trojan-activity;sid:84225513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362414)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362414/; classtype:trojan-activity;sid:84225514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362415)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362415/; classtype:trojan-activity;sid:84225515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362416)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362416/; classtype:trojan-activity;sid:84225516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362404)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362404/; classtype:trojan-activity;sid:84225504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362405)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362405/; classtype:trojan-activity;sid:84225505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362406)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362406/; classtype:trojan-activity;sid:84225506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362407)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362407/; classtype:trojan-activity;sid:84225507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362402)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362402/; classtype:trojan-activity;sid:84225502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362403)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362403/; classtype:trojan-activity;sid:84225503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362401)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362401/; classtype:trojan-activity;sid:84225501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362398)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362398/; classtype:trojan-activity;sid:84225498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362399)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362399/; classtype:trojan-activity;sid:84225499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362400)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362400/; classtype:trojan-activity;sid:84225500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362397)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362397/; classtype:trojan-activity;sid:84225497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362383)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362383/; classtype:trojan-activity;sid:84225483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362384)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362384/; classtype:trojan-activity;sid:84225484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362385)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362385/; classtype:trojan-activity;sid:84225485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362386)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362386/; classtype:trojan-activity;sid:84225486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362387)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362387/; classtype:trojan-activity;sid:84225487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362388)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362388/; classtype:trojan-activity;sid:84225488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362389)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362389/; classtype:trojan-activity;sid:84225489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362390)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362390/; classtype:trojan-activity;sid:84225490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362391)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362391/; classtype:trojan-activity;sid:84225491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362392)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362392/; classtype:trojan-activity;sid:84225492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362393)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362393/; classtype:trojan-activity;sid:84225493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362394)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362394/; classtype:trojan-activity;sid:84225494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362395)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362395/; classtype:trojan-activity;sid:84225495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362396)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362396/; classtype:trojan-activity;sid:84225496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362371)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362371/; classtype:trojan-activity;sid:84225471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362372)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362372/; classtype:trojan-activity;sid:84225472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362373)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362373/; classtype:trojan-activity;sid:84225473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362374)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362374/; classtype:trojan-activity;sid:84225474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362375)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362375/; classtype:trojan-activity;sid:84225475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362376)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362376/; classtype:trojan-activity;sid:84225476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362377)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362377/; classtype:trojan-activity;sid:84225477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362378)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362378/; classtype:trojan-activity;sid:84225478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362379)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362379/; classtype:trojan-activity;sid:84225479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362380)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362380/; classtype:trojan-activity;sid:84225480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362381)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362381/; classtype:trojan-activity;sid:84225481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362382)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362382/; classtype:trojan-activity;sid:84225482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362364)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362364/; classtype:trojan-activity;sid:84225464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362365)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362365/; classtype:trojan-activity;sid:84225465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362366)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362366/; classtype:trojan-activity;sid:84225466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362367)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362367/; classtype:trojan-activity;sid:84225467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362368)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362368/; classtype:trojan-activity;sid:84225468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362369)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362369/; classtype:trojan-activity;sid:84225469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362370)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362370/; classtype:trojan-activity;sid:84225470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362362)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362362/; classtype:trojan-activity;sid:84225462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362363)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362363/; classtype:trojan-activity;sid:84225463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362361)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362361/; classtype:trojan-activity;sid:84225461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362359)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362359/; classtype:trojan-activity;sid:84225459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362360)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362360/; classtype:trojan-activity;sid:84225460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362351)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362351/; classtype:trojan-activity;sid:84225451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362352)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362352/; classtype:trojan-activity;sid:84225452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362353)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362353/; classtype:trojan-activity;sid:84225453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362354)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362354/; classtype:trojan-activity;sid:84225454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362355)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362355/; classtype:trojan-activity;sid:84225455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362356)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362356/; classtype:trojan-activity;sid:84225456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362357)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362357/; classtype:trojan-activity;sid:84225457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362358)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362358/; classtype:trojan-activity;sid:84225458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362340)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362340/; classtype:trojan-activity;sid:84225440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362341)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362341/; classtype:trojan-activity;sid:84225441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362342)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362342/; classtype:trojan-activity;sid:84225442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362343)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362343/; classtype:trojan-activity;sid:84225443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362344)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362344/; classtype:trojan-activity;sid:84225444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362345)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362345/; classtype:trojan-activity;sid:84225445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362346)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362346/; classtype:trojan-activity;sid:84225446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362347)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362347/; classtype:trojan-activity;sid:84225447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362348)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362348/; classtype:trojan-activity;sid:84225448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362349)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362349/; classtype:trojan-activity;sid:84225449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362350)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362350/; classtype:trojan-activity;sid:84225450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362322)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362322/; classtype:trojan-activity;sid:84225422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362323)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362323/; classtype:trojan-activity;sid:84225423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362324)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362324/; classtype:trojan-activity;sid:84225424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362325)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362325/; classtype:trojan-activity;sid:84225425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362326)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362326/; classtype:trojan-activity;sid:84225426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362327)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362327/; classtype:trojan-activity;sid:84225427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362328)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362328/; classtype:trojan-activity;sid:84225428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362329)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362329/; classtype:trojan-activity;sid:84225429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362330)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362330/; classtype:trojan-activity;sid:84225430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362331)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362331/; classtype:trojan-activity;sid:84225431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362332)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362332/; classtype:trojan-activity;sid:84225432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362333)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362333/; classtype:trojan-activity;sid:84225433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362334)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362334/; classtype:trojan-activity;sid:84225434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362335)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362335/; classtype:trojan-activity;sid:84225435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362336)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362336/; classtype:trojan-activity;sid:84225436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362337)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362337/; classtype:trojan-activity;sid:84225437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362338)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362338/; classtype:trojan-activity;sid:84225438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362339)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362339/; classtype:trojan-activity;sid:84225439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362321)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362321/; classtype:trojan-activity;sid:84225421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362318)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362318/; classtype:trojan-activity;sid:84225418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362319)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362319/; classtype:trojan-activity;sid:84225419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362320)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362320/; classtype:trojan-activity;sid:84225420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362305)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362305/; classtype:trojan-activity;sid:84225405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362306)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362306/; classtype:trojan-activity;sid:84225406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362307)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362307/; classtype:trojan-activity;sid:84225407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362308)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362308/; classtype:trojan-activity;sid:84225408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362309)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362309/; classtype:trojan-activity;sid:84225409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362310)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362310/; classtype:trojan-activity;sid:84225410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362311)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362311/; classtype:trojan-activity;sid:84225411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362312)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362312/; classtype:trojan-activity;sid:84225412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362313)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362313/; classtype:trojan-activity;sid:84225413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362314)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362314/; classtype:trojan-activity;sid:84225414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362315)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362315/; classtype:trojan-activity;sid:84225415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362316)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362316/; classtype:trojan-activity;sid:84225416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362317)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362317/; classtype:trojan-activity;sid:84225417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362282)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362282/; classtype:trojan-activity;sid:84225382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362283)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362283/; classtype:trojan-activity;sid:84225383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362284)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362284/; classtype:trojan-activity;sid:84225384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362285)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362285/; classtype:trojan-activity;sid:84225385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362286)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362286/; classtype:trojan-activity;sid:84225386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362287)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362287/; classtype:trojan-activity;sid:84225387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362288)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362288/; classtype:trojan-activity;sid:84225388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362289)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362289/; classtype:trojan-activity;sid:84225389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362290)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362290/; classtype:trojan-activity;sid:84225390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362291)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362291/; classtype:trojan-activity;sid:84225391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362292)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362292/; classtype:trojan-activity;sid:84225392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362293)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362293/; classtype:trojan-activity;sid:84225393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362294)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362294/; classtype:trojan-activity;sid:84225394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362295)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362295/; classtype:trojan-activity;sid:84225395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362296)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362296/; classtype:trojan-activity;sid:84225396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362297)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362297/; classtype:trojan-activity;sid:84225397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362298)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362298/; classtype:trojan-activity;sid:84225398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362299)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362299/; classtype:trojan-activity;sid:84225399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362300)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362300/; classtype:trojan-activity;sid:84225400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362301)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362301/; classtype:trojan-activity;sid:84225401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362302)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362302/; classtype:trojan-activity;sid:84225402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362303)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362303/; classtype:trojan-activity;sid:84225403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362304)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362304/; classtype:trojan-activity;sid:84225404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362277)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362277/; classtype:trojan-activity;sid:84225377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362278)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362278/; classtype:trojan-activity;sid:84225378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362279)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362279/; classtype:trojan-activity;sid:84225379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362280)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362280/; classtype:trojan-activity;sid:84225380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362281)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362281/; classtype:trojan-activity;sid:84225381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362247)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362247/; classtype:trojan-activity;sid:84225347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362248)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362248/; classtype:trojan-activity;sid:84225348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362249)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362249/; classtype:trojan-activity;sid:84225349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362250)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362250/; classtype:trojan-activity;sid:84225350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362251)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362251/; classtype:trojan-activity;sid:84225351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362252)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362252/; classtype:trojan-activity;sid:84225352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362253)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362253/; classtype:trojan-activity;sid:84225353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362254)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362254/; classtype:trojan-activity;sid:84225354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362255)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362255/; classtype:trojan-activity;sid:84225355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362256)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362256/; classtype:trojan-activity;sid:84225356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362257)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362257/; classtype:trojan-activity;sid:84225357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362258)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362258/; classtype:trojan-activity;sid:84225358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362259)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362259/; classtype:trojan-activity;sid:84225359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362260)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362260/; classtype:trojan-activity;sid:84225360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362261)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362261/; classtype:trojan-activity;sid:84225361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362262)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362262/; classtype:trojan-activity;sid:84225362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362263)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362263/; classtype:trojan-activity;sid:84225363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362264)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362264/; classtype:trojan-activity;sid:84225364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362265)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362265/; classtype:trojan-activity;sid:84225365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362266)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362266/; classtype:trojan-activity;sid:84225366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362267)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362267/; classtype:trojan-activity;sid:84225367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362268)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362268/; classtype:trojan-activity;sid:84225368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362269)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362269/; classtype:trojan-activity;sid:84225369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362270)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362270/; classtype:trojan-activity;sid:84225370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362271)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362271/; classtype:trojan-activity;sid:84225371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362272)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362272/; classtype:trojan-activity;sid:84225372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362273)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362273/; classtype:trojan-activity;sid:84225373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362274)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362274/; classtype:trojan-activity;sid:84225374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362275)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362275/; classtype:trojan-activity;sid:84225375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362276)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362276/; classtype:trojan-activity;sid:84225376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362242)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362242/; classtype:trojan-activity;sid:84225342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362243)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362243/; classtype:trojan-activity;sid:84225343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362244)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362244/; classtype:trojan-activity;sid:84225344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362245)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362245/; classtype:trojan-activity;sid:84225345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362246)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362246/; classtype:trojan-activity;sid:84225346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362217)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362217/; classtype:trojan-activity;sid:84225317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362218)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362218/; classtype:trojan-activity;sid:84225318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362219)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362219/; classtype:trojan-activity;sid:84225319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362220)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362220/; classtype:trojan-activity;sid:84225320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362221)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362221/; classtype:trojan-activity;sid:84225321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362222)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362222/; classtype:trojan-activity;sid:84225322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362223)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362223/; classtype:trojan-activity;sid:84225323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362224)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362224/; classtype:trojan-activity;sid:84225324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362225)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362225/; classtype:trojan-activity;sid:84225325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362226)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362226/; classtype:trojan-activity;sid:84225326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362227)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362227/; classtype:trojan-activity;sid:84225327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362228)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362228/; classtype:trojan-activity;sid:84225328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362229)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362229/; classtype:trojan-activity;sid:84225329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362230)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362230/; classtype:trojan-activity;sid:84225330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362231)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362231/; classtype:trojan-activity;sid:84225331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362232)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362232/; classtype:trojan-activity;sid:84225332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362233)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362233/; classtype:trojan-activity;sid:84225333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362234)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362234/; classtype:trojan-activity;sid:84225334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362235)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362235/; classtype:trojan-activity;sid:84225335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362236)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362236/; classtype:trojan-activity;sid:84225336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362237)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362237/; classtype:trojan-activity;sid:84225337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362238)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362238/; classtype:trojan-activity;sid:84225338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362239)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362239/; classtype:trojan-activity;sid:84225339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362240)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362240/; classtype:trojan-activity;sid:84225340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362241)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362241/; classtype:trojan-activity;sid:84225341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362202)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362202/; classtype:trojan-activity;sid:84225302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362203)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362203/; classtype:trojan-activity;sid:84225303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362204)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362204/; classtype:trojan-activity;sid:84225304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362205)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362205/; classtype:trojan-activity;sid:84225305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362206)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362206/; classtype:trojan-activity;sid:84225306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362207)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362207/; classtype:trojan-activity;sid:84225307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362208)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362208/; classtype:trojan-activity;sid:84225308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362209)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362209/; classtype:trojan-activity;sid:84225309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362210)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362210/; classtype:trojan-activity;sid:84225310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362211)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362211/; classtype:trojan-activity;sid:84225311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362212)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362212/; classtype:trojan-activity;sid:84225312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362213)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362213/; classtype:trojan-activity;sid:84225313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362214)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362214/; classtype:trojan-activity;sid:84225314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362215)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362215/; classtype:trojan-activity;sid:84225315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362216)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362216/; classtype:trojan-activity;sid:84225316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362195)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362195/; classtype:trojan-activity;sid:84225295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362196)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362196/; classtype:trojan-activity;sid:84225296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362197)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362197/; classtype:trojan-activity;sid:84225297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362198)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362198/; classtype:trojan-activity;sid:84225298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362199)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362199/; classtype:trojan-activity;sid:84225299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362200)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362200/; classtype:trojan-activity;sid:84225300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362201)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362201/; classtype:trojan-activity;sid:84225301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362179)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362179/; classtype:trojan-activity;sid:84225279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362180)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362180/; classtype:trojan-activity;sid:84225280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362181)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362181/; classtype:trojan-activity;sid:84225281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362182)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362182/; classtype:trojan-activity;sid:84225282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362183)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362183/; classtype:trojan-activity;sid:84225283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362184)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362184/; classtype:trojan-activity;sid:84225284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362185)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362185/; classtype:trojan-activity;sid:84225285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362186)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362186/; classtype:trojan-activity;sid:84225286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362187)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362187/; classtype:trojan-activity;sid:84225287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362188)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362188/; classtype:trojan-activity;sid:84225288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362189)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362189/; classtype:trojan-activity;sid:84225289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362190)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362190/; classtype:trojan-activity;sid:84225290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362191)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362191/; classtype:trojan-activity;sid:84225291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362192)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362192/; classtype:trojan-activity;sid:84225292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362193)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362193/; classtype:trojan-activity;sid:84225293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362194)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362194/; classtype:trojan-activity;sid:84225294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362166)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362166/; classtype:trojan-activity;sid:84225266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362167)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362167/; classtype:trojan-activity;sid:84225267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362168)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362168/; classtype:trojan-activity;sid:84225268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362169)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362169/; classtype:trojan-activity;sid:84225269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362170)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362170/; classtype:trojan-activity;sid:84225270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362171)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362171/; classtype:trojan-activity;sid:84225271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362172)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362172/; classtype:trojan-activity;sid:84225272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362173)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362173/; classtype:trojan-activity;sid:84225273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362174)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362174/; classtype:trojan-activity;sid:84225274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362175)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362175/; classtype:trojan-activity;sid:84225275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362176)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362176/; classtype:trojan-activity;sid:84225276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362177)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362177/; classtype:trojan-activity;sid:84225277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362178)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362178/; classtype:trojan-activity;sid:84225278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362163)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362163/; classtype:trojan-activity;sid:84225263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362164)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362164/; classtype:trojan-activity;sid:84225264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362165)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362165/; classtype:trojan-activity;sid:84225265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362162)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362162/; classtype:trojan-activity;sid:84225262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362161)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362161/; classtype:trojan-activity;sid:84225261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362159)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362159/; classtype:trojan-activity;sid:84225259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362160)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362160/; classtype:trojan-activity;sid:84225260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362158)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362158/; classtype:trojan-activity;sid:84225258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362141)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362141/; classtype:trojan-activity;sid:84225241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362142)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362142/; classtype:trojan-activity;sid:84225242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362143)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362143/; classtype:trojan-activity;sid:84225243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362144)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362144/; classtype:trojan-activity;sid:84225244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362145)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362145/; classtype:trojan-activity;sid:84225245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362146)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362146/; classtype:trojan-activity;sid:84225246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362147)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362147/; classtype:trojan-activity;sid:84225247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362148)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362148/; classtype:trojan-activity;sid:84225248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362149)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362149/; classtype:trojan-activity;sid:84225249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362150)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362150/; classtype:trojan-activity;sid:84225250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362151)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362151/; classtype:trojan-activity;sid:84225251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362152)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362152/; classtype:trojan-activity;sid:84225252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362153)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362153/; classtype:trojan-activity;sid:84225253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362154)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362154/; classtype:trojan-activity;sid:84225254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362155)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362155/; classtype:trojan-activity;sid:84225255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362156)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362156/; classtype:trojan-activity;sid:84225256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362157)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362157/; classtype:trojan-activity;sid:84225257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362124)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362124/; classtype:trojan-activity;sid:84225224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362125)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362125/; classtype:trojan-activity;sid:84225225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362126)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362126/; classtype:trojan-activity;sid:84225226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362127)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362127/; classtype:trojan-activity;sid:84225227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362128)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362128/; classtype:trojan-activity;sid:84225228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362129)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362129/; classtype:trojan-activity;sid:84225229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362130)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362130/; classtype:trojan-activity;sid:84225230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362131)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362131/; classtype:trojan-activity;sid:84225231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362132)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362132/; classtype:trojan-activity;sid:84225232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362133)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362133/; classtype:trojan-activity;sid:84225233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362134)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362134/; classtype:trojan-activity;sid:84225234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362135)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362135/; classtype:trojan-activity;sid:84225235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362136)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362136/; classtype:trojan-activity;sid:84225236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362137)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362137/; classtype:trojan-activity;sid:84225237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362138)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362138/; classtype:trojan-activity;sid:84225238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362139)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362139/; classtype:trojan-activity;sid:84225239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362140)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362140/; classtype:trojan-activity;sid:84225240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362122)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362122/; classtype:trojan-activity;sid:84225222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362123)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362123/; classtype:trojan-activity;sid:84225223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362121)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362121/; classtype:trojan-activity;sid:84225221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362120)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362120/; classtype:trojan-activity;sid:84225220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362119)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362119/; classtype:trojan-activity;sid:84225219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362109)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362109/; classtype:trojan-activity;sid:84225209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362110)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362110/; classtype:trojan-activity;sid:84225210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362111)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362111/; classtype:trojan-activity;sid:84225211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362112)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362112/; classtype:trojan-activity;sid:84225212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362113)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362113/; classtype:trojan-activity;sid:84225213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362114)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362114/; classtype:trojan-activity;sid:84225214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362115)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362115/; classtype:trojan-activity;sid:84225215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362116)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362116/; classtype:trojan-activity;sid:84225216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362117)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362117/; classtype:trojan-activity;sid:84225217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362118)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362118/; classtype:trojan-activity;sid:84225218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362106)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362106/; classtype:trojan-activity;sid:84225206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362107)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362107/; classtype:trojan-activity;sid:84225207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362108)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362108/; classtype:trojan-activity;sid:84225208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362102)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362102/; classtype:trojan-activity;sid:84225202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362103)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362103/; classtype:trojan-activity;sid:84225203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362104)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362104/; classtype:trojan-activity;sid:84225204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362105)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362105/; classtype:trojan-activity;sid:84225205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362095)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362095/; classtype:trojan-activity;sid:84225195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362096)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362096/; classtype:trojan-activity;sid:84225196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362097)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362097/; classtype:trojan-activity;sid:84225197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362098)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362098/; classtype:trojan-activity;sid:84225198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362099)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362099/; classtype:trojan-activity;sid:84225199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362100)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362100/; classtype:trojan-activity;sid:84225200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362101)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362101/; classtype:trojan-activity;sid:84225201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362087)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362087/; classtype:trojan-activity;sid:84225187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362088)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362088/; classtype:trojan-activity;sid:84225188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362089)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362089/; classtype:trojan-activity;sid:84225189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362090)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362090/; classtype:trojan-activity;sid:84225190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362091)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362091/; classtype:trojan-activity;sid:84225191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362092)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362092/; classtype:trojan-activity;sid:84225192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362093)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362093/; classtype:trojan-activity;sid:84225193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362094)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362094/; classtype:trojan-activity;sid:84225194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362084)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362084/; classtype:trojan-activity;sid:84225184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362085)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362085/; classtype:trojan-activity;sid:84225185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362086)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362086/; classtype:trojan-activity;sid:84225186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362081)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362081/; classtype:trojan-activity;sid:84225181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362082)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362082/; classtype:trojan-activity;sid:84225182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362083)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362083/; classtype:trojan-activity;sid:84225183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362076)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362076/; classtype:trojan-activity;sid:84225176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362077)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362077/; classtype:trojan-activity;sid:84225177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362078)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362078/; classtype:trojan-activity;sid:84225178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362079)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362079/; classtype:trojan-activity;sid:84225179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362080)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362080/; classtype:trojan-activity;sid:84225180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362071)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362071/; classtype:trojan-activity;sid:84225171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362072)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362072/; classtype:trojan-activity;sid:84225172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362073)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362073/; classtype:trojan-activity;sid:84225173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362074)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362074/; classtype:trojan-activity;sid:84225174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362075)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362075/; classtype:trojan-activity;sid:84225175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362070)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362070/; classtype:trojan-activity;sid:84225170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362066)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362066/; classtype:trojan-activity;sid:84225166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362067)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362067/; classtype:trojan-activity;sid:84225167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362068)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362068/; classtype:trojan-activity;sid:84225168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362069)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362069/; classtype:trojan-activity;sid:84225169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362064)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362064/; classtype:trojan-activity;sid:84225164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362065)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362065/; classtype:trojan-activity;sid:84225165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362060)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362060/; classtype:trojan-activity;sid:84225160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362061)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362061/; classtype:trojan-activity;sid:84225161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362062)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362062/; classtype:trojan-activity;sid:84225162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362063)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362063/; classtype:trojan-activity;sid:84225163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362057)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362057/; classtype:trojan-activity;sid:84225157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362058)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362058/; classtype:trojan-activity;sid:84225158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362059)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362059/; classtype:trojan-activity;sid:84225159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362053)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362053/; classtype:trojan-activity;sid:84225153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362054)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362054/; classtype:trojan-activity;sid:84225154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362055)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362055/; classtype:trojan-activity;sid:84225155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362056)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362056/; classtype:trojan-activity;sid:84225156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362047)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362047/; classtype:trojan-activity;sid:84225147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362048)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362048/; classtype:trojan-activity;sid:84225148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362049)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362049/; classtype:trojan-activity;sid:84225149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362050)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362050/; classtype:trojan-activity;sid:84225150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362051)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362051/; classtype:trojan-activity;sid:84225151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362052)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362052/; classtype:trojan-activity;sid:84225152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362042)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362042/; classtype:trojan-activity;sid:84225142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362043)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362043/; classtype:trojan-activity;sid:84225143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362044)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362044/; classtype:trojan-activity;sid:84225144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362045)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362045/; classtype:trojan-activity;sid:84225145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362046)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362046/; classtype:trojan-activity;sid:84225146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362040)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362040/; classtype:trojan-activity;sid:84225140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362041)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362041/; classtype:trojan-activity;sid:84225141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362037)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362037/; classtype:trojan-activity;sid:84225137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362038)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362038/; classtype:trojan-activity;sid:84225138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362039)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362039/; classtype:trojan-activity;sid:84225139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362035)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362035/; classtype:trojan-activity;sid:84225135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362036)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362036/; classtype:trojan-activity;sid:84225136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362030)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362030/; classtype:trojan-activity;sid:84225130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362031)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362031/; classtype:trojan-activity;sid:84225131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362032)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362032/; classtype:trojan-activity;sid:84225132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362033)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362033/; classtype:trojan-activity;sid:84225133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362034)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362034/; classtype:trojan-activity;sid:84225134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362028)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362028/; classtype:trojan-activity;sid:84225128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362029)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362029/; classtype:trojan-activity;sid:84225129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362027)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362027/; classtype:trojan-activity;sid:84225127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362022)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362022/; classtype:trojan-activity;sid:84225122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362023)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362023/; classtype:trojan-activity;sid:84225123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362024)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362024/; classtype:trojan-activity;sid:84225124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362025)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362025/; classtype:trojan-activity;sid:84225125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362026)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362026/; classtype:trojan-activity;sid:84225126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362017)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362017/; classtype:trojan-activity;sid:84225117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362018)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362018/; classtype:trojan-activity;sid:84225118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362019)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362019/; classtype:trojan-activity;sid:84225119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362020)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362020/; classtype:trojan-activity;sid:84225120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362021)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362021/; classtype:trojan-activity;sid:84225121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362015)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362015/; classtype:trojan-activity;sid:84225115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362016)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362016/; classtype:trojan-activity;sid:84225116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362007)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362007/; classtype:trojan-activity;sid:84225107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362008)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362008/; classtype:trojan-activity;sid:84225108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362009)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362009/; classtype:trojan-activity;sid:84225109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362010)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362010/; classtype:trojan-activity;sid:84225110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362011)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362011/; classtype:trojan-activity;sid:84225111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362012)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362012/; classtype:trojan-activity;sid:84225112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362013)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362013/; classtype:trojan-activity;sid:84225113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362014)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362014/; classtype:trojan-activity;sid:84225114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362002)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362002/; classtype:trojan-activity;sid:84225102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362003)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362003/; classtype:trojan-activity;sid:84225103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362004)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362004/; classtype:trojan-activity;sid:84225104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362005)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362005/; classtype:trojan-activity;sid:84225105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362006)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362006/; classtype:trojan-activity;sid:84225106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361997)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361997/; classtype:trojan-activity;sid:84225097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361998)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361998/; classtype:trojan-activity;sid:84225098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361999)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361999/; classtype:trojan-activity;sid:84225099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362000)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362000/; classtype:trojan-activity;sid:84225100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3362001)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3362001/; classtype:trojan-activity;sid:84225101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361995)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361995/; classtype:trojan-activity;sid:84225095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361996)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361996/; classtype:trojan-activity;sid:84225096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361991)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361991/; classtype:trojan-activity;sid:84225091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361992)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361992/; classtype:trojan-activity;sid:84225092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361993)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361993/; classtype:trojan-activity;sid:84225093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361994)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361994/; classtype:trojan-activity;sid:84225094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361989)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361989/; classtype:trojan-activity;sid:84225089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361990)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361990/; classtype:trojan-activity;sid:84225090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361986)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361986/; classtype:trojan-activity;sid:84225086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361987)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361987/; classtype:trojan-activity;sid:84225087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361988)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361988/; classtype:trojan-activity;sid:84225088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361985)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361985/; classtype:trojan-activity;sid:84225085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361976)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361976/; classtype:trojan-activity;sid:84225076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361977)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361977/; classtype:trojan-activity;sid:84225077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361978)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361978/; classtype:trojan-activity;sid:84225078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361979)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361979/; classtype:trojan-activity;sid:84225079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361980)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361980/; classtype:trojan-activity;sid:84225080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361981)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361981/; classtype:trojan-activity;sid:84225081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361982)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361982/; classtype:trojan-activity;sid:84225082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361983)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361983/; classtype:trojan-activity;sid:84225083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361984)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361984/; classtype:trojan-activity;sid:84225084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361970)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361970/; classtype:trojan-activity;sid:84225070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361971)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361971/; classtype:trojan-activity;sid:84225071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361972)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361972/; classtype:trojan-activity;sid:84225072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361973)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361973/; classtype:trojan-activity;sid:84225073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361974)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361974/; classtype:trojan-activity;sid:84225074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361975)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361975/; classtype:trojan-activity;sid:84225075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361964)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361964/; classtype:trojan-activity;sid:84225064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361965)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361965/; classtype:trojan-activity;sid:84225065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361966)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361966/; classtype:trojan-activity;sid:84225066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361967)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361967/; classtype:trojan-activity;sid:84225067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361968)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361968/; classtype:trojan-activity;sid:84225068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361969)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361969/; classtype:trojan-activity;sid:84225069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361960)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361960/; classtype:trojan-activity;sid:84225060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361961)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361961/; classtype:trojan-activity;sid:84225061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361962)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361962/; classtype:trojan-activity;sid:84225062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361963)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361963/; classtype:trojan-activity;sid:84225063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361953)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361953/; classtype:trojan-activity;sid:84225053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361954)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361954/; classtype:trojan-activity;sid:84225054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361955)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361955/; classtype:trojan-activity;sid:84225055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361956)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361956/; classtype:trojan-activity;sid:84225056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361957)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361957/; classtype:trojan-activity;sid:84225057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361958)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361958/; classtype:trojan-activity;sid:84225058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361959)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361959/; classtype:trojan-activity;sid:84225059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361950)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361950/; classtype:trojan-activity;sid:84225050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361951)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361951/; classtype:trojan-activity;sid:84225051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361952)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361952/; classtype:trojan-activity;sid:84225052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361948)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361948/; classtype:trojan-activity;sid:84225048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361949)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361949/; classtype:trojan-activity;sid:84225049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361947)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361947/; classtype:trojan-activity;sid:84225047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361946)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361946/; classtype:trojan-activity;sid:84225046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361935)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361935/; classtype:trojan-activity;sid:84225035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361936)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361936/; classtype:trojan-activity;sid:84225036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361937)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361937/; classtype:trojan-activity;sid:84225037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361938)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361938/; classtype:trojan-activity;sid:84225038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361939)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361939/; classtype:trojan-activity;sid:84225039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361940)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361940/; classtype:trojan-activity;sid:84225040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361941)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361941/; classtype:trojan-activity;sid:84225041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361942)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361942/; classtype:trojan-activity;sid:84225042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361943)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361943/; classtype:trojan-activity;sid:84225043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361944)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361944/; classtype:trojan-activity;sid:84225044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361945)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361945/; classtype:trojan-activity;sid:84225045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361927)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361927/; classtype:trojan-activity;sid:84225027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361928)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361928/; classtype:trojan-activity;sid:84225028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361929)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361929/; classtype:trojan-activity;sid:84225029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361930)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361930/; classtype:trojan-activity;sid:84225030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361931)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361931/; classtype:trojan-activity;sid:84225031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361932)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361932/; classtype:trojan-activity;sid:84225032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361933)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361933/; classtype:trojan-activity;sid:84225033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361934)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361934/; classtype:trojan-activity;sid:84225034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361923)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361923/; classtype:trojan-activity;sid:84225023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361924)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361924/; classtype:trojan-activity;sid:84225024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361925)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361925/; classtype:trojan-activity;sid:84225025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361926)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361926/; classtype:trojan-activity;sid:84225026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361917)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361917/; classtype:trojan-activity;sid:84225017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361918)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361918/; classtype:trojan-activity;sid:84225018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361919)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361919/; classtype:trojan-activity;sid:84225019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361920)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361920/; classtype:trojan-activity;sid:84225020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361921)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361921/; classtype:trojan-activity;sid:84225021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361922)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361922/; classtype:trojan-activity;sid:84225022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361913)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361913/; classtype:trojan-activity;sid:84225013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361914)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361914/; classtype:trojan-activity;sid:84225014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361915)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361915/; classtype:trojan-activity;sid:84225015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361916)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361916/; classtype:trojan-activity;sid:84225016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361911)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361911/; classtype:trojan-activity;sid:84225011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361912)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361912/; classtype:trojan-activity;sid:84225012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361910)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361910/; classtype:trojan-activity;sid:84225010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361908)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361908/; classtype:trojan-activity;sid:84225008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361909)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361909/; classtype:trojan-activity;sid:84225009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361907)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361907/; classtype:trojan-activity;sid:84225007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361902)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361902/; classtype:trojan-activity;sid:84225002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361903)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361903/; classtype:trojan-activity;sid:84225003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361904)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361904/; classtype:trojan-activity;sid:84225004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361905)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361905/; classtype:trojan-activity;sid:84225005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361906)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361906/; classtype:trojan-activity;sid:84225006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361893)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361893/; classtype:trojan-activity;sid:84224993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361894)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361894/; classtype:trojan-activity;sid:84224994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361895)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361895/; classtype:trojan-activity;sid:84224995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361896)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361896/; classtype:trojan-activity;sid:84224996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361897)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361897/; classtype:trojan-activity;sid:84224997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361898)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361898/; classtype:trojan-activity;sid:84224998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361899)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361899/; classtype:trojan-activity;sid:84224999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361900)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361900/; classtype:trojan-activity;sid:84225000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361901)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361901/; classtype:trojan-activity;sid:84225001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361887)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361887/; classtype:trojan-activity;sid:84224987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361888)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361888/; classtype:trojan-activity;sid:84224988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361889)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361889/; classtype:trojan-activity;sid:84224989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361890)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361890/; classtype:trojan-activity;sid:84224990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361891)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361891/; classtype:trojan-activity;sid:84224991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361892)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361892/; classtype:trojan-activity;sid:84224992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361880)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361880/; classtype:trojan-activity;sid:84224980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361881)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361881/; classtype:trojan-activity;sid:84224981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361882)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361882/; classtype:trojan-activity;sid:84224982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361883)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361883/; classtype:trojan-activity;sid:84224983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361884)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361884/; classtype:trojan-activity;sid:84224984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361885)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361885/; classtype:trojan-activity;sid:84224985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361886)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361886/; classtype:trojan-activity;sid:84224986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361877)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361877/; classtype:trojan-activity;sid:84224977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361878)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361878/; classtype:trojan-activity;sid:84224978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361879)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361879/; classtype:trojan-activity;sid:84224979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361874)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361874/; classtype:trojan-activity;sid:84224974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361875)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361875/; classtype:trojan-activity;sid:84224975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361876)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361876/; classtype:trojan-activity;sid:84224976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361873)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361873/; classtype:trojan-activity;sid:84224973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361870)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361870/; classtype:trojan-activity;sid:84224970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361871)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361871/; classtype:trojan-activity;sid:84224971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361872)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361872/; classtype:trojan-activity;sid:84224972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361869)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361869/; classtype:trojan-activity;sid:84224969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361866)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361866/; classtype:trojan-activity;sid:84224966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361867)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361867/; classtype:trojan-activity;sid:84224967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361868)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361868/; classtype:trojan-activity;sid:84224968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361863)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361863/; classtype:trojan-activity;sid:84224963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361864)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361864/; classtype:trojan-activity;sid:84224964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361865)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361865/; classtype:trojan-activity;sid:84224965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361852)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361852/; classtype:trojan-activity;sid:84224952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361853)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361853/; classtype:trojan-activity;sid:84224953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361854)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361854/; classtype:trojan-activity;sid:84224954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361855)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361855/; classtype:trojan-activity;sid:84224955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361856)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361856/; classtype:trojan-activity;sid:84224956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361857)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361857/; classtype:trojan-activity;sid:84224957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361858)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361858/; classtype:trojan-activity;sid:84224958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361859)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361859/; classtype:trojan-activity;sid:84224959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361860)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361860/; classtype:trojan-activity;sid:84224960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361861)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361861/; classtype:trojan-activity;sid:84224961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361862)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361862/; classtype:trojan-activity;sid:84224962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361847)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361847/; classtype:trojan-activity;sid:84224947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361848)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361848/; classtype:trojan-activity;sid:84224948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361849)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361849/; classtype:trojan-activity;sid:84224949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361850)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361850/; classtype:trojan-activity;sid:84224950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361851)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361851/; classtype:trojan-activity;sid:84224951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361840)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361840/; classtype:trojan-activity;sid:84224940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361841)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361841/; classtype:trojan-activity;sid:84224941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361842)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361842/; classtype:trojan-activity;sid:84224942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361843)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361843/; classtype:trojan-activity;sid:84224943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361844)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361844/; classtype:trojan-activity;sid:84224944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361845)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361845/; classtype:trojan-activity;sid:84224945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361846)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361846/; classtype:trojan-activity;sid:84224946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361836)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361836/; classtype:trojan-activity;sid:84224936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361837)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361837/; classtype:trojan-activity;sid:84224937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361838)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361838/; classtype:trojan-activity;sid:84224938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361839)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361839/; classtype:trojan-activity;sid:84224939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361835)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361835/; classtype:trojan-activity;sid:84224935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361833)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361833/; classtype:trojan-activity;sid:84224933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361834)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361834/; classtype:trojan-activity;sid:84224934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361831)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361831/; classtype:trojan-activity;sid:84224931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361832)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361832/; classtype:trojan-activity;sid:84224932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361830)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361830/; classtype:trojan-activity;sid:84224930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361829)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361829/; classtype:trojan-activity;sid:84224929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361818)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361818/; classtype:trojan-activity;sid:84224918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361819)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361819/; classtype:trojan-activity;sid:84224919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361820)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361820/; classtype:trojan-activity;sid:84224920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361821)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361821/; classtype:trojan-activity;sid:84224921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361822)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361822/; classtype:trojan-activity;sid:84224922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361823)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361823/; classtype:trojan-activity;sid:84224923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361824)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361824/; classtype:trojan-activity;sid:84224924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361825)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361825/; classtype:trojan-activity;sid:84224925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361826)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361826/; classtype:trojan-activity;sid:84224926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361827)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361827/; classtype:trojan-activity;sid:84224927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361828)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361828/; classtype:trojan-activity;sid:84224928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361808)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361808/; classtype:trojan-activity;sid:84224908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361809)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361809/; classtype:trojan-activity;sid:84224909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361810)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361810/; classtype:trojan-activity;sid:84224910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361811)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361811/; classtype:trojan-activity;sid:84224911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361812)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361812/; classtype:trojan-activity;sid:84224912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361813)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361813/; classtype:trojan-activity;sid:84224913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361814)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361814/; classtype:trojan-activity;sid:84224914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361815)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361815/; classtype:trojan-activity;sid:84224915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361816)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361816/; classtype:trojan-activity;sid:84224916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361817)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361817/; classtype:trojan-activity;sid:84224917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361803)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361803/; classtype:trojan-activity;sid:84224903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361804)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361804/; classtype:trojan-activity;sid:84224904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361805)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361805/; classtype:trojan-activity;sid:84224905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361806)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361806/; classtype:trojan-activity;sid:84224906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361807)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361807/; classtype:trojan-activity;sid:84224907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361798)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361798/; classtype:trojan-activity;sid:84224898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361799)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361799/; classtype:trojan-activity;sid:84224899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361800)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361800/; classtype:trojan-activity;sid:84224900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361801)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361801/; classtype:trojan-activity;sid:84224901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361802)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361802/; classtype:trojan-activity;sid:84224902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361796)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361796/; classtype:trojan-activity;sid:84224896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361797)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361797/; classtype:trojan-activity;sid:84224897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361794)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361794/; classtype:trojan-activity;sid:84224894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361795)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361795/; classtype:trojan-activity;sid:84224895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361792)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361792/; classtype:trojan-activity;sid:84224892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361793)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361793/; classtype:trojan-activity;sid:84224893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361788)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361788/; classtype:trojan-activity;sid:84224888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361789)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361789/; classtype:trojan-activity;sid:84224889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361790)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361790/; classtype:trojan-activity;sid:84224890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361791)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361791/; classtype:trojan-activity;sid:84224891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361780)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361780/; classtype:trojan-activity;sid:84224880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.21.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361781/; classtype:trojan-activity;sid:84224881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361782)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361782/; classtype:trojan-activity;sid:84224882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361783)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361783/; classtype:trojan-activity;sid:84224883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361784)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361784/; classtype:trojan-activity;sid:84224884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361785)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361785/; classtype:trojan-activity;sid:84224885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361786)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361786/; classtype:trojan-activity;sid:84224886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361787)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361787/; classtype:trojan-activity;sid:84224887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361768)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361768/; classtype:trojan-activity;sid:84224868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361769)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361769/; classtype:trojan-activity;sid:84224869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361770)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361770/; classtype:trojan-activity;sid:84224870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361771)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361771/; classtype:trojan-activity;sid:84224871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361772)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361772/; classtype:trojan-activity;sid:84224872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361773)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361773/; classtype:trojan-activity;sid:84224873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361774)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361774/; classtype:trojan-activity;sid:84224874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361775)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361775/; classtype:trojan-activity;sid:84224875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361776)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361776/; classtype:trojan-activity;sid:84224876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361777)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361777/; classtype:trojan-activity;sid:84224877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361778)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361778/; classtype:trojan-activity;sid:84224878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361779)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361779/; classtype:trojan-activity;sid:84224879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361766)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361766/; classtype:trojan-activity;sid:84224866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361767)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361767/; classtype:trojan-activity;sid:84224867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361763)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361763/; classtype:trojan-activity;sid:84224863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361764)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361764/; classtype:trojan-activity;sid:84224864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361765)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361765/; classtype:trojan-activity;sid:84224865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361758)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361758/; classtype:trojan-activity;sid:84224858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361759)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361759/; classtype:trojan-activity;sid:84224859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361760)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361760/; classtype:trojan-activity;sid:84224860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361761)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361761/; classtype:trojan-activity;sid:84224861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361762)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361762/; classtype:trojan-activity;sid:84224862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361754)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361754/; classtype:trojan-activity;sid:84224854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361755)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361755/; classtype:trojan-activity;sid:84224855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361756)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361756/; classtype:trojan-activity;sid:84224856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361757)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361757/; classtype:trojan-activity;sid:84224857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361750)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361750/; classtype:trojan-activity;sid:84224850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361751)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361751/; classtype:trojan-activity;sid:84224851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361752)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361752/; classtype:trojan-activity;sid:84224852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361753)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361753/; classtype:trojan-activity;sid:84224853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361742)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361742/; classtype:trojan-activity;sid:84224842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361743)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361743/; classtype:trojan-activity;sid:84224843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361744)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361744/; classtype:trojan-activity;sid:84224844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361745)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361745/; classtype:trojan-activity;sid:84224845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361746)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361746/; classtype:trojan-activity;sid:84224846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361747)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361747/; classtype:trojan-activity;sid:84224847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361748)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361748/; classtype:trojan-activity;sid:84224848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361749)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361749/; classtype:trojan-activity;sid:84224849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361734)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361734/; classtype:trojan-activity;sid:84224834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361735)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361735/; classtype:trojan-activity;sid:84224835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361736)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361736/; classtype:trojan-activity;sid:84224836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361737)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361737/; classtype:trojan-activity;sid:84224837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361738)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361738/; classtype:trojan-activity;sid:84224838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361739)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361739/; classtype:trojan-activity;sid:84224839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361740)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361740/; classtype:trojan-activity;sid:84224840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361741)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361741/; classtype:trojan-activity;sid:84224841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361728)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361728/; classtype:trojan-activity;sid:84224828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361729)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361729/; classtype:trojan-activity;sid:84224829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361730)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361730/; classtype:trojan-activity;sid:84224830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361731)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361731/; classtype:trojan-activity;sid:84224831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361732)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361732/; classtype:trojan-activity;sid:84224832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361733)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361733/; classtype:trojan-activity;sid:84224833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361724)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361724/; classtype:trojan-activity;sid:84224824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361725)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361725/; classtype:trojan-activity;sid:84224825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361726)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361726/; classtype:trojan-activity;sid:84224826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361727)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361727/; classtype:trojan-activity;sid:84224827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361717)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361717/; classtype:trojan-activity;sid:84224817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361718)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361718/; classtype:trojan-activity;sid:84224818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361719)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361719/; classtype:trojan-activity;sid:84224819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361720)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361720/; classtype:trojan-activity;sid:84224820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361721)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361721/; classtype:trojan-activity;sid:84224821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361722)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361722/; classtype:trojan-activity;sid:84224822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361723)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361723/; classtype:trojan-activity;sid:84224823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361715)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361715/; classtype:trojan-activity;sid:84224815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361716)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361716/; classtype:trojan-activity;sid:84224816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361714)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361714/; classtype:trojan-activity;sid:84224814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361712)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361712/; classtype:trojan-activity;sid:84224812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361713)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361713/; classtype:trojan-activity;sid:84224813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361700)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361700/; classtype:trojan-activity;sid:84224800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361701)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361701/; classtype:trojan-activity;sid:84224801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361702)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361702/; classtype:trojan-activity;sid:84224802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361703)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361703/; classtype:trojan-activity;sid:84224803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361704)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361704/; classtype:trojan-activity;sid:84224804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361705)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361705/; classtype:trojan-activity;sid:84224805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361706)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361706/; classtype:trojan-activity;sid:84224806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361707)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361707/; classtype:trojan-activity;sid:84224807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361708)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361708/; classtype:trojan-activity;sid:84224808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361709)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361709/; classtype:trojan-activity;sid:84224809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361710)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361710/; classtype:trojan-activity;sid:84224810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361711)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361711/; classtype:trojan-activity;sid:84224811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361691)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361691/; classtype:trojan-activity;sid:84224791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361692)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361692/; classtype:trojan-activity;sid:84224792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361693)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361693/; classtype:trojan-activity;sid:84224793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361694)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361694/; classtype:trojan-activity;sid:84224794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361695)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361695/; classtype:trojan-activity;sid:84224795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361696)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361696/; classtype:trojan-activity;sid:84224796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361697)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361697/; classtype:trojan-activity;sid:84224797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361698)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361698/; classtype:trojan-activity;sid:84224798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361699)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361699/; classtype:trojan-activity;sid:84224799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361681)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361681/; classtype:trojan-activity;sid:84224781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361682)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361682/; classtype:trojan-activity;sid:84224782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361683)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361683/; classtype:trojan-activity;sid:84224783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361684)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361684/; classtype:trojan-activity;sid:84224784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361685)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361685/; classtype:trojan-activity;sid:84224785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361686)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361686/; classtype:trojan-activity;sid:84224786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361687)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361687/; classtype:trojan-activity;sid:84224787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361688)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361688/; classtype:trojan-activity;sid:84224788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361689)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361689/; classtype:trojan-activity;sid:84224789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361690)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361690/; classtype:trojan-activity;sid:84224790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361679)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361679/; classtype:trojan-activity;sid:84224779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361680)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361680/; classtype:trojan-activity;sid:84224780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361677)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361677/; classtype:trojan-activity;sid:84224777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361678)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361678/; classtype:trojan-activity;sid:84224778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361675)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361675/; classtype:trojan-activity;sid:84224775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361676)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361676/; classtype:trojan-activity;sid:84224776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361673)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361673/; classtype:trojan-activity;sid:84224773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361674)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361674/; classtype:trojan-activity;sid:84224774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361671)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361671/; classtype:trojan-activity;sid:84224771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361672)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361672/; classtype:trojan-activity;sid:84224772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361660)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361660/; classtype:trojan-activity;sid:84224760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361661)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361661/; classtype:trojan-activity;sid:84224761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361662)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361662/; classtype:trojan-activity;sid:84224762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361663)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361663/; classtype:trojan-activity;sid:84224763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361664)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361664/; classtype:trojan-activity;sid:84224764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361665)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361665/; classtype:trojan-activity;sid:84224765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361666)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361666/; classtype:trojan-activity;sid:84224766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361667)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361667/; classtype:trojan-activity;sid:84224767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361668)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361668/; classtype:trojan-activity;sid:84224768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361669)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361669/; classtype:trojan-activity;sid:84224769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361670)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361670/; classtype:trojan-activity;sid:84224770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361648)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361648/; classtype:trojan-activity;sid:84224748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361649)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361649/; classtype:trojan-activity;sid:84224749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361650)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361650/; classtype:trojan-activity;sid:84224750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361651)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361651/; classtype:trojan-activity;sid:84224751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361652)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361652/; classtype:trojan-activity;sid:84224752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361653)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361653/; classtype:trojan-activity;sid:84224753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361654)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361654/; classtype:trojan-activity;sid:84224754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361655)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361655/; classtype:trojan-activity;sid:84224755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361656)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361656/; classtype:trojan-activity;sid:84224756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361657)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361657/; classtype:trojan-activity;sid:84224757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361658)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361658/; classtype:trojan-activity;sid:84224758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361659)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361659/; classtype:trojan-activity;sid:84224759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361641)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361641/; classtype:trojan-activity;sid:84224741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361642)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361642/; classtype:trojan-activity;sid:84224742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361643)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361643/; classtype:trojan-activity;sid:84224743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361644)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361644/; classtype:trojan-activity;sid:84224744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361645)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361645/; classtype:trojan-activity;sid:84224745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361646)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361646/; classtype:trojan-activity;sid:84224746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361647)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361647/; classtype:trojan-activity;sid:84224747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361638)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361638/; classtype:trojan-activity;sid:84224738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361639)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361639/; classtype:trojan-activity;sid:84224739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361640)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361640/; classtype:trojan-activity;sid:84224740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361635)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361635/; classtype:trojan-activity;sid:84224735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361636)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361636/; classtype:trojan-activity;sid:84224736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361637)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361637/; classtype:trojan-activity;sid:84224737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361634)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361634/; classtype:trojan-activity;sid:84224734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361627)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361627/; classtype:trojan-activity;sid:84224727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361628)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361628/; classtype:trojan-activity;sid:84224728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361629)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361629/; classtype:trojan-activity;sid:84224729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361630)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361630/; classtype:trojan-activity;sid:84224730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361631)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361631/; classtype:trojan-activity;sid:84224731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361632)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361632/; classtype:trojan-activity;sid:84224732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361633)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361633/; classtype:trojan-activity;sid:84224733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361615)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361615/; classtype:trojan-activity;sid:84224715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361616)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361616/; classtype:trojan-activity;sid:84224716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361617)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361617/; classtype:trojan-activity;sid:84224717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361618)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361618/; classtype:trojan-activity;sid:84224718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361619)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361619/; classtype:trojan-activity;sid:84224719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361620)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361620/; classtype:trojan-activity;sid:84224720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361621)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361621/; classtype:trojan-activity;sid:84224721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361622)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361622/; classtype:trojan-activity;sid:84224722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361623)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361623/; classtype:trojan-activity;sid:84224723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361624)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361624/; classtype:trojan-activity;sid:84224724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361625)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361625/; classtype:trojan-activity;sid:84224725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361626)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361626/; classtype:trojan-activity;sid:84224726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361602)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361602/; classtype:trojan-activity;sid:84224702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361603)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361603/; classtype:trojan-activity;sid:84224703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361604)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361604/; classtype:trojan-activity;sid:84224704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361605)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361605/; classtype:trojan-activity;sid:84224705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361606)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361606/; classtype:trojan-activity;sid:84224706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361607)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361607/; classtype:trojan-activity;sid:84224707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361608)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361608/; classtype:trojan-activity;sid:84224708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361609)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361609/; classtype:trojan-activity;sid:84224709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361610)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361610/; classtype:trojan-activity;sid:84224710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361611)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361611/; classtype:trojan-activity;sid:84224711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361612)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361612/; classtype:trojan-activity;sid:84224712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361613)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361613/; classtype:trojan-activity;sid:84224713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361614)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361614/; classtype:trojan-activity;sid:84224714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361597)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361597/; classtype:trojan-activity;sid:84224697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361598)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361598/; classtype:trojan-activity;sid:84224698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361599)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361599/; classtype:trojan-activity;sid:84224699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361600)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361600/; classtype:trojan-activity;sid:84224700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361601)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361601/; classtype:trojan-activity;sid:84224701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361595)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361595/; classtype:trojan-activity;sid:84224695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361596)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361596/; classtype:trojan-activity;sid:84224696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361594)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361594/; classtype:trojan-activity;sid:84224694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361592)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361592/; classtype:trojan-activity;sid:84224692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361593)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361593/; classtype:trojan-activity;sid:84224693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361587)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361587/; classtype:trojan-activity;sid:84224687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361588)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361588/; classtype:trojan-activity;sid:84224688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361589)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361589/; classtype:trojan-activity;sid:84224689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361590)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361590/; classtype:trojan-activity;sid:84224690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361591)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361591/; classtype:trojan-activity;sid:84224691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361570)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361570/; classtype:trojan-activity;sid:84224670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361571)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361571/; classtype:trojan-activity;sid:84224671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361572)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361572/; classtype:trojan-activity;sid:84224672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361573)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361573/; classtype:trojan-activity;sid:84224673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361574)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361574/; classtype:trojan-activity;sid:84224674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361575)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361575/; classtype:trojan-activity;sid:84224675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361576)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361576/; classtype:trojan-activity;sid:84224676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361577)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361577/; classtype:trojan-activity;sid:84224677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361578)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361578/; classtype:trojan-activity;sid:84224678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361579)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361579/; classtype:trojan-activity;sid:84224679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361580)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361580/; classtype:trojan-activity;sid:84224680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361581)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361581/; classtype:trojan-activity;sid:84224681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361582)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361582/; classtype:trojan-activity;sid:84224682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361583)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361583/; classtype:trojan-activity;sid:84224683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361584)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361584/; classtype:trojan-activity;sid:84224684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361585)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361585/; classtype:trojan-activity;sid:84224685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361586)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361586/; classtype:trojan-activity;sid:84224686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361558)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361558/; classtype:trojan-activity;sid:84224658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361559)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361559/; classtype:trojan-activity;sid:84224659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361560)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361560/; classtype:trojan-activity;sid:84224660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361561)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361561/; classtype:trojan-activity;sid:84224661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361562)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361562/; classtype:trojan-activity;sid:84224662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361563)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361563/; classtype:trojan-activity;sid:84224663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361564)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361564/; classtype:trojan-activity;sid:84224664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361565)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361565/; classtype:trojan-activity;sid:84224665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361566)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361566/; classtype:trojan-activity;sid:84224666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361567)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361567/; classtype:trojan-activity;sid:84224667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361568)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361568/; classtype:trojan-activity;sid:84224668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361569)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361569/; classtype:trojan-activity;sid:84224669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361555)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361555/; classtype:trojan-activity;sid:84224655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361556)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361556/; classtype:trojan-activity;sid:84224656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361557)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361557/; classtype:trojan-activity;sid:84224657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361554)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361554/; classtype:trojan-activity;sid:84224654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361547)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361547/; classtype:trojan-activity;sid:84224647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361548)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361548/; classtype:trojan-activity;sid:84224648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361549)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361549/; classtype:trojan-activity;sid:84224649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361550)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361550/; classtype:trojan-activity;sid:84224650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361551)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361551/; classtype:trojan-activity;sid:84224651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361552)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361552/; classtype:trojan-activity;sid:84224652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361553)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361553/; classtype:trojan-activity;sid:84224653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361527)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361527/; classtype:trojan-activity;sid:84224627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361528)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361528/; classtype:trojan-activity;sid:84224628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361529)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361529/; classtype:trojan-activity;sid:84224629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361530)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361530/; classtype:trojan-activity;sid:84224630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361531)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361531/; classtype:trojan-activity;sid:84224631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361532)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361532/; classtype:trojan-activity;sid:84224632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361533)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361533/; classtype:trojan-activity;sid:84224633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361534)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361534/; classtype:trojan-activity;sid:84224634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361535)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361535/; classtype:trojan-activity;sid:84224635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361536)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361536/; classtype:trojan-activity;sid:84224636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361537)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361537/; classtype:trojan-activity;sid:84224637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361538)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361538/; classtype:trojan-activity;sid:84224638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361539)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361539/; classtype:trojan-activity;sid:84224639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361540)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361540/; classtype:trojan-activity;sid:84224640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361541)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361541/; classtype:trojan-activity;sid:84224641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361542)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361542/; classtype:trojan-activity;sid:84224642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361543)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361543/; classtype:trojan-activity;sid:84224643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361544)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361544/; classtype:trojan-activity;sid:84224644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361545)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361545/; classtype:trojan-activity;sid:84224645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361546)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361546/; classtype:trojan-activity;sid:84224646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361521)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361521/; classtype:trojan-activity;sid:84224621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361522)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361522/; classtype:trojan-activity;sid:84224622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361523)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361523/; classtype:trojan-activity;sid:84224623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361524)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361524/; classtype:trojan-activity;sid:84224624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361525)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361525/; classtype:trojan-activity;sid:84224625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361526)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361526/; classtype:trojan-activity;sid:84224626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361517)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361517/; classtype:trojan-activity;sid:84224617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361518)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361518/; classtype:trojan-activity;sid:84224618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361519)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361519/; classtype:trojan-activity;sid:84224619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361520)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361520/; classtype:trojan-activity;sid:84224620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361515)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361515/; classtype:trojan-activity;sid:84224615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361516)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361516/; classtype:trojan-activity;sid:84224616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361509)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361509/; classtype:trojan-activity;sid:84224609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361510)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361510/; classtype:trojan-activity;sid:84224610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361511)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361511/; classtype:trojan-activity;sid:84224611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361512)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361512/; classtype:trojan-activity;sid:84224612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361513)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361513/; classtype:trojan-activity;sid:84224613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361514)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361514/; classtype:trojan-activity;sid:84224614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361489)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361489/; classtype:trojan-activity;sid:84224589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361490)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361490/; classtype:trojan-activity;sid:84224590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361491)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361491/; classtype:trojan-activity;sid:84224591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361492)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361492/; classtype:trojan-activity;sid:84224592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361493)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361493/; classtype:trojan-activity;sid:84224593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361494)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361494/; classtype:trojan-activity;sid:84224594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361495)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361495/; classtype:trojan-activity;sid:84224595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361496)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361496/; classtype:trojan-activity;sid:84224596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361497)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361497/; classtype:trojan-activity;sid:84224597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361498)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361498/; classtype:trojan-activity;sid:84224598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361499)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361499/; classtype:trojan-activity;sid:84224599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361500)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361500/; classtype:trojan-activity;sid:84224600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361501)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361501/; classtype:trojan-activity;sid:84224601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361502)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361502/; classtype:trojan-activity;sid:84224602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361503)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361503/; classtype:trojan-activity;sid:84224603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361504)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361504/; classtype:trojan-activity;sid:84224604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361505)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361505/; classtype:trojan-activity;sid:84224605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361506)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361506/; classtype:trojan-activity;sid:84224606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361507)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361507/; classtype:trojan-activity;sid:84224607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361508)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361508/; classtype:trojan-activity;sid:84224608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361479)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361479/; classtype:trojan-activity;sid:84224579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361480)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361480/; classtype:trojan-activity;sid:84224580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361481)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361481/; classtype:trojan-activity;sid:84224581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361482)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361482/; classtype:trojan-activity;sid:84224582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361483)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361483/; classtype:trojan-activity;sid:84224583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361484)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361484/; classtype:trojan-activity;sid:84224584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361485)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361485/; classtype:trojan-activity;sid:84224585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361486)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361486/; classtype:trojan-activity;sid:84224586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361487)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361487/; classtype:trojan-activity;sid:84224587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361488)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361488/; classtype:trojan-activity;sid:84224588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361477)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361477/; classtype:trojan-activity;sid:84224577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361478)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361478/; classtype:trojan-activity;sid:84224578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361476)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361476/; classtype:trojan-activity;sid:84224576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361475)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361475/; classtype:trojan-activity;sid:84224575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361473)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361473/; classtype:trojan-activity;sid:84224573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361474)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361474/; classtype:trojan-activity;sid:84224574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361455)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361455/; classtype:trojan-activity;sid:84224555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361456)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361456/; classtype:trojan-activity;sid:84224556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361457)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361457/; classtype:trojan-activity;sid:84224557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361458)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361458/; classtype:trojan-activity;sid:84224558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361459)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361459/; classtype:trojan-activity;sid:84224559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361460)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361460/; classtype:trojan-activity;sid:84224560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361461)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361461/; classtype:trojan-activity;sid:84224561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361462)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361462/; classtype:trojan-activity;sid:84224562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361463)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361463/; classtype:trojan-activity;sid:84224563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361464)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361464/; classtype:trojan-activity;sid:84224564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361465)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361465/; classtype:trojan-activity;sid:84224565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361466)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361466/; classtype:trojan-activity;sid:84224566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361467)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361467/; classtype:trojan-activity;sid:84224567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361468)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361468/; classtype:trojan-activity;sid:84224568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361469)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361469/; classtype:trojan-activity;sid:84224569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361470)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361470/; classtype:trojan-activity;sid:84224570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361471)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361471/; classtype:trojan-activity;sid:84224571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361472)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361472/; classtype:trojan-activity;sid:84224572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361442)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361442/; classtype:trojan-activity;sid:84224542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361443)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361443/; classtype:trojan-activity;sid:84224543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361444)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361444/; classtype:trojan-activity;sid:84224544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361445)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361445/; classtype:trojan-activity;sid:84224545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361446)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361446/; classtype:trojan-activity;sid:84224546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361447)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361447/; classtype:trojan-activity;sid:84224547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361448)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361448/; classtype:trojan-activity;sid:84224548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361449)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361449/; classtype:trojan-activity;sid:84224549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361450)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361450/; classtype:trojan-activity;sid:84224550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361451)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361451/; classtype:trojan-activity;sid:84224551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361452)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361452/; classtype:trojan-activity;sid:84224552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361453)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361453/; classtype:trojan-activity;sid:84224553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361454)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361454/; classtype:trojan-activity;sid:84224554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361436)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361436/; classtype:trojan-activity;sid:84224536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361437)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361437/; classtype:trojan-activity;sid:84224537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361438)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361438/; classtype:trojan-activity;sid:84224538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361439)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361439/; classtype:trojan-activity;sid:84224539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361440)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361440/; classtype:trojan-activity;sid:84224540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361441)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361441/; classtype:trojan-activity;sid:84224541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361435)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361435/; classtype:trojan-activity;sid:84224535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361419)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361419/; classtype:trojan-activity;sid:84224519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361420)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361420/; classtype:trojan-activity;sid:84224520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361421)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361421/; classtype:trojan-activity;sid:84224521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361422)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361422/; classtype:trojan-activity;sid:84224522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361423)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361423/; classtype:trojan-activity;sid:84224523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361424)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361424/; classtype:trojan-activity;sid:84224524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361425)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361425/; classtype:trojan-activity;sid:84224525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361426)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361426/; classtype:trojan-activity;sid:84224526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361427)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361427/; classtype:trojan-activity;sid:84224527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361428)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361428/; classtype:trojan-activity;sid:84224528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361429)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361429/; classtype:trojan-activity;sid:84224529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361430)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361430/; classtype:trojan-activity;sid:84224530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361431)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361431/; classtype:trojan-activity;sid:84224531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361432)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361432/; classtype:trojan-activity;sid:84224532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361433)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361433/; classtype:trojan-activity;sid:84224533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361434)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361434/; classtype:trojan-activity;sid:84224534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361398)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361398/; classtype:trojan-activity;sid:84224498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361399)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361399/; classtype:trojan-activity;sid:84224499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361400)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361400/; classtype:trojan-activity;sid:84224500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361401)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361401/; classtype:trojan-activity;sid:84224501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361402)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361402/; classtype:trojan-activity;sid:84224502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361403)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361403/; classtype:trojan-activity;sid:84224503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361404)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361404/; classtype:trojan-activity;sid:84224504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361405)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361405/; classtype:trojan-activity;sid:84224505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361406)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361406/; classtype:trojan-activity;sid:84224506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361407)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361407/; classtype:trojan-activity;sid:84224507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361408)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361408/; classtype:trojan-activity;sid:84224508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361409)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361409/; classtype:trojan-activity;sid:84224509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361410)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361410/; classtype:trojan-activity;sid:84224510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361411)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361411/; classtype:trojan-activity;sid:84224511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361412)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361412/; classtype:trojan-activity;sid:84224512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361413)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361413/; classtype:trojan-activity;sid:84224513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361414)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361414/; classtype:trojan-activity;sid:84224514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361415)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361415/; classtype:trojan-activity;sid:84224515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361416)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361416/; classtype:trojan-activity;sid:84224516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361417)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361417/; classtype:trojan-activity;sid:84224517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361418)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361418/; classtype:trojan-activity;sid:84224518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361397)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361397/; classtype:trojan-activity;sid:84224497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361396)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361396/; classtype:trojan-activity;sid:84224496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361395)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361395/; classtype:trojan-activity;sid:84224495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361391)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361391/; classtype:trojan-activity;sid:84224491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361392)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361392/; classtype:trojan-activity;sid:84224492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361393)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361393/; classtype:trojan-activity;sid:84224493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361394)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361394/; classtype:trojan-activity;sid:84224494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361389)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361389/; classtype:trojan-activity;sid:84224489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361390)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361390/; classtype:trojan-activity;sid:84224490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361380)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361380/; classtype:trojan-activity;sid:84224480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361381)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361381/; classtype:trojan-activity;sid:84224481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361382)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361382/; classtype:trojan-activity;sid:84224482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361383)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361383/; classtype:trojan-activity;sid:84224483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361384)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361384/; classtype:trojan-activity;sid:84224484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361385)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361385/; classtype:trojan-activity;sid:84224485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361386)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361386/; classtype:trojan-activity;sid:84224486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361387)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361387/; classtype:trojan-activity;sid:84224487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361388)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361388/; classtype:trojan-activity;sid:84224488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.100.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361379/; classtype:trojan-activity;sid:84224479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361378)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361378/; classtype:trojan-activity;sid:84224478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361358)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361358/; classtype:trojan-activity;sid:84224458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361359)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361359/; classtype:trojan-activity;sid:84224459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361360)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361360/; classtype:trojan-activity;sid:84224460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361361)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361361/; classtype:trojan-activity;sid:84224461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361362)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361362/; classtype:trojan-activity;sid:84224462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361363)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361363/; classtype:trojan-activity;sid:84224463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361364)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361364/; classtype:trojan-activity;sid:84224464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361365)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361365/; classtype:trojan-activity;sid:84224465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361366)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361366/; classtype:trojan-activity;sid:84224466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361367)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361367/; classtype:trojan-activity;sid:84224467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361368)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361368/; classtype:trojan-activity;sid:84224468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361369)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361369/; classtype:trojan-activity;sid:84224469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361370)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361370/; classtype:trojan-activity;sid:84224470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361371)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361371/; classtype:trojan-activity;sid:84224471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361372)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361372/; classtype:trojan-activity;sid:84224472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361373)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361373/; classtype:trojan-activity;sid:84224473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361374)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361374/; classtype:trojan-activity;sid:84224474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361375)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361375/; classtype:trojan-activity;sid:84224475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361376)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361376/; classtype:trojan-activity;sid:84224476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361377)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361377/; classtype:trojan-activity;sid:84224477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361357)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361357/; classtype:trojan-activity;sid:84224457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361356)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361356/; classtype:trojan-activity;sid:84224456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361355)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361355/; classtype:trojan-activity;sid:84224455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361353)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361353/; classtype:trojan-activity;sid:84224453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361354)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361354/; classtype:trojan-activity;sid:84224454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361351)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361351/; classtype:trojan-activity;sid:84224451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361352)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361352/; classtype:trojan-activity;sid:84224452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361349)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361349/; classtype:trojan-activity;sid:84224449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361350)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361350/; classtype:trojan-activity;sid:84224450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361347)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361347/; classtype:trojan-activity;sid:84224447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361348)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361348/; classtype:trojan-activity;sid:84224448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361344)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361344/; classtype:trojan-activity;sid:84224444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361345)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361345/; classtype:trojan-activity;sid:84224445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361346)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361346/; classtype:trojan-activity;sid:84224446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361341)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361341/; classtype:trojan-activity;sid:84224441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361342)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361342/; classtype:trojan-activity;sid:84224442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361343)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361343/; classtype:trojan-activity;sid:84224443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361340)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361340/; classtype:trojan-activity;sid:84224440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361328)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361328/; classtype:trojan-activity;sid:84224428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361329)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361329/; classtype:trojan-activity;sid:84224429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361330)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361330/; classtype:trojan-activity;sid:84224430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361331)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361331/; classtype:trojan-activity;sid:84224431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361332)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361332/; classtype:trojan-activity;sid:84224432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361333)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361333/; classtype:trojan-activity;sid:84224433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361334)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361334/; classtype:trojan-activity;sid:84224434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361335)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361335/; classtype:trojan-activity;sid:84224435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361336)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361336/; classtype:trojan-activity;sid:84224436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361337)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361337/; classtype:trojan-activity;sid:84224437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361338)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361338/; classtype:trojan-activity;sid:84224438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361339)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361339/; classtype:trojan-activity;sid:84224439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361324)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361324/; classtype:trojan-activity;sid:84224424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361325)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361325/; classtype:trojan-activity;sid:84224425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361326)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361326/; classtype:trojan-activity;sid:84224426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361327)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361327/; classtype:trojan-activity;sid:84224427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361316)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361316/; classtype:trojan-activity;sid:84224416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361317)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361317/; classtype:trojan-activity;sid:84224417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361318)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361318/; classtype:trojan-activity;sid:84224418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361319)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361319/; classtype:trojan-activity;sid:84224419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361320)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361320/; classtype:trojan-activity;sid:84224420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361321)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361321/; classtype:trojan-activity;sid:84224421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361322)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361322/; classtype:trojan-activity;sid:84224422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361323)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361323/; classtype:trojan-activity;sid:84224423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361314)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361314/; classtype:trojan-activity;sid:84224414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361315)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361315/; classtype:trojan-activity;sid:84224415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361307)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361307/; classtype:trojan-activity;sid:84224407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361308)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361308/; classtype:trojan-activity;sid:84224408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361309)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361309/; classtype:trojan-activity;sid:84224409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361310)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361310/; classtype:trojan-activity;sid:84224410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361311)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361311/; classtype:trojan-activity;sid:84224411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361312)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361312/; classtype:trojan-activity;sid:84224412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361313)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361313/; classtype:trojan-activity;sid:84224413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361300)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361300/; classtype:trojan-activity;sid:84224400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361301)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361301/; classtype:trojan-activity;sid:84224401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361302)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361302/; classtype:trojan-activity;sid:84224402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361303)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361303/; classtype:trojan-activity;sid:84224403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361304)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361304/; classtype:trojan-activity;sid:84224404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361305)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361305/; classtype:trojan-activity;sid:84224405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361306)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361306/; classtype:trojan-activity;sid:84224406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361297)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361297/; classtype:trojan-activity;sid:84224397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361298)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361298/; classtype:trojan-activity;sid:84224398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361299)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361299/; classtype:trojan-activity;sid:84224399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361293)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361293/; classtype:trojan-activity;sid:84224393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361294)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361294/; classtype:trojan-activity;sid:84224394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361295)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361295/; classtype:trojan-activity;sid:84224395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361296)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361296/; classtype:trojan-activity;sid:84224396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361290)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361290/; classtype:trojan-activity;sid:84224390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361291)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361291/; classtype:trojan-activity;sid:84224391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361292)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361292/; classtype:trojan-activity;sid:84224392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361287)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361287/; classtype:trojan-activity;sid:84224387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361288)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361288/; classtype:trojan-activity;sid:84224388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361289)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361289/; classtype:trojan-activity;sid:84224389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361282)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361282/; classtype:trojan-activity;sid:84224382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361283)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361283/; classtype:trojan-activity;sid:84224383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361284)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361284/; classtype:trojan-activity;sid:84224384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361285)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361285/; classtype:trojan-activity;sid:84224385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361286)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361286/; classtype:trojan-activity;sid:84224386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361275)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361275/; classtype:trojan-activity;sid:84224375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361276)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361276/; classtype:trojan-activity;sid:84224376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361277)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361277/; classtype:trojan-activity;sid:84224377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361278)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361278/; classtype:trojan-activity;sid:84224378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361279)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361279/; classtype:trojan-activity;sid:84224379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361280)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361280/; classtype:trojan-activity;sid:84224380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361281)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361281/; classtype:trojan-activity;sid:84224381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361270)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361270/; classtype:trojan-activity;sid:84224370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361271)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361271/; classtype:trojan-activity;sid:84224371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361272)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361272/; classtype:trojan-activity;sid:84224372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361273)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361273/; classtype:trojan-activity;sid:84224373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361274)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361274/; classtype:trojan-activity;sid:84224374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361263)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361263/; classtype:trojan-activity;sid:84224363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361264)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361264/; classtype:trojan-activity;sid:84224364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361265)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361265/; classtype:trojan-activity;sid:84224365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361266)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361266/; classtype:trojan-activity;sid:84224366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361267)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361267/; classtype:trojan-activity;sid:84224367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361268)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361268/; classtype:trojan-activity;sid:84224368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361269)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361269/; classtype:trojan-activity;sid:84224369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361259)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361259/; classtype:trojan-activity;sid:84224359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361260)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361260/; classtype:trojan-activity;sid:84224360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361261)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361261/; classtype:trojan-activity;sid:84224361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361262)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361262/; classtype:trojan-activity;sid:84224362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361257)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361257/; classtype:trojan-activity;sid:84224357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361258)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361258/; classtype:trojan-activity;sid:84224358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361252)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361252/; classtype:trojan-activity;sid:84224352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361253)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361253/; classtype:trojan-activity;sid:84224353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361254)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361254/; classtype:trojan-activity;sid:84224354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361255)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361255/; classtype:trojan-activity;sid:84224355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361256)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361256/; classtype:trojan-activity;sid:84224356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361249)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361249/; classtype:trojan-activity;sid:84224349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361250)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361250/; classtype:trojan-activity;sid:84224350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361251)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361251/; classtype:trojan-activity;sid:84224351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361246)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361246/; classtype:trojan-activity;sid:84224346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361247)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361247/; classtype:trojan-activity;sid:84224347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361248)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361248/; classtype:trojan-activity;sid:84224348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361240)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361240/; classtype:trojan-activity;sid:84224340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361241)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361241/; classtype:trojan-activity;sid:84224341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361242)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361242/; classtype:trojan-activity;sid:84224342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361243)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361243/; classtype:trojan-activity;sid:84224343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361244)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361244/; classtype:trojan-activity;sid:84224344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361245)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361245/; classtype:trojan-activity;sid:84224345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361235)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361235/; classtype:trojan-activity;sid:84224335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361236)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361236/; classtype:trojan-activity;sid:84224336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361237)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361237/; classtype:trojan-activity;sid:84224337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361238)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361238/; classtype:trojan-activity;sid:84224338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361239)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361239/; classtype:trojan-activity;sid:84224339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361231)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361231/; classtype:trojan-activity;sid:84224331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361232)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361232/; classtype:trojan-activity;sid:84224332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361233)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361233/; classtype:trojan-activity;sid:84224333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361234)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361234/; classtype:trojan-activity;sid:84224334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361224)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361224/; classtype:trojan-activity;sid:84224324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361225)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361225/; classtype:trojan-activity;sid:84224325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361226)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361226/; classtype:trojan-activity;sid:84224326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361227)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361227/; classtype:trojan-activity;sid:84224327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361228)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361228/; classtype:trojan-activity;sid:84224328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361229)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361229/; classtype:trojan-activity;sid:84224329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361230)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361230/; classtype:trojan-activity;sid:84224330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361218)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361218/; classtype:trojan-activity;sid:84224318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361219)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361219/; classtype:trojan-activity;sid:84224319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361220)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361220/; classtype:trojan-activity;sid:84224320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361221)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361221/; classtype:trojan-activity;sid:84224321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361222)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361222/; classtype:trojan-activity;sid:84224322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361223)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361223/; classtype:trojan-activity;sid:84224323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361213)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361213/; classtype:trojan-activity;sid:84224313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361214)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361214/; classtype:trojan-activity;sid:84224314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361215)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361215/; classtype:trojan-activity;sid:84224315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361216)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361216/; classtype:trojan-activity;sid:84224316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361217)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361217/; classtype:trojan-activity;sid:84224317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361212)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361212/; classtype:trojan-activity;sid:84224312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361209)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361209/; classtype:trojan-activity;sid:84224309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361210)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361210/; classtype:trojan-activity;sid:84224310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361211)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361211/; classtype:trojan-activity;sid:84224311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361207)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361207/; classtype:trojan-activity;sid:84224307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361208)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361208/; classtype:trojan-activity;sid:84224308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361202)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361202/; classtype:trojan-activity;sid:84224302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361203)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361203/; classtype:trojan-activity;sid:84224303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361204)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361204/; classtype:trojan-activity;sid:84224304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361205)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361205/; classtype:trojan-activity;sid:84224305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361206)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361206/; classtype:trojan-activity;sid:84224306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361197)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361197/; classtype:trojan-activity;sid:84224297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361198)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361198/; classtype:trojan-activity;sid:84224298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361199)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361199/; classtype:trojan-activity;sid:84224299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361200)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361200/; classtype:trojan-activity;sid:84224300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361201)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361201/; classtype:trojan-activity;sid:84224301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361191)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361191/; classtype:trojan-activity;sid:84224291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361192)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361192/; classtype:trojan-activity;sid:84224292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361193)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361193/; classtype:trojan-activity;sid:84224293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361194)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361194/; classtype:trojan-activity;sid:84224294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361195)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361195/; classtype:trojan-activity;sid:84224295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361196)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361196/; classtype:trojan-activity;sid:84224296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361183)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361183/; classtype:trojan-activity;sid:84224283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361184)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361184/; classtype:trojan-activity;sid:84224284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361185)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361185/; classtype:trojan-activity;sid:84224285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361186)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361186/; classtype:trojan-activity;sid:84224286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361187)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361187/; classtype:trojan-activity;sid:84224287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361188)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361188/; classtype:trojan-activity;sid:84224288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361189)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361189/; classtype:trojan-activity;sid:84224289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361190)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361190/; classtype:trojan-activity;sid:84224290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361178)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361178/; classtype:trojan-activity;sid:84224278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361179)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361179/; classtype:trojan-activity;sid:84224279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361180)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361180/; classtype:trojan-activity;sid:84224280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361181)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361181/; classtype:trojan-activity;sid:84224281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361182)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361182/; classtype:trojan-activity;sid:84224282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361173)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361173/; classtype:trojan-activity;sid:84224273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361174)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361174/; classtype:trojan-activity;sid:84224274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361175)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361175/; classtype:trojan-activity;sid:84224275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361176)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361176/; classtype:trojan-activity;sid:84224276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361177)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361177/; classtype:trojan-activity;sid:84224277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361170)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361170/; classtype:trojan-activity;sid:84224270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361171)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361171/; classtype:trojan-activity;sid:84224271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361172)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361172/; classtype:trojan-activity;sid:84224272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361164)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361164/; classtype:trojan-activity;sid:84224264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361165)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361165/; classtype:trojan-activity;sid:84224265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361166)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361166/; classtype:trojan-activity;sid:84224266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361167)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361167/; classtype:trojan-activity;sid:84224267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361168)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361168/; classtype:trojan-activity;sid:84224268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361169)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361169/; classtype:trojan-activity;sid:84224269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361161)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361161/; classtype:trojan-activity;sid:84224261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361162)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361162/; classtype:trojan-activity;sid:84224262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361163)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361163/; classtype:trojan-activity;sid:84224263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361155)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361155/; classtype:trojan-activity;sid:84224255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361156)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361156/; classtype:trojan-activity;sid:84224256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361157)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361157/; classtype:trojan-activity;sid:84224257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361158)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361158/; classtype:trojan-activity;sid:84224258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361159)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361159/; classtype:trojan-activity;sid:84224259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361160)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361160/; classtype:trojan-activity;sid:84224260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361150)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361150/; classtype:trojan-activity;sid:84224250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361151)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361151/; classtype:trojan-activity;sid:84224251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361152)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361152/; classtype:trojan-activity;sid:84224252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361153)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361153/; classtype:trojan-activity;sid:84224253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361154)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361154/; classtype:trojan-activity;sid:84224254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361144)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361144/; classtype:trojan-activity;sid:84224244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361145)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361145/; classtype:trojan-activity;sid:84224245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361146)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361146/; classtype:trojan-activity;sid:84224246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361147)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361147/; classtype:trojan-activity;sid:84224247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361148)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361148/; classtype:trojan-activity;sid:84224248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361149)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361149/; classtype:trojan-activity;sid:84224249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361138)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361138/; classtype:trojan-activity;sid:84224238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361139)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361139/; classtype:trojan-activity;sid:84224239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361140)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361140/; classtype:trojan-activity;sid:84224240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361141)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361141/; classtype:trojan-activity;sid:84224241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361142)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361142/; classtype:trojan-activity;sid:84224242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361143)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361143/; classtype:trojan-activity;sid:84224243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361136)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361136/; classtype:trojan-activity;sid:84224236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361137)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361137/; classtype:trojan-activity;sid:84224237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361135)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361135/; classtype:trojan-activity;sid:84224235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361129)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361129/; classtype:trojan-activity;sid:84224229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361130)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361130/; classtype:trojan-activity;sid:84224230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361131)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361131/; classtype:trojan-activity;sid:84224231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361132)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361132/; classtype:trojan-activity;sid:84224232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361133)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361133/; classtype:trojan-activity;sid:84224233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361134)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361134/; classtype:trojan-activity;sid:84224234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361125)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361125/; classtype:trojan-activity;sid:84224225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361126)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361126/; classtype:trojan-activity;sid:84224226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361127)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361127/; classtype:trojan-activity;sid:84224227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361128)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361128/; classtype:trojan-activity;sid:84224228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361121)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361121/; classtype:trojan-activity;sid:84224221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361122)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361122/; classtype:trojan-activity;sid:84224222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361123)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361123/; classtype:trojan-activity;sid:84224223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361124)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361124/; classtype:trojan-activity;sid:84224224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361113)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361113/; classtype:trojan-activity;sid:84224213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361114)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361114/; classtype:trojan-activity;sid:84224214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361115)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361115/; classtype:trojan-activity;sid:84224215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361116)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361116/; classtype:trojan-activity;sid:84224216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361117)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361117/; classtype:trojan-activity;sid:84224217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361118)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361118/; classtype:trojan-activity;sid:84224218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361119)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361119/; classtype:trojan-activity;sid:84224219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361120)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361120/; classtype:trojan-activity;sid:84224220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361106)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361106/; classtype:trojan-activity;sid:84224206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361107)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361107/; classtype:trojan-activity;sid:84224207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361108)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361108/; classtype:trojan-activity;sid:84224208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361109)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361109/; classtype:trojan-activity;sid:84224209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361110)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361110/; classtype:trojan-activity;sid:84224210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361111)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361111/; classtype:trojan-activity;sid:84224211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361112)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361112/; classtype:trojan-activity;sid:84224212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361103)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361103/; classtype:trojan-activity;sid:84224203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361104)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361104/; classtype:trojan-activity;sid:84224204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361105)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361105/; classtype:trojan-activity;sid:84224205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361098)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361098/; classtype:trojan-activity;sid:84224198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361099)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361099/; classtype:trojan-activity;sid:84224199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361100)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361100/; classtype:trojan-activity;sid:84224200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361101)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361101/; classtype:trojan-activity;sid:84224201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361102)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361102/; classtype:trojan-activity;sid:84224202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361096)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361096/; classtype:trojan-activity;sid:84224196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361097)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361097/; classtype:trojan-activity;sid:84224197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361093)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361093/; classtype:trojan-activity;sid:84224193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361094)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361094/; classtype:trojan-activity;sid:84224194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361095)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361095/; classtype:trojan-activity;sid:84224195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361089)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361089/; classtype:trojan-activity;sid:84224189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361090)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361090/; classtype:trojan-activity;sid:84224190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361091)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361091/; classtype:trojan-activity;sid:84224191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361092)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361092/; classtype:trojan-activity;sid:84224192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361084)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361084/; classtype:trojan-activity;sid:84224184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361085)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361085/; classtype:trojan-activity;sid:84224185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361086)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361086/; classtype:trojan-activity;sid:84224186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361087)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361087/; classtype:trojan-activity;sid:84224187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361088)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361088/; classtype:trojan-activity;sid:84224188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361078)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361078/; classtype:trojan-activity;sid:84224178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361079)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361079/; classtype:trojan-activity;sid:84224179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361080)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361080/; classtype:trojan-activity;sid:84224180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361081)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361081/; classtype:trojan-activity;sid:84224181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361082)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361082/; classtype:trojan-activity;sid:84224182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361083)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361083/; classtype:trojan-activity;sid:84224183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361075)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361075/; classtype:trojan-activity;sid:84224175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361076)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361076/; classtype:trojan-activity;sid:84224176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361077)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361077/; classtype:trojan-activity;sid:84224177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361070)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361070/; classtype:trojan-activity;sid:84224170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361071)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361071/; classtype:trojan-activity;sid:84224171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361072)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361072/; classtype:trojan-activity;sid:84224172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361073)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361073/; classtype:trojan-activity;sid:84224173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361074)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361074/; classtype:trojan-activity;sid:84224174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361066)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361066/; classtype:trojan-activity;sid:84224166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361067)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361067/; classtype:trojan-activity;sid:84224167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361068)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361068/; classtype:trojan-activity;sid:84224168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361069)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361069/; classtype:trojan-activity;sid:84224169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361060)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361060/; classtype:trojan-activity;sid:84224160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361061)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361061/; classtype:trojan-activity;sid:84224161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361062)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361062/; classtype:trojan-activity;sid:84224162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361063)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361063/; classtype:trojan-activity;sid:84224163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361064)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361064/; classtype:trojan-activity;sid:84224164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361065)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361065/; classtype:trojan-activity;sid:84224165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361058)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361058/; classtype:trojan-activity;sid:84224158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361059)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361059/; classtype:trojan-activity;sid:84224159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361055)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361055/; classtype:trojan-activity;sid:84224155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361056)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361056/; classtype:trojan-activity;sid:84224156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361057)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361057/; classtype:trojan-activity;sid:84224157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361053)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361053/; classtype:trojan-activity;sid:84224153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361054)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361054/; classtype:trojan-activity;sid:84224154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361048)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361048/; classtype:trojan-activity;sid:84224148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361049)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361049/; classtype:trojan-activity;sid:84224149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361050)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361050/; classtype:trojan-activity;sid:84224150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361051)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361051/; classtype:trojan-activity;sid:84224151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361052)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361052/; classtype:trojan-activity;sid:84224152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361045)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361045/; classtype:trojan-activity;sid:84224145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361046)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361046/; classtype:trojan-activity;sid:84224146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361047)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361047/; classtype:trojan-activity;sid:84224147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361035)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361035/; classtype:trojan-activity;sid:84224135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361036)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361036/; classtype:trojan-activity;sid:84224136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361037)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361037/; classtype:trojan-activity;sid:84224137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361038)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361038/; classtype:trojan-activity;sid:84224138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361039)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361039/; classtype:trojan-activity;sid:84224139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361040)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361040/; classtype:trojan-activity;sid:84224140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361041)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361041/; classtype:trojan-activity;sid:84224141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361042)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361042/; classtype:trojan-activity;sid:84224142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361043)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361043/; classtype:trojan-activity;sid:84224143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361044)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361044/; classtype:trojan-activity;sid:84224144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361031)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361031/; classtype:trojan-activity;sid:84224131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361032)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361032/; classtype:trojan-activity;sid:84224132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361033)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361033/; classtype:trojan-activity;sid:84224133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361034)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361034/; classtype:trojan-activity;sid:84224134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361025)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361025/; classtype:trojan-activity;sid:84224125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361026)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361026/; classtype:trojan-activity;sid:84224126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361027)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361027/; classtype:trojan-activity;sid:84224127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361028)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361028/; classtype:trojan-activity;sid:84224128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361029)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361029/; classtype:trojan-activity;sid:84224129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361030)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361030/; classtype:trojan-activity;sid:84224130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361023)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361023/; classtype:trojan-activity;sid:84224123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361024)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361024/; classtype:trojan-activity;sid:84224124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361021)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361021/; classtype:trojan-activity;sid:84224121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361022)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361022/; classtype:trojan-activity;sid:84224122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361019)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361019/; classtype:trojan-activity;sid:84224119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361020)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361020/; classtype:trojan-activity;sid:84224120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361013)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361013/; classtype:trojan-activity;sid:84224113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361014)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361014/; classtype:trojan-activity;sid:84224114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361015)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361015/; classtype:trojan-activity;sid:84224115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361016)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361016/; classtype:trojan-activity;sid:84224116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361017)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361017/; classtype:trojan-activity;sid:84224117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361018)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361018/; classtype:trojan-activity;sid:84224118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361011)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361011/; classtype:trojan-activity;sid:84224111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361012)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361012/; classtype:trojan-activity;sid:84224112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360999)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360999/; classtype:trojan-activity;sid:84224099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361000)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361000/; classtype:trojan-activity;sid:84224100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361001)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361001/; classtype:trojan-activity;sid:84224101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361002)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361002/; classtype:trojan-activity;sid:84224102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361003)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361003/; classtype:trojan-activity;sid:84224103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361004)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361004/; classtype:trojan-activity;sid:84224104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361005)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361005/; classtype:trojan-activity;sid:84224105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361006)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361006/; classtype:trojan-activity;sid:84224106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361007)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361007/; classtype:trojan-activity;sid:84224107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361008)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361008/; classtype:trojan-activity;sid:84224108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361009)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361009/; classtype:trojan-activity;sid:84224109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3361010)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3361010/; classtype:trojan-activity;sid:84224110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360996)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360996/; classtype:trojan-activity;sid:84224096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360997)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360997/; classtype:trojan-activity;sid:84224097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360998)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360998/; classtype:trojan-activity;sid:84224098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360991)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360991/; classtype:trojan-activity;sid:84224091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360992)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360992/; classtype:trojan-activity;sid:84224092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360993)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360993/; classtype:trojan-activity;sid:84224093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360994)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360994/; classtype:trojan-activity;sid:84224094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360995)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360995/; classtype:trojan-activity;sid:84224095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360985)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360985/; classtype:trojan-activity;sid:84224085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360986)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360986/; classtype:trojan-activity;sid:84224086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360987)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360987/; classtype:trojan-activity;sid:84224087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360988)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360988/; classtype:trojan-activity;sid:84224088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360989)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360989/; classtype:trojan-activity;sid:84224089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360990)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360990/; classtype:trojan-activity;sid:84224090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360983)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360983/; classtype:trojan-activity;sid:84224083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360984)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360984/; classtype:trojan-activity;sid:84224084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360982)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360982/; classtype:trojan-activity;sid:84224082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360981)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360981/; classtype:trojan-activity;sid:84224081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360978)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360978/; classtype:trojan-activity;sid:84224078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360979)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360979/; classtype:trojan-activity;sid:84224079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360980)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360980/; classtype:trojan-activity;sid:84224080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360974)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360974/; classtype:trojan-activity;sid:84224074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360975)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360975/; classtype:trojan-activity;sid:84224075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360976)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360976/; classtype:trojan-activity;sid:84224076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360977)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360977/; classtype:trojan-activity;sid:84224077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360966)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360966/; classtype:trojan-activity;sid:84224066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360967)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360967/; classtype:trojan-activity;sid:84224067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360968)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360968/; classtype:trojan-activity;sid:84224068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360969)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360969/; classtype:trojan-activity;sid:84224069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360970)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360970/; classtype:trojan-activity;sid:84224070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360971)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360971/; classtype:trojan-activity;sid:84224071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360972)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360972/; classtype:trojan-activity;sid:84224072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360973)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360973/; classtype:trojan-activity;sid:84224073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360958)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360958/; classtype:trojan-activity;sid:84224058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360959)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360959/; classtype:trojan-activity;sid:84224059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360960)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360960/; classtype:trojan-activity;sid:84224060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360961)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360961/; classtype:trojan-activity;sid:84224061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360962)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360962/; classtype:trojan-activity;sid:84224062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360963)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360963/; classtype:trojan-activity;sid:84224063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360964)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360964/; classtype:trojan-activity;sid:84224064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360965)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360965/; classtype:trojan-activity;sid:84224065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360956)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360956/; classtype:trojan-activity;sid:84224056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360957)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360957/; classtype:trojan-activity;sid:84224057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360951)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360951/; classtype:trojan-activity;sid:84224051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360952)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360952/; classtype:trojan-activity;sid:84224052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360953)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360953/; classtype:trojan-activity;sid:84224053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360954)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360954/; classtype:trojan-activity;sid:84224054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360955)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360955/; classtype:trojan-activity;sid:84224055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360948)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360948/; classtype:trojan-activity;sid:84224048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360949)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360949/; classtype:trojan-activity;sid:84224049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360950)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360950/; classtype:trojan-activity;sid:84224050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360946)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360946/; classtype:trojan-activity;sid:84224046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360947)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360947/; classtype:trojan-activity;sid:84224047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360940)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360940/; classtype:trojan-activity;sid:84224040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360941)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360941/; classtype:trojan-activity;sid:84224041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360942)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360942/; classtype:trojan-activity;sid:84224042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360943)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360943/; classtype:trojan-activity;sid:84224043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360944)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360944/; classtype:trojan-activity;sid:84224044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360945)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360945/; classtype:trojan-activity;sid:84224045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360939)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360939/; classtype:trojan-activity;sid:84224039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360934)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360934/; classtype:trojan-activity;sid:84224034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360935)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360935/; classtype:trojan-activity;sid:84224035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360936)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360936/; classtype:trojan-activity;sid:84224036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360937)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360937/; classtype:trojan-activity;sid:84224037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360938)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360938/; classtype:trojan-activity;sid:84224038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360929)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360929/; classtype:trojan-activity;sid:84224029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360930)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360930/; classtype:trojan-activity;sid:84224030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360931)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360931/; classtype:trojan-activity;sid:84224031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360932)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360932/; classtype:trojan-activity;sid:84224032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360933)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360933/; classtype:trojan-activity;sid:84224033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360923)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360923/; classtype:trojan-activity;sid:84224023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360924)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360924/; classtype:trojan-activity;sid:84224024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360925)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360925/; classtype:trojan-activity;sid:84224025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360926)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360926/; classtype:trojan-activity;sid:84224026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360927)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360927/; classtype:trojan-activity;sid:84224027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360928)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360928/; classtype:trojan-activity;sid:84224028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360918)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360918/; classtype:trojan-activity;sid:84224018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360919)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360919/; classtype:trojan-activity;sid:84224019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360920)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360920/; classtype:trojan-activity;sid:84224020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360921)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360921/; classtype:trojan-activity;sid:84224021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360922)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360922/; classtype:trojan-activity;sid:84224022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360916)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360916/; classtype:trojan-activity;sid:84224016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360917)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360917/; classtype:trojan-activity;sid:84224017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360913)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360913/; classtype:trojan-activity;sid:84224013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360914)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360914/; classtype:trojan-activity;sid:84224014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360915)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360915/; classtype:trojan-activity;sid:84224015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360912)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360912/; classtype:trojan-activity;sid:84224012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360908)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360908/; classtype:trojan-activity;sid:84224008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360909)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360909/; classtype:trojan-activity;sid:84224009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360910)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360910/; classtype:trojan-activity;sid:84224010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360911)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360911/; classtype:trojan-activity;sid:84224011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360905)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360905/; classtype:trojan-activity;sid:84224005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360906)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360906/; classtype:trojan-activity;sid:84224006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360907)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360907/; classtype:trojan-activity;sid:84224007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360900)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360900/; classtype:trojan-activity;sid:84224000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360901)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360901/; classtype:trojan-activity;sid:84224001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360902)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360902/; classtype:trojan-activity;sid:84224002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360903)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360903/; classtype:trojan-activity;sid:84224003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360904)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360904/; classtype:trojan-activity;sid:84224004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360897)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360897/; classtype:trojan-activity;sid:84223997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360898)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360898/; classtype:trojan-activity;sid:84223998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360899)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360899/; classtype:trojan-activity;sid:84223999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360895)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360895/; classtype:trojan-activity;sid:84223995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360896)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360896/; classtype:trojan-activity;sid:84223996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360890)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360890/; classtype:trojan-activity;sid:84223990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360891)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360891/; classtype:trojan-activity;sid:84223991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360892)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360892/; classtype:trojan-activity;sid:84223992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360893)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360893/; classtype:trojan-activity;sid:84223993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360894)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360894/; classtype:trojan-activity;sid:84223994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360882)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360882/; classtype:trojan-activity;sid:84223982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360883)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360883/; classtype:trojan-activity;sid:84223983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360884)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360884/; classtype:trojan-activity;sid:84223984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360885)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360885/; classtype:trojan-activity;sid:84223985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360886)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360886/; classtype:trojan-activity;sid:84223986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360887)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360887/; classtype:trojan-activity;sid:84223987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360888)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360888/; classtype:trojan-activity;sid:84223988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360889)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360889/; classtype:trojan-activity;sid:84223989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360878)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360878/; classtype:trojan-activity;sid:84223978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360879)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360879/; classtype:trojan-activity;sid:84223979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360880)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360880/; classtype:trojan-activity;sid:84223980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360881)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360881/; classtype:trojan-activity;sid:84223981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360874)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360874/; classtype:trojan-activity;sid:84223974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360875)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360875/; classtype:trojan-activity;sid:84223975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360876)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360876/; classtype:trojan-activity;sid:84223976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360877)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360877/; classtype:trojan-activity;sid:84223977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360872)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360872/; classtype:trojan-activity;sid:84223972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360873)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360873/; classtype:trojan-activity;sid:84223973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360871)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360871/; classtype:trojan-activity;sid:84223971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360867)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360867/; classtype:trojan-activity;sid:84223967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360868)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360868/; classtype:trojan-activity;sid:84223968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360869)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360869/; classtype:trojan-activity;sid:84223969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360870)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360870/; classtype:trojan-activity;sid:84223970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360863)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360863/; classtype:trojan-activity;sid:84223963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360864)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360864/; classtype:trojan-activity;sid:84223964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360865)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360865/; classtype:trojan-activity;sid:84223965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360866)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360866/; classtype:trojan-activity;sid:84223966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360859)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360859/; classtype:trojan-activity;sid:84223959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360860)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360860/; classtype:trojan-activity;sid:84223960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360861)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360861/; classtype:trojan-activity;sid:84223961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360862)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360862/; classtype:trojan-activity;sid:84223962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360854)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360854/; classtype:trojan-activity;sid:84223954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360855)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360855/; classtype:trojan-activity;sid:84223955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360856)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360856/; classtype:trojan-activity;sid:84223956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360857)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360857/; classtype:trojan-activity;sid:84223957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360858)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360858/; classtype:trojan-activity;sid:84223958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360851)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360851/; classtype:trojan-activity;sid:84223951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360852)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360852/; classtype:trojan-activity;sid:84223952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360853)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360853/; classtype:trojan-activity;sid:84223953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360843)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360843/; classtype:trojan-activity;sid:84223943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360844)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360844/; classtype:trojan-activity;sid:84223944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360845)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360845/; classtype:trojan-activity;sid:84223945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360846)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360846/; classtype:trojan-activity;sid:84223946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360847)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360847/; classtype:trojan-activity;sid:84223947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360848)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360848/; classtype:trojan-activity;sid:84223948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360849)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360849/; classtype:trojan-activity;sid:84223949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360850)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360850/; classtype:trojan-activity;sid:84223950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360836)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360836/; classtype:trojan-activity;sid:84223936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360837)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360837/; classtype:trojan-activity;sid:84223937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360838)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360838/; classtype:trojan-activity;sid:84223938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360839)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360839/; classtype:trojan-activity;sid:84223939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360840)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360840/; classtype:trojan-activity;sid:84223940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360841)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360841/; classtype:trojan-activity;sid:84223941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360842)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360842/; classtype:trojan-activity;sid:84223942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360834)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360834/; classtype:trojan-activity;sid:84223934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360835)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360835/; classtype:trojan-activity;sid:84223935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360833)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360833/; classtype:trojan-activity;sid:84223933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360832)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360832/; classtype:trojan-activity;sid:84223932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360830)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360830/; classtype:trojan-activity;sid:84223930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360831)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360831/; classtype:trojan-activity;sid:84223931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360826)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360826/; classtype:trojan-activity;sid:84223926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360827)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360827/; classtype:trojan-activity;sid:84223927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360828)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360828/; classtype:trojan-activity;sid:84223928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360829)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360829/; classtype:trojan-activity;sid:84223929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360823)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360823/; classtype:trojan-activity;sid:84223923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360824)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360824/; classtype:trojan-activity;sid:84223924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360825)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360825/; classtype:trojan-activity;sid:84223925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360820)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360820/; classtype:trojan-activity;sid:84223920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360821)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360821/; classtype:trojan-activity;sid:84223921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360822)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360822/; classtype:trojan-activity;sid:84223922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360813)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360813/; classtype:trojan-activity;sid:84223913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360814)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360814/; classtype:trojan-activity;sid:84223914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360815)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360815/; classtype:trojan-activity;sid:84223915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360816)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360816/; classtype:trojan-activity;sid:84223916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360817)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360817/; classtype:trojan-activity;sid:84223917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360818)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360818/; classtype:trojan-activity;sid:84223918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360819)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360819/; classtype:trojan-activity;sid:84223919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360806)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360806/; classtype:trojan-activity;sid:84223906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360807)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360807/; classtype:trojan-activity;sid:84223907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360808)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360808/; classtype:trojan-activity;sid:84223908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360809)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360809/; classtype:trojan-activity;sid:84223909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360810)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360810/; classtype:trojan-activity;sid:84223910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360811)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360811/; classtype:trojan-activity;sid:84223911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360812)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360812/; classtype:trojan-activity;sid:84223912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360803)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360803/; classtype:trojan-activity;sid:84223903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360804)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360804/; classtype:trojan-activity;sid:84223904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360805)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360805/; classtype:trojan-activity;sid:84223905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360797)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360797/; classtype:trojan-activity;sid:84223897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360798)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360798/; classtype:trojan-activity;sid:84223898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360799)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360799/; classtype:trojan-activity;sid:84223899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360800)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360800/; classtype:trojan-activity;sid:84223900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360801)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360801/; classtype:trojan-activity;sid:84223901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360802)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360802/; classtype:trojan-activity;sid:84223902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360795)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360795/; classtype:trojan-activity;sid:84223895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360796)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360796/; classtype:trojan-activity;sid:84223896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360794)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360794/; classtype:trojan-activity;sid:84223894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360793)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360793/; classtype:trojan-activity;sid:84223893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360790)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360790/; classtype:trojan-activity;sid:84223890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360791)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360791/; classtype:trojan-activity;sid:84223891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360792)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360792/; classtype:trojan-activity;sid:84223892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360785)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360785/; classtype:trojan-activity;sid:84223885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360786)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360786/; classtype:trojan-activity;sid:84223886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360787)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360787/; classtype:trojan-activity;sid:84223887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360788)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360788/; classtype:trojan-activity;sid:84223888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360789)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360789/; classtype:trojan-activity;sid:84223889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360781)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360781/; classtype:trojan-activity;sid:84223881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360782)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360782/; classtype:trojan-activity;sid:84223882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360783)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360783/; classtype:trojan-activity;sid:84223883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360784)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360784/; classtype:trojan-activity;sid:84223884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360777)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360777/; classtype:trojan-activity;sid:84223877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360778)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360778/; classtype:trojan-activity;sid:84223878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360779)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360779/; classtype:trojan-activity;sid:84223879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360780)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360780/; classtype:trojan-activity;sid:84223880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360770)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360770/; classtype:trojan-activity;sid:84223870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360771)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360771/; classtype:trojan-activity;sid:84223871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360772)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360772/; classtype:trojan-activity;sid:84223872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360773)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360773/; classtype:trojan-activity;sid:84223873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360774)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360774/; classtype:trojan-activity;sid:84223874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360775)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360775/; classtype:trojan-activity;sid:84223875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360776)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360776/; classtype:trojan-activity;sid:84223876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360765)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360765/; classtype:trojan-activity;sid:84223865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360766)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360766/; classtype:trojan-activity;sid:84223866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360767)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360767/; classtype:trojan-activity;sid:84223867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360768)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360768/; classtype:trojan-activity;sid:84223868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360769)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360769/; classtype:trojan-activity;sid:84223869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360762)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360762/; classtype:trojan-activity;sid:84223862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360763)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360763/; classtype:trojan-activity;sid:84223863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360764)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360764/; classtype:trojan-activity;sid:84223864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360757)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360757/; classtype:trojan-activity;sid:84223857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360758)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360758/; classtype:trojan-activity;sid:84223858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360759)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360759/; classtype:trojan-activity;sid:84223859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360760)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360760/; classtype:trojan-activity;sid:84223860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360761)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360761/; classtype:trojan-activity;sid:84223861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360755)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360755/; classtype:trojan-activity;sid:84223855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360756)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360756/; classtype:trojan-activity;sid:84223856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360752)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360752/; classtype:trojan-activity;sid:84223852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360753)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360753/; classtype:trojan-activity;sid:84223853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360754)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360754/; classtype:trojan-activity;sid:84223854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360751)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360751/; classtype:trojan-activity;sid:84223851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360746)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360746/; classtype:trojan-activity;sid:84223846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360747)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360747/; classtype:trojan-activity;sid:84223847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360748)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360748/; classtype:trojan-activity;sid:84223848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360749)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360749/; classtype:trojan-activity;sid:84223849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360750)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360750/; classtype:trojan-activity;sid:84223850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360743)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360743/; classtype:trojan-activity;sid:84223843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360744)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360744/; classtype:trojan-activity;sid:84223844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360745)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360745/; classtype:trojan-activity;sid:84223845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360739)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360739/; classtype:trojan-activity;sid:84223839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360740)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360740/; classtype:trojan-activity;sid:84223840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360741)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360741/; classtype:trojan-activity;sid:84223841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360742)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360742/; classtype:trojan-activity;sid:84223842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360734)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360734/; classtype:trojan-activity;sid:84223834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360735)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360735/; classtype:trojan-activity;sid:84223835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360736)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360736/; classtype:trojan-activity;sid:84223836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360737)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360737/; classtype:trojan-activity;sid:84223837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360738)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360738/; classtype:trojan-activity;sid:84223838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360728)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360728/; classtype:trojan-activity;sid:84223828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360729)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360729/; classtype:trojan-activity;sid:84223829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360730)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360730/; classtype:trojan-activity;sid:84223830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360731)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360731/; classtype:trojan-activity;sid:84223831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360732)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360732/; classtype:trojan-activity;sid:84223832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360733)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360733/; classtype:trojan-activity;sid:84223833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360721)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360721/; classtype:trojan-activity;sid:84223821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360722)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360722/; classtype:trojan-activity;sid:84223822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360723)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360723/; classtype:trojan-activity;sid:84223823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360724)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360724/; classtype:trojan-activity;sid:84223824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360725)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360725/; classtype:trojan-activity;sid:84223825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360726)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360726/; classtype:trojan-activity;sid:84223826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360727)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360727/; classtype:trojan-activity;sid:84223827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360720)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360720/; classtype:trojan-activity;sid:84223820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360717)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360717/; classtype:trojan-activity;sid:84223817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360718)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360718/; classtype:trojan-activity;sid:84223818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360719)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360719/; classtype:trojan-activity;sid:84223819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360714)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360714/; classtype:trojan-activity;sid:84223814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360715)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360715/; classtype:trojan-activity;sid:84223815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360716)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360716/; classtype:trojan-activity;sid:84223816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360713)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360713/; classtype:trojan-activity;sid:84223813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360712)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360712/; classtype:trojan-activity;sid:84223812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360707)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360707/; classtype:trojan-activity;sid:84223807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360708)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360708/; classtype:trojan-activity;sid:84223808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360709)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360709/; classtype:trojan-activity;sid:84223809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360710)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360710/; classtype:trojan-activity;sid:84223810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360711)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360711/; classtype:trojan-activity;sid:84223811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360702)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360702/; classtype:trojan-activity;sid:84223802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360703)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360703/; classtype:trojan-activity;sid:84223803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360704)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360704/; classtype:trojan-activity;sid:84223804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360705)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360705/; classtype:trojan-activity;sid:84223805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360706)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360706/; classtype:trojan-activity;sid:84223806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360697)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360697/; classtype:trojan-activity;sid:84223797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360698)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360698/; classtype:trojan-activity;sid:84223798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360699)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360699/; classtype:trojan-activity;sid:84223799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360700)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360700/; classtype:trojan-activity;sid:84223800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360701)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360701/; classtype:trojan-activity;sid:84223801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360695)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360695/; classtype:trojan-activity;sid:84223795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360696)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360696/; classtype:trojan-activity;sid:84223796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360691)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360691/; classtype:trojan-activity;sid:84223791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360692)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360692/; classtype:trojan-activity;sid:84223792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360693)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360693/; classtype:trojan-activity;sid:84223793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360694)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360694/; classtype:trojan-activity;sid:84223794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360682)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360682/; classtype:trojan-activity;sid:84223782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360683)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360683/; classtype:trojan-activity;sid:84223783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360684)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360684/; classtype:trojan-activity;sid:84223784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360685)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360685/; classtype:trojan-activity;sid:84223785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360686)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360686/; classtype:trojan-activity;sid:84223786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360687)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360687/; classtype:trojan-activity;sid:84223787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360688)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360688/; classtype:trojan-activity;sid:84223788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360689)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360689/; classtype:trojan-activity;sid:84223789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360690)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360690/; classtype:trojan-activity;sid:84223790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360680)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360680/; classtype:trojan-activity;sid:84223780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360681)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360681/; classtype:trojan-activity;sid:84223781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360678)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360678/; classtype:trojan-activity;sid:84223778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360679)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360679/; classtype:trojan-activity;sid:84223779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360675)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360675/; classtype:trojan-activity;sid:84223775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360676)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360676/; classtype:trojan-activity;sid:84223776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360677)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360677/; classtype:trojan-activity;sid:84223777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360673)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360673/; classtype:trojan-activity;sid:84223773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360674)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360674/; classtype:trojan-activity;sid:84223774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360666)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360666/; classtype:trojan-activity;sid:84223766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360667)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360667/; classtype:trojan-activity;sid:84223767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360668)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360668/; classtype:trojan-activity;sid:84223768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360669)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360669/; classtype:trojan-activity;sid:84223769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360670)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360670/; classtype:trojan-activity;sid:84223770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360671)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360671/; classtype:trojan-activity;sid:84223771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360672)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360672/; classtype:trojan-activity;sid:84223772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360665)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360665/; classtype:trojan-activity;sid:84223765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360661)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360661/; classtype:trojan-activity;sid:84223761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360662)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360662/; classtype:trojan-activity;sid:84223762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360663)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360663/; classtype:trojan-activity;sid:84223763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360664)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360664/; classtype:trojan-activity;sid:84223764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360658)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360658/; classtype:trojan-activity;sid:84223758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360659)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360659/; classtype:trojan-activity;sid:84223759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360660)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360660/; classtype:trojan-activity;sid:84223760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360653)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360653/; classtype:trojan-activity;sid:84223753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360654)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360654/; classtype:trojan-activity;sid:84223754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360655)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360655/; classtype:trojan-activity;sid:84223755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360656)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360656/; classtype:trojan-activity;sid:84223756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360657)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360657/; classtype:trojan-activity;sid:84223757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360651)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360651/; classtype:trojan-activity;sid:84223751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360652)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360652/; classtype:trojan-activity;sid:84223752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360645)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360645/; classtype:trojan-activity;sid:84223745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360646)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360646/; classtype:trojan-activity;sid:84223746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360647)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360647/; classtype:trojan-activity;sid:84223747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360648)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360648/; classtype:trojan-activity;sid:84223748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360649)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360649/; classtype:trojan-activity;sid:84223749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360650)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360650/; classtype:trojan-activity;sid:84223750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360642)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360642/; classtype:trojan-activity;sid:84223742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360643)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360643/; classtype:trojan-activity;sid:84223743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360644)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360644/; classtype:trojan-activity;sid:84223744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360637)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360637/; classtype:trojan-activity;sid:84223737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360638)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360638/; classtype:trojan-activity;sid:84223738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360639)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360639/; classtype:trojan-activity;sid:84223739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360640)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360640/; classtype:trojan-activity;sid:84223740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360641)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360641/; classtype:trojan-activity;sid:84223741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360636)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360636/; classtype:trojan-activity;sid:84223736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360634)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360634/; classtype:trojan-activity;sid:84223734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360635)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360635/; classtype:trojan-activity;sid:84223735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360633)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360633/; classtype:trojan-activity;sid:84223733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360630)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360630/; classtype:trojan-activity;sid:84223730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360631)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360631/; classtype:trojan-activity;sid:84223731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360632)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360632/; classtype:trojan-activity;sid:84223732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360625)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360625/; classtype:trojan-activity;sid:84223725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360626)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360626/; classtype:trojan-activity;sid:84223726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360627)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360627/; classtype:trojan-activity;sid:84223727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360628)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360628/; classtype:trojan-activity;sid:84223728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360629)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360629/; classtype:trojan-activity;sid:84223729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360623)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360623/; classtype:trojan-activity;sid:84223723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360624)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360624/; classtype:trojan-activity;sid:84223724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360619)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360619/; classtype:trojan-activity;sid:84223719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360620)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360620/; classtype:trojan-activity;sid:84223720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360621)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360621/; classtype:trojan-activity;sid:84223721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360622)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360622/; classtype:trojan-activity;sid:84223722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360611)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360611/; classtype:trojan-activity;sid:84223711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360612)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360612/; classtype:trojan-activity;sid:84223712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360613)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360613/; classtype:trojan-activity;sid:84223713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360614)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360614/; classtype:trojan-activity;sid:84223714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360615)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360615/; classtype:trojan-activity;sid:84223715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360616)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360616/; classtype:trojan-activity;sid:84223716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360617)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360617/; classtype:trojan-activity;sid:84223717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360618)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360618/; classtype:trojan-activity;sid:84223718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360609)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360609/; classtype:trojan-activity;sid:84223709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360610)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360610/; classtype:trojan-activity;sid:84223710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360602)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360602/; classtype:trojan-activity;sid:84223702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360603)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360603/; classtype:trojan-activity;sid:84223703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360604)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360604/; classtype:trojan-activity;sid:84223704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360605)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360605/; classtype:trojan-activity;sid:84223705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360606)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360606/; classtype:trojan-activity;sid:84223706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360607)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360607/; classtype:trojan-activity;sid:84223707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360608)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360608/; classtype:trojan-activity;sid:84223708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360597)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360597/; classtype:trojan-activity;sid:84223697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360598)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360598/; classtype:trojan-activity;sid:84223698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360599)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360599/; classtype:trojan-activity;sid:84223699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360600)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360600/; classtype:trojan-activity;sid:84223700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360601)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360601/; classtype:trojan-activity;sid:84223701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360594)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360594/; classtype:trojan-activity;sid:84223694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360595)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360595/; classtype:trojan-activity;sid:84223695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360596)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360596/; classtype:trojan-activity;sid:84223696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360593)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360593/; classtype:trojan-activity;sid:84223693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360586)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360586/; classtype:trojan-activity;sid:84223686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360587)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360587/; classtype:trojan-activity;sid:84223687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360588)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360588/; classtype:trojan-activity;sid:84223688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360589)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360589/; classtype:trojan-activity;sid:84223689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360590)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360590/; classtype:trojan-activity;sid:84223690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360591)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360591/; classtype:trojan-activity;sid:84223691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360592)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360592/; classtype:trojan-activity;sid:84223692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360583)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360583/; classtype:trojan-activity;sid:84223683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360584)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360584/; classtype:trojan-activity;sid:84223684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360585)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360585/; classtype:trojan-activity;sid:84223685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360579)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360579/; classtype:trojan-activity;sid:84223679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360580)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360580/; classtype:trojan-activity;sid:84223680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360581)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360581/; classtype:trojan-activity;sid:84223681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360582)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360582/; classtype:trojan-activity;sid:84223682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360575)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360575/; classtype:trojan-activity;sid:84223675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360576)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360576/; classtype:trojan-activity;sid:84223676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360577)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360577/; classtype:trojan-activity;sid:84223677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360578)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360578/; classtype:trojan-activity;sid:84223678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360567)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360567/; classtype:trojan-activity;sid:84223667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360568)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360568/; classtype:trojan-activity;sid:84223668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360569)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360569/; classtype:trojan-activity;sid:84223669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360570)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360570/; classtype:trojan-activity;sid:84223670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360571)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360571/; classtype:trojan-activity;sid:84223671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360572)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360572/; classtype:trojan-activity;sid:84223672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360573)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360573/; classtype:trojan-activity;sid:84223673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360574)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360574/; classtype:trojan-activity;sid:84223674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360561)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360561/; classtype:trojan-activity;sid:84223661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360562)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360562/; classtype:trojan-activity;sid:84223662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360563)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360563/; classtype:trojan-activity;sid:84223663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360564)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360564/; classtype:trojan-activity;sid:84223664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360565)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360565/; classtype:trojan-activity;sid:84223665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360566)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360566/; classtype:trojan-activity;sid:84223666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360557)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360557/; classtype:trojan-activity;sid:84223657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360558)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360558/; classtype:trojan-activity;sid:84223658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360559)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360559/; classtype:trojan-activity;sid:84223659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360560)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360560/; classtype:trojan-activity;sid:84223660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360555)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360555/; classtype:trojan-activity;sid:84223655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360556)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360556/; classtype:trojan-activity;sid:84223656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360552)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360552/; classtype:trojan-activity;sid:84223652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360553)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360553/; classtype:trojan-activity;sid:84223653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360554)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360554/; classtype:trojan-activity;sid:84223654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360548)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360548/; classtype:trojan-activity;sid:84223648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360549)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360549/; classtype:trojan-activity;sid:84223649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360550)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360550/; classtype:trojan-activity;sid:84223650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360551)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360551/; classtype:trojan-activity;sid:84223651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360545)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360545/; classtype:trojan-activity;sid:84223645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360546)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360546/; classtype:trojan-activity;sid:84223646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360547)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360547/; classtype:trojan-activity;sid:84223647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360544)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360544/; classtype:trojan-activity;sid:84223644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360537)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360537/; classtype:trojan-activity;sid:84223637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360538)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360538/; classtype:trojan-activity;sid:84223638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360539)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360539/; classtype:trojan-activity;sid:84223639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360540)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360540/; classtype:trojan-activity;sid:84223640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360541)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360541/; classtype:trojan-activity;sid:84223641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360542)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360542/; classtype:trojan-activity;sid:84223642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360543)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360543/; classtype:trojan-activity;sid:84223643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360529)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360529/; classtype:trojan-activity;sid:84223629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360530)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360530/; classtype:trojan-activity;sid:84223630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360531)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360531/; classtype:trojan-activity;sid:84223631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360532)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360532/; classtype:trojan-activity;sid:84223632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360533)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360533/; classtype:trojan-activity;sid:84223633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360534)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360534/; classtype:trojan-activity;sid:84223634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360535)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360535/; classtype:trojan-activity;sid:84223635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360536)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360536/; classtype:trojan-activity;sid:84223636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360526)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360526/; classtype:trojan-activity;sid:84223626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360527)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360527/; classtype:trojan-activity;sid:84223627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360528)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360528/; classtype:trojan-activity;sid:84223628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360519)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360519/; classtype:trojan-activity;sid:84223619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360520)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360520/; classtype:trojan-activity;sid:84223620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360521)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360521/; classtype:trojan-activity;sid:84223621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360522)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360522/; classtype:trojan-activity;sid:84223622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360523)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360523/; classtype:trojan-activity;sid:84223623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360524)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360524/; classtype:trojan-activity;sid:84223624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360525)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360525/; classtype:trojan-activity;sid:84223625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360515)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360515/; classtype:trojan-activity;sid:84223615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360516)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360516/; classtype:trojan-activity;sid:84223616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360517)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360517/; classtype:trojan-activity;sid:84223617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360518)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360518/; classtype:trojan-activity;sid:84223618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360512)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360512/; classtype:trojan-activity;sid:84223612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360513)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360513/; classtype:trojan-activity;sid:84223613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360514)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360514/; classtype:trojan-activity;sid:84223614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360507)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360507/; classtype:trojan-activity;sid:84223607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360508)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360508/; classtype:trojan-activity;sid:84223608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360509)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360509/; classtype:trojan-activity;sid:84223609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360510)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360510/; classtype:trojan-activity;sid:84223610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360511)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360511/; classtype:trojan-activity;sid:84223611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360504)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360504/; classtype:trojan-activity;sid:84223604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360505)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360505/; classtype:trojan-activity;sid:84223605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360506)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360506/; classtype:trojan-activity;sid:84223606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360502)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360502/; classtype:trojan-activity;sid:84223602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360503)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360503/; classtype:trojan-activity;sid:84223603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360497)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360497/; classtype:trojan-activity;sid:84223597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360498)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360498/; classtype:trojan-activity;sid:84223598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360499)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360499/; classtype:trojan-activity;sid:84223599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360500)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360500/; classtype:trojan-activity;sid:84223600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360501)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360501/; classtype:trojan-activity;sid:84223601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360492)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360492/; classtype:trojan-activity;sid:84223592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360493)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360493/; classtype:trojan-activity;sid:84223593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360494)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360494/; classtype:trojan-activity;sid:84223594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360495)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360495/; classtype:trojan-activity;sid:84223595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360496)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360496/; classtype:trojan-activity;sid:84223596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360484)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360484/; classtype:trojan-activity;sid:84223584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360485)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360485/; classtype:trojan-activity;sid:84223585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360486)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360486/; classtype:trojan-activity;sid:84223586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360487)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360487/; classtype:trojan-activity;sid:84223587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360488)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360488/; classtype:trojan-activity;sid:84223588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360489)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360489/; classtype:trojan-activity;sid:84223589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360490)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360490/; classtype:trojan-activity;sid:84223590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360491)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360491/; classtype:trojan-activity;sid:84223591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360481)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360481/; classtype:trojan-activity;sid:84223581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360482)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360482/; classtype:trojan-activity;sid:84223582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360483)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360483/; classtype:trojan-activity;sid:84223583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360475)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360475/; classtype:trojan-activity;sid:84223575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360476)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360476/; classtype:trojan-activity;sid:84223576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360477)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360477/; classtype:trojan-activity;sid:84223577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360478)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360478/; classtype:trojan-activity;sid:84223578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360479)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360479/; classtype:trojan-activity;sid:84223579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360480)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360480/; classtype:trojan-activity;sid:84223580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360470)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360470/; classtype:trojan-activity;sid:84223570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360471)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360471/; classtype:trojan-activity;sid:84223571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360472)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360472/; classtype:trojan-activity;sid:84223572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360473)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360473/; classtype:trojan-activity;sid:84223573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360474)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360474/; classtype:trojan-activity;sid:84223574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360468)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360468/; classtype:trojan-activity;sid:84223568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360469)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360469/; classtype:trojan-activity;sid:84223569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360465)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360465/; classtype:trojan-activity;sid:84223565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360466)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360466/; classtype:trojan-activity;sid:84223566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360467)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360467/; classtype:trojan-activity;sid:84223567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360463)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360463/; classtype:trojan-activity;sid:84223563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360464)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360464/; classtype:trojan-activity;sid:84223564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360461)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360461/; classtype:trojan-activity;sid:84223561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360462/; classtype:trojan-activity;sid:84223562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360456)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360456/; classtype:trojan-activity;sid:84223556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360457)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360457/; classtype:trojan-activity;sid:84223557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360458)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360458/; classtype:trojan-activity;sid:84223558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360459)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360459/; classtype:trojan-activity;sid:84223559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360460)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360460/; classtype:trojan-activity;sid:84223560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360452)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360452/; classtype:trojan-activity;sid:84223552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360453)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360453/; classtype:trojan-activity;sid:84223553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360454)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360454/; classtype:trojan-activity;sid:84223554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360455)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360455/; classtype:trojan-activity;sid:84223555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360445)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360445/; classtype:trojan-activity;sid:84223545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360446)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360446/; classtype:trojan-activity;sid:84223546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360447)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360447/; classtype:trojan-activity;sid:84223547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360448)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360448/; classtype:trojan-activity;sid:84223548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360449)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360449/; classtype:trojan-activity;sid:84223549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360450)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360450/; classtype:trojan-activity;sid:84223550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360451)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360451/; classtype:trojan-activity;sid:84223551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360437)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360437/; classtype:trojan-activity;sid:84223537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360438)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360438/; classtype:trojan-activity;sid:84223538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360439)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360439/; classtype:trojan-activity;sid:84223539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360440)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360440/; classtype:trojan-activity;sid:84223540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360441)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360441/; classtype:trojan-activity;sid:84223541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360442)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360442/; classtype:trojan-activity;sid:84223542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360443)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360443/; classtype:trojan-activity;sid:84223543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360444)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360444/; classtype:trojan-activity;sid:84223544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360432)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360432/; classtype:trojan-activity;sid:84223532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360433)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360433/; classtype:trojan-activity;sid:84223533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360434)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360434/; classtype:trojan-activity;sid:84223534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360435)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360435/; classtype:trojan-activity;sid:84223535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360436)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360436/; classtype:trojan-activity;sid:84223536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360430)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360430/; classtype:trojan-activity;sid:84223530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360431)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360431/; classtype:trojan-activity;sid:84223531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360427)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360427/; classtype:trojan-activity;sid:84223527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360428)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360428/; classtype:trojan-activity;sid:84223528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360429)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360429/; classtype:trojan-activity;sid:84223529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360425)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360425/; classtype:trojan-activity;sid:84223525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360426)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360426/; classtype:trojan-activity;sid:84223526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360423)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360423/; classtype:trojan-activity;sid:84223523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360424)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360424/; classtype:trojan-activity;sid:84223524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360422)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360422/; classtype:trojan-activity;sid:84223522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360416)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360416/; classtype:trojan-activity;sid:84223516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360417)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360417/; classtype:trojan-activity;sid:84223517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360418)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360418/; classtype:trojan-activity;sid:84223518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360419)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360419/; classtype:trojan-activity;sid:84223519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360420)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360420/; classtype:trojan-activity;sid:84223520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360421)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360421/; classtype:trojan-activity;sid:84223521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360406)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360406/; classtype:trojan-activity;sid:84223506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360407)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360407/; classtype:trojan-activity;sid:84223507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360408)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360408/; classtype:trojan-activity;sid:84223508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360409)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360409/; classtype:trojan-activity;sid:84223509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360410)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360410/; classtype:trojan-activity;sid:84223510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360411)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360411/; classtype:trojan-activity;sid:84223511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360412)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360412/; classtype:trojan-activity;sid:84223512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360413)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360413/; classtype:trojan-activity;sid:84223513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360414)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360414/; classtype:trojan-activity;sid:84223514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360415)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360415/; classtype:trojan-activity;sid:84223515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360399)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360399/; classtype:trojan-activity;sid:84223499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360400)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360400/; classtype:trojan-activity;sid:84223500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360401)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360401/; classtype:trojan-activity;sid:84223501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360402)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360402/; classtype:trojan-activity;sid:84223502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360403)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360403/; classtype:trojan-activity;sid:84223503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360404)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360404/; classtype:trojan-activity;sid:84223504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360405)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360405/; classtype:trojan-activity;sid:84223505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360395)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360395/; classtype:trojan-activity;sid:84223495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360396)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360396/; classtype:trojan-activity;sid:84223496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360397)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360397/; classtype:trojan-activity;sid:84223497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360398)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360398/; classtype:trojan-activity;sid:84223498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360392)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360392/; classtype:trojan-activity;sid:84223492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360393)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360393/; classtype:trojan-activity;sid:84223493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360394)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360394/; classtype:trojan-activity;sid:84223494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360391)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360391/; classtype:trojan-activity;sid:84223491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360387)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360387/; classtype:trojan-activity;sid:84223487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360388)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360388/; classtype:trojan-activity;sid:84223488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360389)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360389/; classtype:trojan-activity;sid:84223489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360390)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360390/; classtype:trojan-activity;sid:84223490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360384)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360384/; classtype:trojan-activity;sid:84223484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360385)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360385/; classtype:trojan-activity;sid:84223485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360386)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360386/; classtype:trojan-activity;sid:84223486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360383)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360383/; classtype:trojan-activity;sid:84223483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360381)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360381/; classtype:trojan-activity;sid:84223481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360382)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360382/; classtype:trojan-activity;sid:84223482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360371)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360371/; classtype:trojan-activity;sid:84223471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360372)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360372/; classtype:trojan-activity;sid:84223472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360373)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360373/; classtype:trojan-activity;sid:84223473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360374)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360374/; classtype:trojan-activity;sid:84223474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360375)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360375/; classtype:trojan-activity;sid:84223475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360376)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360376/; classtype:trojan-activity;sid:84223476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360377)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360377/; classtype:trojan-activity;sid:84223477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360378)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360378/; classtype:trojan-activity;sid:84223478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360379)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360379/; classtype:trojan-activity;sid:84223479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360380)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360380/; classtype:trojan-activity;sid:84223480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360359)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360359/; classtype:trojan-activity;sid:84223459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360360)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360360/; classtype:trojan-activity;sid:84223460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360361)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360361/; classtype:trojan-activity;sid:84223461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360362)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360362/; classtype:trojan-activity;sid:84223462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360363)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360363/; classtype:trojan-activity;sid:84223463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360364)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360364/; classtype:trojan-activity;sid:84223464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360365)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360365/; classtype:trojan-activity;sid:84223465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360366)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360366/; classtype:trojan-activity;sid:84223466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360367)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360367/; classtype:trojan-activity;sid:84223467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360368)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360368/; classtype:trojan-activity;sid:84223468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360369)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360369/; classtype:trojan-activity;sid:84223469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360370)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360370/; classtype:trojan-activity;sid:84223470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360356)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360356/; classtype:trojan-activity;sid:84223456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360357)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360357/; classtype:trojan-activity;sid:84223457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360358)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360358/; classtype:trojan-activity;sid:84223458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360352)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360352/; classtype:trojan-activity;sid:84223452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360353)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360353/; classtype:trojan-activity;sid:84223453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360354)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360354/; classtype:trojan-activity;sid:84223454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360355)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360355/; classtype:trojan-activity;sid:84223455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360349)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360349/; classtype:trojan-activity;sid:84223449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360350)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360350/; classtype:trojan-activity;sid:84223450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360351)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360351/; classtype:trojan-activity;sid:84223451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360348)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360348/; classtype:trojan-activity;sid:84223448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360344)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360344/; classtype:trojan-activity;sid:84223444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360345)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360345/; classtype:trojan-activity;sid:84223445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360346)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360346/; classtype:trojan-activity;sid:84223446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360347)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360347/; classtype:trojan-activity;sid:84223447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360343)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360343/; classtype:trojan-activity;sid:84223443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360335)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360335/; classtype:trojan-activity;sid:84223435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360336)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360336/; classtype:trojan-activity;sid:84223436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360337)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360337/; classtype:trojan-activity;sid:84223437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360338)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360338/; classtype:trojan-activity;sid:84223438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360339)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360339/; classtype:trojan-activity;sid:84223439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360340)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360340/; classtype:trojan-activity;sid:84223440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360341)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360341/; classtype:trojan-activity;sid:84223441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360342)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360342/; classtype:trojan-activity;sid:84223442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360323)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360323/; classtype:trojan-activity;sid:84223423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360324)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360324/; classtype:trojan-activity;sid:84223424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360325)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360325/; classtype:trojan-activity;sid:84223425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360326)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360326/; classtype:trojan-activity;sid:84223426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360327)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360327/; classtype:trojan-activity;sid:84223427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360328)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360328/; classtype:trojan-activity;sid:84223428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360329)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360329/; classtype:trojan-activity;sid:84223429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360330)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360330/; classtype:trojan-activity;sid:84223430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360331)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360331/; classtype:trojan-activity;sid:84223431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360332)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360332/; classtype:trojan-activity;sid:84223432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360333)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360333/; classtype:trojan-activity;sid:84223433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360334)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360334/; classtype:trojan-activity;sid:84223434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360317)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360317/; classtype:trojan-activity;sid:84223417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360318)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360318/; classtype:trojan-activity;sid:84223418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360319)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360319/; classtype:trojan-activity;sid:84223419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360320)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360320/; classtype:trojan-activity;sid:84223420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360321)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360321/; classtype:trojan-activity;sid:84223421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360322)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360322/; classtype:trojan-activity;sid:84223422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360316)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360316/; classtype:trojan-activity;sid:84223416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360312)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360312/; classtype:trojan-activity;sid:84223412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360313)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360313/; classtype:trojan-activity;sid:84223413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360314)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360314/; classtype:trojan-activity;sid:84223414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360315)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360315/; classtype:trojan-activity;sid:84223415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360310)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360310/; classtype:trojan-activity;sid:84223410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360311)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360311/; classtype:trojan-activity;sid:84223411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360306)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360306/; classtype:trojan-activity;sid:84223406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360307)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360307/; classtype:trojan-activity;sid:84223407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360308)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360308/; classtype:trojan-activity;sid:84223408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360309)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360309/; classtype:trojan-activity;sid:84223409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360303)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360303/; classtype:trojan-activity;sid:84223403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360304)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360304/; classtype:trojan-activity;sid:84223404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360305)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360305/; classtype:trojan-activity;sid:84223405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360298)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360298/; classtype:trojan-activity;sid:84223398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360299)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360299/; classtype:trojan-activity;sid:84223399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360300)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360300/; classtype:trojan-activity;sid:84223400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360301)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360301/; classtype:trojan-activity;sid:84223401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360302)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360302/; classtype:trojan-activity;sid:84223402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360291)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360291/; classtype:trojan-activity;sid:84223391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360292)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360292/; classtype:trojan-activity;sid:84223392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360293)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360293/; classtype:trojan-activity;sid:84223393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360294)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360294/; classtype:trojan-activity;sid:84223394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360295)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360295/; classtype:trojan-activity;sid:84223395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360296)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360296/; classtype:trojan-activity;sid:84223396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360297)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360297/; classtype:trojan-activity;sid:84223397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360286)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360286/; classtype:trojan-activity;sid:84223386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360287)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360287/; classtype:trojan-activity;sid:84223387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360288)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360288/; classtype:trojan-activity;sid:84223388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360289)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360289/; classtype:trojan-activity;sid:84223389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360290)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360290/; classtype:trojan-activity;sid:84223390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360281)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360281/; classtype:trojan-activity;sid:84223381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360282)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360282/; classtype:trojan-activity;sid:84223382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360283)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360283/; classtype:trojan-activity;sid:84223383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360284)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360284/; classtype:trojan-activity;sid:84223384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360285)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360285/; classtype:trojan-activity;sid:84223385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360275)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360275/; classtype:trojan-activity;sid:84223375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360276)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360276/; classtype:trojan-activity;sid:84223376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360277)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360277/; classtype:trojan-activity;sid:84223377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360278)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360278/; classtype:trojan-activity;sid:84223378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360279)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360279/; classtype:trojan-activity;sid:84223379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360280)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360280/; classtype:trojan-activity;sid:84223380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360271)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360271/; classtype:trojan-activity;sid:84223371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360272)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360272/; classtype:trojan-activity;sid:84223372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360273)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360273/; classtype:trojan-activity;sid:84223373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360274)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360274/; classtype:trojan-activity;sid:84223374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360268)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360268/; classtype:trojan-activity;sid:84223368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360269)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360269/; classtype:trojan-activity;sid:84223369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360270)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360270/; classtype:trojan-activity;sid:84223370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360267)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360267/; classtype:trojan-activity;sid:84223367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360266)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360266/; classtype:trojan-activity;sid:84223366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360264)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360264/; classtype:trojan-activity;sid:84223364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360265)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360265/; classtype:trojan-activity;sid:84223365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360256)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360256/; classtype:trojan-activity;sid:84223356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360257)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360257/; classtype:trojan-activity;sid:84223357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360258)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360258/; classtype:trojan-activity;sid:84223358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360259)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360259/; classtype:trojan-activity;sid:84223359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360260)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360260/; classtype:trojan-activity;sid:84223360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360261)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360261/; classtype:trojan-activity;sid:84223361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360262)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360262/; classtype:trojan-activity;sid:84223362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360263)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360263/; classtype:trojan-activity;sid:84223363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360249)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360249/; classtype:trojan-activity;sid:84223349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360250)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360250/; classtype:trojan-activity;sid:84223350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360251)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360251/; classtype:trojan-activity;sid:84223351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360252)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360252/; classtype:trojan-activity;sid:84223352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360253)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360253/; classtype:trojan-activity;sid:84223353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360254)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360254/; classtype:trojan-activity;sid:84223354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360255)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360255/; classtype:trojan-activity;sid:84223355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360239)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360239/; classtype:trojan-activity;sid:84223339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360240)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360240/; classtype:trojan-activity;sid:84223340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360241)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360241/; classtype:trojan-activity;sid:84223341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360242)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360242/; classtype:trojan-activity;sid:84223342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360243)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360243/; classtype:trojan-activity;sid:84223343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360244)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360244/; classtype:trojan-activity;sid:84223344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360245)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360245/; classtype:trojan-activity;sid:84223345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360246)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360246/; classtype:trojan-activity;sid:84223346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360247)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360247/; classtype:trojan-activity;sid:84223347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360248)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360248/; classtype:trojan-activity;sid:84223348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360233)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360233/; classtype:trojan-activity;sid:84223333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360234)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360234/; classtype:trojan-activity;sid:84223334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360235)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360235/; classtype:trojan-activity;sid:84223335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360236)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360236/; classtype:trojan-activity;sid:84223336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360237)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360237/; classtype:trojan-activity;sid:84223337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360238)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360238/; classtype:trojan-activity;sid:84223338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360232)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360232/; classtype:trojan-activity;sid:84223332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360230)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360230/; classtype:trojan-activity;sid:84223330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360231)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360231/; classtype:trojan-activity;sid:84223331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360228)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360228/; classtype:trojan-activity;sid:84223328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360229)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360229/; classtype:trojan-activity;sid:84223329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360223)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360223/; classtype:trojan-activity;sid:84223323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360224)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360224/; classtype:trojan-activity;sid:84223324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360225)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360225/; classtype:trojan-activity;sid:84223325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360226)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360226/; classtype:trojan-activity;sid:84223326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360227)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360227/; classtype:trojan-activity;sid:84223327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360218)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360218/; classtype:trojan-activity;sid:84223318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360219)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360219/; classtype:trojan-activity;sid:84223319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360220)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360220/; classtype:trojan-activity;sid:84223320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360221)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360221/; classtype:trojan-activity;sid:84223321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360222)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360222/; classtype:trojan-activity;sid:84223322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360211)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360211/; classtype:trojan-activity;sid:84223311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360212)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360212/; classtype:trojan-activity;sid:84223312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360213)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360213/; classtype:trojan-activity;sid:84223313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360214)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360214/; classtype:trojan-activity;sid:84223314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360215)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360215/; classtype:trojan-activity;sid:84223315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360216)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360216/; classtype:trojan-activity;sid:84223316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360217)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360217/; classtype:trojan-activity;sid:84223317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360205)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360205/; classtype:trojan-activity;sid:84223305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360206)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360206/; classtype:trojan-activity;sid:84223306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360207)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360207/; classtype:trojan-activity;sid:84223307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360208)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360208/; classtype:trojan-activity;sid:84223308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360209)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360209/; classtype:trojan-activity;sid:84223309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360210)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360210/; classtype:trojan-activity;sid:84223310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360200)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360200/; classtype:trojan-activity;sid:84223300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360201)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360201/; classtype:trojan-activity;sid:84223301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360202)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360202/; classtype:trojan-activity;sid:84223302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360203)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360203/; classtype:trojan-activity;sid:84223303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360204)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360204/; classtype:trojan-activity;sid:84223304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360195)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360195/; classtype:trojan-activity;sid:84223295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360196)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360196/; classtype:trojan-activity;sid:84223296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360197)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360197/; classtype:trojan-activity;sid:84223297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360198)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360198/; classtype:trojan-activity;sid:84223298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360199)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360199/; classtype:trojan-activity;sid:84223299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360191)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360191/; classtype:trojan-activity;sid:84223291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360192)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360192/; classtype:trojan-activity;sid:84223292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360193)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360193/; classtype:trojan-activity;sid:84223293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360194)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360194/; classtype:trojan-activity;sid:84223294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360189)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360189/; classtype:trojan-activity;sid:84223289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360190)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360190/; classtype:trojan-activity;sid:84223290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360188)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360188/; classtype:trojan-activity;sid:84223288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360184)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360184/; classtype:trojan-activity;sid:84223284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360185)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360185/; classtype:trojan-activity;sid:84223285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360186)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360186/; classtype:trojan-activity;sid:84223286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360187)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360187/; classtype:trojan-activity;sid:84223287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360180)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360180/; classtype:trojan-activity;sid:84223280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360181)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360181/; classtype:trojan-activity;sid:84223281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360182)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360182/; classtype:trojan-activity;sid:84223282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360183)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360183/; classtype:trojan-activity;sid:84223283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360176)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360176/; classtype:trojan-activity;sid:84223276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360177)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360177/; classtype:trojan-activity;sid:84223277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360178)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360178/; classtype:trojan-activity;sid:84223278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360179)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360179/; classtype:trojan-activity;sid:84223279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360169)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360169/; classtype:trojan-activity;sid:84223269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360170)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360170/; classtype:trojan-activity;sid:84223270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360171)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360171/; classtype:trojan-activity;sid:84223271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360172)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360172/; classtype:trojan-activity;sid:84223272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360173)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360173/; classtype:trojan-activity;sid:84223273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360174)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360174/; classtype:trojan-activity;sid:84223274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360175)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360175/; classtype:trojan-activity;sid:84223275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360162)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360162/; classtype:trojan-activity;sid:84223262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360163)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360163/; classtype:trojan-activity;sid:84223263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360164)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360164/; classtype:trojan-activity;sid:84223264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360165)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360165/; classtype:trojan-activity;sid:84223265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360166)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360166/; classtype:trojan-activity;sid:84223266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360167)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360167/; classtype:trojan-activity;sid:84223267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360168)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360168/; classtype:trojan-activity;sid:84223268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360154)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360154/; classtype:trojan-activity;sid:84223254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360155)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360155/; classtype:trojan-activity;sid:84223255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360156)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360156/; classtype:trojan-activity;sid:84223256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360157)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360157/; classtype:trojan-activity;sid:84223257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360158)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360158/; classtype:trojan-activity;sid:84223258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360159)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360159/; classtype:trojan-activity;sid:84223259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360160)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360160/; classtype:trojan-activity;sid:84223260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360161)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360161/; classtype:trojan-activity;sid:84223261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360153)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360153/; classtype:trojan-activity;sid:84223253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360151)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360151/; classtype:trojan-activity;sid:84223251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360152)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360152/; classtype:trojan-activity;sid:84223252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360148)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360148/; classtype:trojan-activity;sid:84223248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360149)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360149/; classtype:trojan-activity;sid:84223249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360150)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360150/; classtype:trojan-activity;sid:84223250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360141)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360141/; classtype:trojan-activity;sid:84223241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360142)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360142/; classtype:trojan-activity;sid:84223242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360143)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360143/; classtype:trojan-activity;sid:84223243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360144)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360144/; classtype:trojan-activity;sid:84223244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360145)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360145/; classtype:trojan-activity;sid:84223245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360146)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360146/; classtype:trojan-activity;sid:84223246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360147)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360147/; classtype:trojan-activity;sid:84223247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360134)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360134/; classtype:trojan-activity;sid:84223234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360135)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360135/; classtype:trojan-activity;sid:84223235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360136)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360136/; classtype:trojan-activity;sid:84223236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360137)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360137/; classtype:trojan-activity;sid:84223237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360138)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360138/; classtype:trojan-activity;sid:84223238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360139)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360139/; classtype:trojan-activity;sid:84223239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360140)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360140/; classtype:trojan-activity;sid:84223240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360130)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360130/; classtype:trojan-activity;sid:84223230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360131)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360131/; classtype:trojan-activity;sid:84223231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360132)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360132/; classtype:trojan-activity;sid:84223232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360133)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360133/; classtype:trojan-activity;sid:84223233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360115)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360115/; classtype:trojan-activity;sid:84223215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360116)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360116/; classtype:trojan-activity;sid:84223216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360117)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360117/; classtype:trojan-activity;sid:84223217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360118)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360118/; classtype:trojan-activity;sid:84223218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360119)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360119/; classtype:trojan-activity;sid:84223219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360120)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360120/; classtype:trojan-activity;sid:84223220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360121)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360121/; classtype:trojan-activity;sid:84223221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360122)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360122/; classtype:trojan-activity;sid:84223222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360123)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360123/; classtype:trojan-activity;sid:84223223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360124)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"microprocessordesignbook.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360124/; classtype:trojan-activity;sid:84223224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360125)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360125/; classtype:trojan-activity;sid:84223225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360126)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360126/; classtype:trojan-activity;sid:84223226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360127)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360127/; classtype:trojan-activity;sid:84223227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360128)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360128/; classtype:trojan-activity;sid:84223228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360129)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360129/; classtype:trojan-activity;sid:84223229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360114)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360114/; classtype:trojan-activity;sid:84223214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360112)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360112/; classtype:trojan-activity;sid:84223212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360113)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360113/; classtype:trojan-activity;sid:84223213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360111)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360111/; classtype:trojan-activity;sid:84223211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360105)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360105/; classtype:trojan-activity;sid:84223205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360106)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360106/; classtype:trojan-activity;sid:84223206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360107)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360107/; classtype:trojan-activity;sid:84223207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360108)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360108/; classtype:trojan-activity;sid:84223208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360109)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360109/; classtype:trojan-activity;sid:84223209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360110)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360110/; classtype:trojan-activity;sid:84223210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360096)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360096/; classtype:trojan-activity;sid:84223196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360097)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360097/; classtype:trojan-activity;sid:84223197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360098)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360098/; classtype:trojan-activity;sid:84223198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360099)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360099/; classtype:trojan-activity;sid:84223199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360100)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"towerofbabble.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360100/; classtype:trojan-activity;sid:84223200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360101)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360101/; classtype:trojan-activity;sid:84223201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360102)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360102/; classtype:trojan-activity;sid:84223202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360103)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360103/; classtype:trojan-activity;sid:84223203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360104)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360104/; classtype:trojan-activity;sid:84223204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360084)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360084/; classtype:trojan-activity;sid:84223184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360085)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360085/; classtype:trojan-activity;sid:84223185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360086)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360086/; classtype:trojan-activity;sid:84223186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360087)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360087/; classtype:trojan-activity;sid:84223187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360088)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360088/; classtype:trojan-activity;sid:84223188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360089)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360089/; classtype:trojan-activity;sid:84223189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360090)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360090/; classtype:trojan-activity;sid:84223190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360091)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360091/; classtype:trojan-activity;sid:84223191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360092)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prati-moju-narudbu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360092/; classtype:trojan-activity;sid:84223192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360093)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360093/; classtype:trojan-activity;sid:84223193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360094)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360094/; classtype:trojan-activity;sid:84223194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360095)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360095/; classtype:trojan-activity;sid:84223195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360074)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360074/; classtype:trojan-activity;sid:84223174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360075)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360075/; classtype:trojan-activity;sid:84223175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360076)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-suivie.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360076/; classtype:trojan-activity;sid:84223176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360077)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360077/; classtype:trojan-activity;sid:84223177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360078)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360078/; classtype:trojan-activity;sid:84223178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360079)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360079/; classtype:trojan-activity;sid:84223179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360080)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360080/; classtype:trojan-activity;sid:84223180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360081)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360081/; classtype:trojan-activity;sid:84223181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360082)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360082/; classtype:trojan-activity;sid:84223182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360083)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360083/; classtype:trojan-activity;sid:84223183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360073)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360073/; classtype:trojan-activity;sid:84223173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360065)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360065/; classtype:trojan-activity;sid:84223165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360066)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360066/; classtype:trojan-activity;sid:84223166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360067)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360067/; classtype:trojan-activity;sid:84223167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360068)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360068/; classtype:trojan-activity;sid:84223168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360069)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360069/; classtype:trojan-activity;sid:84223169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360070)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360070/; classtype:trojan-activity;sid:84223170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360071)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360071/; classtype:trojan-activity;sid:84223171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360072)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360072/; classtype:trojan-activity;sid:84223172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360048)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360048/; classtype:trojan-activity;sid:84223148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360049)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aaahealthcareservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360049/; classtype:trojan-activity;sid:84223149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360050)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360050/; classtype:trojan-activity;sid:84223150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360051)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360051/; classtype:trojan-activity;sid:84223151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360052)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360052/; classtype:trojan-activity;sid:84223152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360053)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360053/; classtype:trojan-activity;sid:84223153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360054)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360054/; classtype:trojan-activity;sid:84223154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360055)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360055/; classtype:trojan-activity;sid:84223155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360056)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360056/; classtype:trojan-activity;sid:84223156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360057)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360057/; classtype:trojan-activity;sid:84223157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360058)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360058/; classtype:trojan-activity;sid:84223158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360059)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360059/; classtype:trojan-activity;sid:84223159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360060)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360060/; classtype:trojan-activity;sid:84223160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360061)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360061/; classtype:trojan-activity;sid:84223161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360062)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360062/; classtype:trojan-activity;sid:84223162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360063)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360063/; classtype:trojan-activity;sid:84223163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360064)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360064/; classtype:trojan-activity;sid:84223164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360037)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360037/; classtype:trojan-activity;sid:84223137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360038)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360038/; classtype:trojan-activity;sid:84223138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360039)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360039/; classtype:trojan-activity;sid:84223139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360040)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360040/; classtype:trojan-activity;sid:84223140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360041)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360041/; classtype:trojan-activity;sid:84223141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360042)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informations-colissimo.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360042/; classtype:trojan-activity;sid:84223142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360043)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360043/; classtype:trojan-activity;sid:84223143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360044)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360044/; classtype:trojan-activity;sid:84223144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360045)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360045/; classtype:trojan-activity;sid:84223145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360046)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360046/; classtype:trojan-activity;sid:84223146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360047)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360047/; classtype:trojan-activity;sid:84223147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360034)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360034/; classtype:trojan-activity;sid:84223134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360035)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360035/; classtype:trojan-activity;sid:84223135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360036)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360036/; classtype:trojan-activity;sid:84223136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360032)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360032/; classtype:trojan-activity;sid:84223132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360033)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360033/; classtype:trojan-activity;sid:84223133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360031)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360031/; classtype:trojan-activity;sid:84223131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360016)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360016/; classtype:trojan-activity;sid:84223116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360017)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360017/; classtype:trojan-activity;sid:84223117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360018)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360018/; classtype:trojan-activity;sid:84223118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360019)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360019/; classtype:trojan-activity;sid:84223119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360020)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360020/; classtype:trojan-activity;sid:84223120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360021)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360021/; classtype:trojan-activity;sid:84223121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360022)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360022/; classtype:trojan-activity;sid:84223122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360023)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360023/; classtype:trojan-activity;sid:84223123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360024)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ulomstore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360024/; classtype:trojan-activity;sid:84223124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360025)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360025/; classtype:trojan-activity;sid:84223125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360026)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360026/; classtype:trojan-activity;sid:84223126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360027)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360027/; classtype:trojan-activity;sid:84223127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360028)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360028/; classtype:trojan-activity;sid:84223128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360029)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360029/; classtype:trojan-activity;sid:84223129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360030)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360030/; classtype:trojan-activity;sid:84223130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360004)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360004/; classtype:trojan-activity;sid:84223104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360005)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-colis-logistique.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360005/; classtype:trojan-activity;sid:84223105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360006)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360006/; classtype:trojan-activity;sid:84223106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360007)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360007/; classtype:trojan-activity;sid:84223107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360008)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360008/; classtype:trojan-activity;sid:84223108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360009)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360009/; classtype:trojan-activity;sid:84223109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360010)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360010/; classtype:trojan-activity;sid:84223110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360011)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360011/; classtype:trojan-activity;sid:84223111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360012)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360012/; classtype:trojan-activity;sid:84223112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360013)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360013/; classtype:trojan-activity;sid:84223113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360014)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360014/; classtype:trojan-activity;sid:84223114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360015)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360015/; classtype:trojan-activity;sid:84223115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360001)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360001/; classtype:trojan-activity;sid:84223101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360002)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360002/; classtype:trojan-activity;sid:84223102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360003)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360003/; classtype:trojan-activity;sid:84223103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359994)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359994/; classtype:trojan-activity;sid:84223094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359995)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359995/; classtype:trojan-activity;sid:84223095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359996)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359996/; classtype:trojan-activity;sid:84223096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359997)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359997/; classtype:trojan-activity;sid:84223097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359998)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359998/; classtype:trojan-activity;sid:84223098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359999)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359999/; classtype:trojan-activity;sid:84223099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3360000)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3360000/; classtype:trojan-activity;sid:84223100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359987)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359987/; classtype:trojan-activity;sid:84223087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359988)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359988/; classtype:trojan-activity;sid:84223088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359989)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359989/; classtype:trojan-activity;sid:84223089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359990)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359990/; classtype:trojan-activity;sid:84223090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359991)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pack153queens.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359991/; classtype:trojan-activity;sid:84223091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359992)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359992/; classtype:trojan-activity;sid:84223092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359993)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359993/; classtype:trojan-activity;sid:84223093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359962)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359962/; classtype:trojan-activity;sid:84223062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359963)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359963/; classtype:trojan-activity;sid:84223063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359964)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359964/; classtype:trojan-activity;sid:84223064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359965)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359965/; classtype:trojan-activity;sid:84223065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359966)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359966/; classtype:trojan-activity;sid:84223066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359967)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359967/; classtype:trojan-activity;sid:84223067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359968)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359968/; classtype:trojan-activity;sid:84223068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359969)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359969/; classtype:trojan-activity;sid:84223069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359970)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359970/; classtype:trojan-activity;sid:84223070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359971)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359971/; classtype:trojan-activity;sid:84223071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359972)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"keysertools.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359972/; classtype:trojan-activity;sid:84223072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359973)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359973/; classtype:trojan-activity;sid:84223073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359974)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ssquar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359974/; classtype:trojan-activity;sid:84223074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359975)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359975/; classtype:trojan-activity;sid:84223075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359976)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359976/; classtype:trojan-activity;sid:84223076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359977)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359977/; classtype:trojan-activity;sid:84223077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359978)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359978/; classtype:trojan-activity;sid:84223078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359979)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bethelkwabenya.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359979/; classtype:trojan-activity;sid:84223079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359980)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rebateit.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359980/; classtype:trojan-activity;sid:84223080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359981)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359981/; classtype:trojan-activity;sid:84223081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359982)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359982/; classtype:trojan-activity;sid:84223082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359983)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359983/; classtype:trojan-activity;sid:84223083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359984)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359984/; classtype:trojan-activity;sid:84223084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359985)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pacificmont.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359985/; classtype:trojan-activity;sid:84223085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359986)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359986/; classtype:trojan-activity;sid:84223086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359954)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"logistics-transit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359954/; classtype:trojan-activity;sid:84223054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359955)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359955/; classtype:trojan-activity;sid:84223055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359956)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359956/; classtype:trojan-activity;sid:84223056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359957)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359957/; classtype:trojan-activity;sid:84223057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359958)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359958/; classtype:trojan-activity;sid:84223058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359959)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359959/; classtype:trojan-activity;sid:84223059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359960)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivichronopostacheminement.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359960/; classtype:trojan-activity;sid:84223060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359961)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359961/; classtype:trojan-activity;sid:84223061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359948)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359948/; classtype:trojan-activity;sid:84223048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359949)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"knightsinshiningarmor.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359949/; classtype:trojan-activity;sid:84223049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359950)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359950/; classtype:trojan-activity;sid:84223050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359951)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359951/; classtype:trojan-activity;sid:84223051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359952)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"troop153queens.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359952/; classtype:trojan-activity;sid:84223052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359953)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359953/; classtype:trojan-activity;sid:84223053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359923)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359923/; classtype:trojan-activity;sid:84223023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359924)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359924/; classtype:trojan-activity;sid:84223024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359925)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359925/; classtype:trojan-activity;sid:84223025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359926)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359926/; classtype:trojan-activity;sid:84223026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359927)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mjsqurej.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359927/; classtype:trojan-activity;sid:84223027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359928)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359928/; classtype:trojan-activity;sid:84223028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359929)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359929/; classtype:trojan-activity;sid:84223029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359930)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dledlank.bmcort.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359930/; classtype:trojan-activity;sid:84223030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359931)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359931/; classtype:trojan-activity;sid:84223031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359932)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ocaadiocese.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359932/; classtype:trojan-activity;sid:84223032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359933)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359933/; classtype:trojan-activity;sid:84223033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359934)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359934/; classtype:trojan-activity;sid:84223034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359935)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359935/; classtype:trojan-activity;sid:84223035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359936)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359936/; classtype:trojan-activity;sid:84223036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359937)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359937/; classtype:trojan-activity;sid:84223037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359938)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359938/; classtype:trojan-activity;sid:84223038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359939)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mettre-a-jour-ma-carte-vitale.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359939/; classtype:trojan-activity;sid:84223039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359940)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivicommande.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359940/; classtype:trojan-activity;sid:84223040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359941)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359941/; classtype:trojan-activity;sid:84223041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359942)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359942/; classtype:trojan-activity;sid:84223042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359943)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359943/; classtype:trojan-activity;sid:84223043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359944)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359944/; classtype:trojan-activity;sid:84223044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359945)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359945/; classtype:trojan-activity;sid:84223045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359946)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"amende-renouvellement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359946/; classtype:trojan-activity;sid:84223046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359947)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359947/; classtype:trojan-activity;sid:84223047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359914)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359914/; classtype:trojan-activity;sid:84223014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359915)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359915/; classtype:trojan-activity;sid:84223015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359916)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359916/; classtype:trojan-activity;sid:84223016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359917)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359917/; classtype:trojan-activity;sid:84223017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359918)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lafilledemavie.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359918/; classtype:trojan-activity;sid:84223018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359919)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359919/; classtype:trojan-activity;sid:84223019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359920)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jaamdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359920/; classtype:trojan-activity;sid:84223020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359921)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-dossier-renouvellement.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359921/; classtype:trojan-activity;sid:84223021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359922)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359922/; classtype:trojan-activity;sid:84223022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359902)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359902/; classtype:trojan-activity;sid:84223002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359903)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivi-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359903/; classtype:trojan-activity;sid:84223003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359904)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359904/; classtype:trojan-activity;sid:84223004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359905)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"marcanogarcia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359905/; classtype:trojan-activity;sid:84223005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359906)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mypackagingups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359906/; classtype:trojan-activity;sid:84223006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359907)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mystartherehosting.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359907/; classtype:trojan-activity;sid:84223007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359908)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359908/; classtype:trojan-activity;sid:84223008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359909)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-abonnement.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359909/; classtype:trojan-activity;sid:84223009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359910)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359910/; classtype:trojan-activity;sid:84223010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359911)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359911/; classtype:trojan-activity;sid:84223011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359912)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359912/; classtype:trojan-activity;sid:84223012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359913)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359913/; classtype:trojan-activity;sid:84223013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359875)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359875/; classtype:trojan-activity;sid:84222975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359876)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359876/; classtype:trojan-activity;sid:84222976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359877)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"meinklassiker.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359877/; classtype:trojan-activity;sid:84222977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359878)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tygattisoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359878/; classtype:trojan-activity;sid:84222978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359879)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359879/; classtype:trojan-activity;sid:84222979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359880)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fizeteselutasitva.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359880/; classtype:trojan-activity;sid:84222980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359881)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xn--vitale-espace--niveau-0zb.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359881/; classtype:trojan-activity;sid:84222981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359882)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sinupakk.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359882/; classtype:trojan-activity;sid:84222982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359883)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"meinelieferungverfolgen.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359883/; classtype:trojan-activity;sid:84222983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359884)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roofmanagementlnc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359884/; classtype:trojan-activity;sid:84222984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359885)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nyiragongovolcano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359885/; classtype:trojan-activity;sid:84222985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359886)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myhermes-versand.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359886/; classtype:trojan-activity;sid:84222986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359887)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"authentification-compte.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359887/; classtype:trojan-activity;sid:84222987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359888)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lnterrac-ca.rebateit.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359888/; classtype:trojan-activity;sid:84222988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359889)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"informationversand.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359889/; classtype:trojan-activity;sid:84222989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359890)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.support-info-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359890/; classtype:trojan-activity;sid:84222990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359891)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359891/; classtype:trojan-activity;sid:84222991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359892)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359892/; classtype:trojan-activity;sid:84222992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359893)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bmcort.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359893/; classtype:trojan-activity;sid:84222993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359894)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dossier-reglements.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359894/; classtype:trojan-activity;sid:84222994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359895)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-monsuivi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359895/; classtype:trojan-activity;sid:84222995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359896)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359896/; classtype:trojan-activity;sid:84222996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359897)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"thedannymorganband.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359897/; classtype:trojan-activity;sid:84222997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359898)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amrhub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359898/; classtype:trojan-activity;sid:84222998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359899)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"premiumpsychedelics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359899/; classtype:trojan-activity;sid:84222999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359900)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mhmsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359900/; classtype:trojan-activity;sid:84223000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359901)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syntheticincenseonline.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359901/; classtype:trojan-activity;sid:84223001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359874)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xn--mise--jours-vitale-espace-sms-pmc.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359874/; classtype:trojan-activity;sid:84222974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359867)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359867/; classtype:trojan-activity;sid:84222967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359868)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359868/; classtype:trojan-activity;sid:84222968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359869)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359869/; classtype:trojan-activity;sid:84222969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359870)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359870/; classtype:trojan-activity;sid:84222970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359871)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359871/; classtype:trojan-activity;sid:84222971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359872)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359872/; classtype:trojan-activity;sid:84222972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359873)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359873/; classtype:trojan-activity;sid:84222973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359857)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359857/; classtype:trojan-activity;sid:84222957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359858)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359858/; classtype:trojan-activity;sid:84222958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359859)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359859/; classtype:trojan-activity;sid:84222959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359860)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359860/; classtype:trojan-activity;sid:84222960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359861)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359861/; classtype:trojan-activity;sid:84222961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359862)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359862/; classtype:trojan-activity;sid:84222962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359863)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359863/; classtype:trojan-activity;sid:84222963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359864)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359864/; classtype:trojan-activity;sid:84222964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359865)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359865/; classtype:trojan-activity;sid:84222965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359866)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359866/; classtype:trojan-activity;sid:84222966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359848)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359848/; classtype:trojan-activity;sid:84222948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359849)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359849/; classtype:trojan-activity;sid:84222949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359850)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359850/; classtype:trojan-activity;sid:84222950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359851)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359851/; classtype:trojan-activity;sid:84222951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359852)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359852/; classtype:trojan-activity;sid:84222952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359853)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359853/; classtype:trojan-activity;sid:84222953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359854)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359854/; classtype:trojan-activity;sid:84222954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359855)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359855/; classtype:trojan-activity;sid:84222955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359856)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359856/; classtype:trojan-activity;sid:84222956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359835)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359835/; classtype:trojan-activity;sid:84222935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359836)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359836/; classtype:trojan-activity;sid:84222936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359837)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359837/; classtype:trojan-activity;sid:84222937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359838)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359838/; classtype:trojan-activity;sid:84222938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359839)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359839/; classtype:trojan-activity;sid:84222939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359840)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359840/; classtype:trojan-activity;sid:84222940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359841)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359841/; classtype:trojan-activity;sid:84222941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359842)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359842/; classtype:trojan-activity;sid:84222942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359843)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359843/; classtype:trojan-activity;sid:84222943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359844)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359844/; classtype:trojan-activity;sid:84222944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359845)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359845/; classtype:trojan-activity;sid:84222945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359846)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359846/; classtype:trojan-activity;sid:84222946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359847)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359847/; classtype:trojan-activity;sid:84222947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359831)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359831/; classtype:trojan-activity;sid:84222931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359832)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359832/; classtype:trojan-activity;sid:84222932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359833)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359833/; classtype:trojan-activity;sid:84222933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359834)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359834/; classtype:trojan-activity;sid:84222934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359830)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359830/; classtype:trojan-activity;sid:84222930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359829)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359829/; classtype:trojan-activity;sid:84222929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359819)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359819/; classtype:trojan-activity;sid:84222919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359820)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359820/; classtype:trojan-activity;sid:84222920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359821)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359821/; classtype:trojan-activity;sid:84222921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359822)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359822/; classtype:trojan-activity;sid:84222922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359823)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359823/; classtype:trojan-activity;sid:84222923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359824)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359824/; classtype:trojan-activity;sid:84222924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359825)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359825/; classtype:trojan-activity;sid:84222925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359826)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359826/; classtype:trojan-activity;sid:84222926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359827)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359827/; classtype:trojan-activity;sid:84222927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359828)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359828/; classtype:trojan-activity;sid:84222928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359812)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359812/; classtype:trojan-activity;sid:84222912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359813)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359813/; classtype:trojan-activity;sid:84222913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359814)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359814/; classtype:trojan-activity;sid:84222914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359815)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359815/; classtype:trojan-activity;sid:84222915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359816)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359816/; classtype:trojan-activity;sid:84222916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359817)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359817/; classtype:trojan-activity;sid:84222917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359818)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359818/; classtype:trojan-activity;sid:84222918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359801)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359801/; classtype:trojan-activity;sid:84222901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359802)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359802/; classtype:trojan-activity;sid:84222902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359803)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359803/; classtype:trojan-activity;sid:84222903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359804)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359804/; classtype:trojan-activity;sid:84222904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359805)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359805/; classtype:trojan-activity;sid:84222905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359806)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359806/; classtype:trojan-activity;sid:84222906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359807)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359807/; classtype:trojan-activity;sid:84222907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359808)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359808/; classtype:trojan-activity;sid:84222908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359809)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359809/; classtype:trojan-activity;sid:84222909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359810)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359810/; classtype:trojan-activity;sid:84222910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359811)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359811/; classtype:trojan-activity;sid:84222911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359797)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359797/; classtype:trojan-activity;sid:84222897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359798)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359798/; classtype:trojan-activity;sid:84222898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359799)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359799/; classtype:trojan-activity;sid:84222899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359800)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359800/; classtype:trojan-activity;sid:84222900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359796)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359796/; classtype:trojan-activity;sid:84222896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359793)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359793/; classtype:trojan-activity;sid:84222893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359794)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359794/; classtype:trojan-activity;sid:84222894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359795)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359795/; classtype:trojan-activity;sid:84222895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359791)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359791/; classtype:trojan-activity;sid:84222891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359792)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359792/; classtype:trojan-activity;sid:84222892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359788)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359788/; classtype:trojan-activity;sid:84222888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359789)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359789/; classtype:trojan-activity;sid:84222889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359790)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359790/; classtype:trojan-activity;sid:84222890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359786)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359786/; classtype:trojan-activity;sid:84222886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359787)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359787/; classtype:trojan-activity;sid:84222887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359781)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359781/; classtype:trojan-activity;sid:84222881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359782)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359782/; classtype:trojan-activity;sid:84222882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359783)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359783/; classtype:trojan-activity;sid:84222883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359784)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359784/; classtype:trojan-activity;sid:84222884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359785)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359785/; classtype:trojan-activity;sid:84222885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359775)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359775/; classtype:trojan-activity;sid:84222875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359776)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359776/; classtype:trojan-activity;sid:84222876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359777)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359777/; classtype:trojan-activity;sid:84222877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359778)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359778/; classtype:trojan-activity;sid:84222878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359779)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359779/; classtype:trojan-activity;sid:84222879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359780)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359780/; classtype:trojan-activity;sid:84222880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359771)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359771/; classtype:trojan-activity;sid:84222871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359772)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359772/; classtype:trojan-activity;sid:84222872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359773)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359773/; classtype:trojan-activity;sid:84222873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359774)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359774/; classtype:trojan-activity;sid:84222874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359767)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359767/; classtype:trojan-activity;sid:84222867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359768)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359768/; classtype:trojan-activity;sid:84222868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359769)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359769/; classtype:trojan-activity;sid:84222869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359770)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359770/; classtype:trojan-activity;sid:84222870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359757)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359757/; classtype:trojan-activity;sid:84222857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359758)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359758/; classtype:trojan-activity;sid:84222858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359759)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359759/; classtype:trojan-activity;sid:84222859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359760)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359760/; classtype:trojan-activity;sid:84222860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359761)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359761/; classtype:trojan-activity;sid:84222861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359762)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359762/; classtype:trojan-activity;sid:84222862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359763)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359763/; classtype:trojan-activity;sid:84222863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359764)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359764/; classtype:trojan-activity;sid:84222864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359765)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359765/; classtype:trojan-activity;sid:84222865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359766)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359766/; classtype:trojan-activity;sid:84222866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359756)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359756/; classtype:trojan-activity;sid:84222856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359752)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359752/; classtype:trojan-activity;sid:84222852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359753)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359753/; classtype:trojan-activity;sid:84222853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359754)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359754/; classtype:trojan-activity;sid:84222854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359755)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359755/; classtype:trojan-activity;sid:84222855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359751)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359751/; classtype:trojan-activity;sid:84222851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359750)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359750/; classtype:trojan-activity;sid:84222850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359747)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359747/; classtype:trojan-activity;sid:84222847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359748)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359748/; classtype:trojan-activity;sid:84222848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359749)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359749/; classtype:trojan-activity;sid:84222849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359743)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359743/; classtype:trojan-activity;sid:84222843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359744)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359744/; classtype:trojan-activity;sid:84222844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359745)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359745/; classtype:trojan-activity;sid:84222845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359746)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359746/; classtype:trojan-activity;sid:84222846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359740)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359740/; classtype:trojan-activity;sid:84222840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359741)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359741/; classtype:trojan-activity;sid:84222841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359742)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359742/; classtype:trojan-activity;sid:84222842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359734)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359734/; classtype:trojan-activity;sid:84222834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359735)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359735/; classtype:trojan-activity;sid:84222835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359736)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359736/; classtype:trojan-activity;sid:84222836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359737)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359737/; classtype:trojan-activity;sid:84222837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359738)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359738/; classtype:trojan-activity;sid:84222838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359739)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359739/; classtype:trojan-activity;sid:84222839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359727)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359727/; classtype:trojan-activity;sid:84222827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359728)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359728/; classtype:trojan-activity;sid:84222828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359729)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359729/; classtype:trojan-activity;sid:84222829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359730)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359730/; classtype:trojan-activity;sid:84222830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359731)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359731/; classtype:trojan-activity;sid:84222831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359732)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359732/; classtype:trojan-activity;sid:84222832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359733)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359733/; classtype:trojan-activity;sid:84222833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359717)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359717/; classtype:trojan-activity;sid:84222817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359718)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359718/; classtype:trojan-activity;sid:84222818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359719)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359719/; classtype:trojan-activity;sid:84222819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359720)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359720/; classtype:trojan-activity;sid:84222820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359721)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359721/; classtype:trojan-activity;sid:84222821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359722)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359722/; classtype:trojan-activity;sid:84222822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359723)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359723/; classtype:trojan-activity;sid:84222823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359724)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359724/; classtype:trojan-activity;sid:84222824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359725)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359725/; classtype:trojan-activity;sid:84222825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359726)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359726/; classtype:trojan-activity;sid:84222826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359713)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359713/; classtype:trojan-activity;sid:84222813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359714)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359714/; classtype:trojan-activity;sid:84222814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359715)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359715/; classtype:trojan-activity;sid:84222815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359716)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359716/; classtype:trojan-activity;sid:84222816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359712)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359712/; classtype:trojan-activity;sid:84222812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359711)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359711/; classtype:trojan-activity;sid:84222811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359709)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359709/; classtype:trojan-activity;sid:84222809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359710)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359710/; classtype:trojan-activity;sid:84222810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359708)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359708/; classtype:trojan-activity;sid:84222808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359706)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359706/; classtype:trojan-activity;sid:84222806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359707)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359707/; classtype:trojan-activity;sid:84222807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359702)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359702/; classtype:trojan-activity;sid:84222802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359703)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359703/; classtype:trojan-activity;sid:84222803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359704)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359704/; classtype:trojan-activity;sid:84222804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359705)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359705/; classtype:trojan-activity;sid:84222805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359693)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359693/; classtype:trojan-activity;sid:84222793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359694)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359694/; classtype:trojan-activity;sid:84222794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359695)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359695/; classtype:trojan-activity;sid:84222795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359696)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359696/; classtype:trojan-activity;sid:84222796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359697)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359697/; classtype:trojan-activity;sid:84222797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359698)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359698/; classtype:trojan-activity;sid:84222798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359699)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359699/; classtype:trojan-activity;sid:84222799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359700)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359700/; classtype:trojan-activity;sid:84222800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359701)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359701/; classtype:trojan-activity;sid:84222801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359686)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359686/; classtype:trojan-activity;sid:84222786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359687)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359687/; classtype:trojan-activity;sid:84222787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359688)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359688/; classtype:trojan-activity;sid:84222788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359689)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359689/; classtype:trojan-activity;sid:84222789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359690)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359690/; classtype:trojan-activity;sid:84222790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359691)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359691/; classtype:trojan-activity;sid:84222791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359692)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359692/; classtype:trojan-activity;sid:84222792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359675)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359675/; classtype:trojan-activity;sid:84222775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359676)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359676/; classtype:trojan-activity;sid:84222776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359677)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359677/; classtype:trojan-activity;sid:84222777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359678)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359678/; classtype:trojan-activity;sid:84222778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359679)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359679/; classtype:trojan-activity;sid:84222779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359680)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359680/; classtype:trojan-activity;sid:84222780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359681)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359681/; classtype:trojan-activity;sid:84222781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359682)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359682/; classtype:trojan-activity;sid:84222782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359683)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359683/; classtype:trojan-activity;sid:84222783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359684)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359684/; classtype:trojan-activity;sid:84222784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359685)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359685/; classtype:trojan-activity;sid:84222785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359672)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359672/; classtype:trojan-activity;sid:84222772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359673)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359673/; classtype:trojan-activity;sid:84222773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359674)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359674/; classtype:trojan-activity;sid:84222774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359671)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359671/; classtype:trojan-activity;sid:84222771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359669)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359669/; classtype:trojan-activity;sid:84222769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359670)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359670/; classtype:trojan-activity;sid:84222770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359666)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359666/; classtype:trojan-activity;sid:84222766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359667)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359667/; classtype:trojan-activity;sid:84222767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359668)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359668/; classtype:trojan-activity;sid:84222768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359661)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359661/; classtype:trojan-activity;sid:84222761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359662)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359662/; classtype:trojan-activity;sid:84222762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359663)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359663/; classtype:trojan-activity;sid:84222763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359664)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359664/; classtype:trojan-activity;sid:84222764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359665)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359665/; classtype:trojan-activity;sid:84222765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359656)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359656/; classtype:trojan-activity;sid:84222756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359657)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359657/; classtype:trojan-activity;sid:84222757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359658)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359658/; classtype:trojan-activity;sid:84222758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359659)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359659/; classtype:trojan-activity;sid:84222759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359660)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359660/; classtype:trojan-activity;sid:84222760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359649)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359649/; classtype:trojan-activity;sid:84222749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359650)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359650/; classtype:trojan-activity;sid:84222750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359651)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359651/; classtype:trojan-activity;sid:84222751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359652)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359652/; classtype:trojan-activity;sid:84222752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359653)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359653/; classtype:trojan-activity;sid:84222753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359654)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359654/; classtype:trojan-activity;sid:84222754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359655)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359655/; classtype:trojan-activity;sid:84222755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359641)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359641/; classtype:trojan-activity;sid:84222741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359642)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359642/; classtype:trojan-activity;sid:84222742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359643)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359643/; classtype:trojan-activity;sid:84222743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359644)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359644/; classtype:trojan-activity;sid:84222744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359645)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359645/; classtype:trojan-activity;sid:84222745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359646)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359646/; classtype:trojan-activity;sid:84222746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359647)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359647/; classtype:trojan-activity;sid:84222747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359648)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359648/; classtype:trojan-activity;sid:84222748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359635)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359635/; classtype:trojan-activity;sid:84222735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359636)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359636/; classtype:trojan-activity;sid:84222736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359637)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359637/; classtype:trojan-activity;sid:84222737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359638)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359638/; classtype:trojan-activity;sid:84222738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359639)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359639/; classtype:trojan-activity;sid:84222739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359640)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359640/; classtype:trojan-activity;sid:84222740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359634)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359634/; classtype:trojan-activity;sid:84222734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359632)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359632/; classtype:trojan-activity;sid:84222732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359633)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359633/; classtype:trojan-activity;sid:84222733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359631)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359631/; classtype:trojan-activity;sid:84222731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359629)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359629/; classtype:trojan-activity;sid:84222729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359630)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359630/; classtype:trojan-activity;sid:84222730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359624)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359624/; classtype:trojan-activity;sid:84222724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359625)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359625/; classtype:trojan-activity;sid:84222725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359626)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359626/; classtype:trojan-activity;sid:84222726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359627)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359627/; classtype:trojan-activity;sid:84222727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359628)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359628/; classtype:trojan-activity;sid:84222728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359623)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359623/; classtype:trojan-activity;sid:84222723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359619)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359619/; classtype:trojan-activity;sid:84222719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359620)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359620/; classtype:trojan-activity;sid:84222720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359621)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359621/; classtype:trojan-activity;sid:84222721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359622)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359622/; classtype:trojan-activity;sid:84222722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359615)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359615/; classtype:trojan-activity;sid:84222715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359616)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359616/; classtype:trojan-activity;sid:84222716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359617)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359617/; classtype:trojan-activity;sid:84222717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359618)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359618/; classtype:trojan-activity;sid:84222718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359607)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359607/; classtype:trojan-activity;sid:84222707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359608)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359608/; classtype:trojan-activity;sid:84222708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359609)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359609/; classtype:trojan-activity;sid:84222709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359610)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359610/; classtype:trojan-activity;sid:84222710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359611)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359611/; classtype:trojan-activity;sid:84222711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359612)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359612/; classtype:trojan-activity;sid:84222712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359613)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359613/; classtype:trojan-activity;sid:84222713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359614)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359614/; classtype:trojan-activity;sid:84222714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359595)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359595/; classtype:trojan-activity;sid:84222695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359596)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359596/; classtype:trojan-activity;sid:84222696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359597)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359597/; classtype:trojan-activity;sid:84222697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359598)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359598/; classtype:trojan-activity;sid:84222698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359599)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359599/; classtype:trojan-activity;sid:84222699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359600)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359600/; classtype:trojan-activity;sid:84222700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359601)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359601/; classtype:trojan-activity;sid:84222701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359602)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359602/; classtype:trojan-activity;sid:84222702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359603)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359603/; classtype:trojan-activity;sid:84222703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359604)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359604/; classtype:trojan-activity;sid:84222704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359605)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359605/; classtype:trojan-activity;sid:84222705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359606)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359606/; classtype:trojan-activity;sid:84222706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359592)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359592/; classtype:trojan-activity;sid:84222692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359593)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359593/; classtype:trojan-activity;sid:84222693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359594)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359594/; classtype:trojan-activity;sid:84222694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359591)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359591/; classtype:trojan-activity;sid:84222691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359590)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359590/; classtype:trojan-activity;sid:84222690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359589)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359589/; classtype:trojan-activity;sid:84222689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359588)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359588/; classtype:trojan-activity;sid:84222688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359587)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359587/; classtype:trojan-activity;sid:84222687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359581)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359581/; classtype:trojan-activity;sid:84222681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359582)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359582/; classtype:trojan-activity;sid:84222682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359583)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359583/; classtype:trojan-activity;sid:84222683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359584)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359584/; classtype:trojan-activity;sid:84222684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359585)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359585/; classtype:trojan-activity;sid:84222685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359586)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359586/; classtype:trojan-activity;sid:84222686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359580)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359580/; classtype:trojan-activity;sid:84222680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359576)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359576/; classtype:trojan-activity;sid:84222676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359577)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359577/; classtype:trojan-activity;sid:84222677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359578)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359578/; classtype:trojan-activity;sid:84222678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359579)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359579/; classtype:trojan-activity;sid:84222679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359561)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359561/; classtype:trojan-activity;sid:84222661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359562)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359562/; classtype:trojan-activity;sid:84222662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359563)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359563/; classtype:trojan-activity;sid:84222663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359564)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359564/; classtype:trojan-activity;sid:84222664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359565)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359565/; classtype:trojan-activity;sid:84222665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359566)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359566/; classtype:trojan-activity;sid:84222666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359567)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359567/; classtype:trojan-activity;sid:84222667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359568)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359568/; classtype:trojan-activity;sid:84222668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359569)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359569/; classtype:trojan-activity;sid:84222669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359570)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359570/; classtype:trojan-activity;sid:84222670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359571)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359571/; classtype:trojan-activity;sid:84222671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359572)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359572/; classtype:trojan-activity;sid:84222672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359573)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359573/; classtype:trojan-activity;sid:84222673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359574)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359574/; classtype:trojan-activity;sid:84222674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359575)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359575/; classtype:trojan-activity;sid:84222675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359556)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359556/; classtype:trojan-activity;sid:84222656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359557)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359557/; classtype:trojan-activity;sid:84222657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359558)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359558/; classtype:trojan-activity;sid:84222658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359559)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359559/; classtype:trojan-activity;sid:84222659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359560)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359560/; classtype:trojan-activity;sid:84222660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359554)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359554/; classtype:trojan-activity;sid:84222654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359555)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359555/; classtype:trojan-activity;sid:84222655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359552)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359552/; classtype:trojan-activity;sid:84222652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359553)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359553/; classtype:trojan-activity;sid:84222653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359551)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359551/; classtype:trojan-activity;sid:84222651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359549)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359549/; classtype:trojan-activity;sid:84222649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359550)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359550/; classtype:trojan-activity;sid:84222650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359548)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359548/; classtype:trojan-activity;sid:84222648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359547)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359547/; classtype:trojan-activity;sid:84222647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359535)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359535/; classtype:trojan-activity;sid:84222635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359536)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359536/; classtype:trojan-activity;sid:84222636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359537)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359537/; classtype:trojan-activity;sid:84222637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359538)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359538/; classtype:trojan-activity;sid:84222638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359539)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359539/; classtype:trojan-activity;sid:84222639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359540)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359540/; classtype:trojan-activity;sid:84222640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359541)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359541/; classtype:trojan-activity;sid:84222641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359542)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359542/; classtype:trojan-activity;sid:84222642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359543)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359543/; classtype:trojan-activity;sid:84222643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359544)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359544/; classtype:trojan-activity;sid:84222644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359545)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359545/; classtype:trojan-activity;sid:84222645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359546)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359546/; classtype:trojan-activity;sid:84222646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359525)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359525/; classtype:trojan-activity;sid:84222625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359526)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359526/; classtype:trojan-activity;sid:84222626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359527)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359527/; classtype:trojan-activity;sid:84222627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359528)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359528/; classtype:trojan-activity;sid:84222628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359529)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359529/; classtype:trojan-activity;sid:84222629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359530)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359530/; classtype:trojan-activity;sid:84222630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359531)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359531/; classtype:trojan-activity;sid:84222631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359532)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359532/; classtype:trojan-activity;sid:84222632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359533)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359533/; classtype:trojan-activity;sid:84222633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359534)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359534/; classtype:trojan-activity;sid:84222634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359516)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359516/; classtype:trojan-activity;sid:84222616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359517)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359517/; classtype:trojan-activity;sid:84222617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359518)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359518/; classtype:trojan-activity;sid:84222618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359519)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359519/; classtype:trojan-activity;sid:84222619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359520)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359520/; classtype:trojan-activity;sid:84222620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359521)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359521/; classtype:trojan-activity;sid:84222621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359522)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359522/; classtype:trojan-activity;sid:84222622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359523)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359523/; classtype:trojan-activity;sid:84222623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359524)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359524/; classtype:trojan-activity;sid:84222624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359514)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359514/; classtype:trojan-activity;sid:84222614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359515)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359515/; classtype:trojan-activity;sid:84222615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359513)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359513/; classtype:trojan-activity;sid:84222613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359512)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359512/; classtype:trojan-activity;sid:84222612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359510)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359510/; classtype:trojan-activity;sid:84222610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359511)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359511/; classtype:trojan-activity;sid:84222611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359508)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359508/; classtype:trojan-activity;sid:84222608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359509)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359509/; classtype:trojan-activity;sid:84222609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359496)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359496/; classtype:trojan-activity;sid:84222596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359497)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359497/; classtype:trojan-activity;sid:84222597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359498)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359498/; classtype:trojan-activity;sid:84222598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359499)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359499/; classtype:trojan-activity;sid:84222599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359500)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359500/; classtype:trojan-activity;sid:84222600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359501)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359501/; classtype:trojan-activity;sid:84222601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359502)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359502/; classtype:trojan-activity;sid:84222602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359503)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359503/; classtype:trojan-activity;sid:84222603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359504)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359504/; classtype:trojan-activity;sid:84222604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359505)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359505/; classtype:trojan-activity;sid:84222605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359506)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359506/; classtype:trojan-activity;sid:84222606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359507)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359507/; classtype:trojan-activity;sid:84222607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359478)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359478/; classtype:trojan-activity;sid:84222578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359479)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359479/; classtype:trojan-activity;sid:84222579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359480)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359480/; classtype:trojan-activity;sid:84222580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359481)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359481/; classtype:trojan-activity;sid:84222581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359482)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359482/; classtype:trojan-activity;sid:84222582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359483)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359483/; classtype:trojan-activity;sid:84222583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359484)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359484/; classtype:trojan-activity;sid:84222584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359485)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359485/; classtype:trojan-activity;sid:84222585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359486)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359486/; classtype:trojan-activity;sid:84222586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359487)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359487/; classtype:trojan-activity;sid:84222587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359488)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359488/; classtype:trojan-activity;sid:84222588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359489)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359489/; classtype:trojan-activity;sid:84222589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359490)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359490/; classtype:trojan-activity;sid:84222590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359491)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359491/; classtype:trojan-activity;sid:84222591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359492)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359492/; classtype:trojan-activity;sid:84222592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359493)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359493/; classtype:trojan-activity;sid:84222593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359494)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359494/; classtype:trojan-activity;sid:84222594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359495)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359495/; classtype:trojan-activity;sid:84222595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359474)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359474/; classtype:trojan-activity;sid:84222574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359475)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359475/; classtype:trojan-activity;sid:84222575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359476)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359476/; classtype:trojan-activity;sid:84222576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359477)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359477/; classtype:trojan-activity;sid:84222577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359473)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359473/; classtype:trojan-activity;sid:84222573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359469)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359469/; classtype:trojan-activity;sid:84222569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359470)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359470/; classtype:trojan-activity;sid:84222570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359471)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359471/; classtype:trojan-activity;sid:84222571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359472)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359472/; classtype:trojan-activity;sid:84222572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359460)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359460/; classtype:trojan-activity;sid:84222560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359461)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359461/; classtype:trojan-activity;sid:84222561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359462)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359462/; classtype:trojan-activity;sid:84222562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359463)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359463/; classtype:trojan-activity;sid:84222563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359464)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359464/; classtype:trojan-activity;sid:84222564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359465)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359465/; classtype:trojan-activity;sid:84222565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359466)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359466/; classtype:trojan-activity;sid:84222566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359467)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359467/; classtype:trojan-activity;sid:84222567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359468)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359468/; classtype:trojan-activity;sid:84222568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359443)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359443/; classtype:trojan-activity;sid:84222543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359444)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359444/; classtype:trojan-activity;sid:84222544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359445)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359445/; classtype:trojan-activity;sid:84222545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359446)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359446/; classtype:trojan-activity;sid:84222546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359447)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359447/; classtype:trojan-activity;sid:84222547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359448)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359448/; classtype:trojan-activity;sid:84222548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359449)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359449/; classtype:trojan-activity;sid:84222549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359450)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359450/; classtype:trojan-activity;sid:84222550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359451)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359451/; classtype:trojan-activity;sid:84222551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359452)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359452/; classtype:trojan-activity;sid:84222552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359453)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359453/; classtype:trojan-activity;sid:84222553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359454)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359454/; classtype:trojan-activity;sid:84222554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359455)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359455/; classtype:trojan-activity;sid:84222555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359456)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359456/; classtype:trojan-activity;sid:84222556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359457)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359457/; classtype:trojan-activity;sid:84222557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359458)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359458/; classtype:trojan-activity;sid:84222558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359459)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359459/; classtype:trojan-activity;sid:84222559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359440)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359440/; classtype:trojan-activity;sid:84222540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359441)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359441/; classtype:trojan-activity;sid:84222541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359442)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359442/; classtype:trojan-activity;sid:84222542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359438)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359438/; classtype:trojan-activity;sid:84222538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359439)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359439/; classtype:trojan-activity;sid:84222539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359435)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359435/; classtype:trojan-activity;sid:84222535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359436)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359436/; classtype:trojan-activity;sid:84222536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359437)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359437/; classtype:trojan-activity;sid:84222537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359434)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359434/; classtype:trojan-activity;sid:84222534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359433)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359433/; classtype:trojan-activity;sid:84222533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359430)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359430/; classtype:trojan-activity;sid:84222530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359431)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359431/; classtype:trojan-activity;sid:84222531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359432)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359432/; classtype:trojan-activity;sid:84222532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359425)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359425/; classtype:trojan-activity;sid:84222525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359426)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359426/; classtype:trojan-activity;sid:84222526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359427)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359427/; classtype:trojan-activity;sid:84222527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359428)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359428/; classtype:trojan-activity;sid:84222528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359429)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359429/; classtype:trojan-activity;sid:84222529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359420)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359420/; classtype:trojan-activity;sid:84222520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359421)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359421/; classtype:trojan-activity;sid:84222521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359422)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359422/; classtype:trojan-activity;sid:84222522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359423)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359423/; classtype:trojan-activity;sid:84222523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359424)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359424/; classtype:trojan-activity;sid:84222524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359405)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359405/; classtype:trojan-activity;sid:84222505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359406)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359406/; classtype:trojan-activity;sid:84222506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359407)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359407/; classtype:trojan-activity;sid:84222507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359408)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359408/; classtype:trojan-activity;sid:84222508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359409)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359409/; classtype:trojan-activity;sid:84222509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359410)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359410/; classtype:trojan-activity;sid:84222510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359411)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359411/; classtype:trojan-activity;sid:84222511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359412)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359412/; classtype:trojan-activity;sid:84222512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359413)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359413/; classtype:trojan-activity;sid:84222513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359414)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359414/; classtype:trojan-activity;sid:84222514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359415)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359415/; classtype:trojan-activity;sid:84222515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359416)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359416/; classtype:trojan-activity;sid:84222516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359417)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359417/; classtype:trojan-activity;sid:84222517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359418)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359418/; classtype:trojan-activity;sid:84222518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359419)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359419/; classtype:trojan-activity;sid:84222519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359400)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359400/; classtype:trojan-activity;sid:84222500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359401)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359401/; classtype:trojan-activity;sid:84222501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359402)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359402/; classtype:trojan-activity;sid:84222502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359403)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359403/; classtype:trojan-activity;sid:84222503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359404)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359404/; classtype:trojan-activity;sid:84222504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359396)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359396/; classtype:trojan-activity;sid:84222496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359397)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359397/; classtype:trojan-activity;sid:84222497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359398)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359398/; classtype:trojan-activity;sid:84222498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359399)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359399/; classtype:trojan-activity;sid:84222499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359394)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359394/; classtype:trojan-activity;sid:84222494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359395)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359395/; classtype:trojan-activity;sid:84222495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359392)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359392/; classtype:trojan-activity;sid:84222492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359393)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359393/; classtype:trojan-activity;sid:84222493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359391)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359391/; classtype:trojan-activity;sid:84222491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359390)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359390/; classtype:trojan-activity;sid:84222490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359387)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359387/; classtype:trojan-activity;sid:84222487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359388)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359388/; classtype:trojan-activity;sid:84222488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359389)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359389/; classtype:trojan-activity;sid:84222489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359381)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359381/; classtype:trojan-activity;sid:84222481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359382)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359382/; classtype:trojan-activity;sid:84222482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359383)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359383/; classtype:trojan-activity;sid:84222483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359384)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359384/; classtype:trojan-activity;sid:84222484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359385)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359385/; classtype:trojan-activity;sid:84222485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359386)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359386/; classtype:trojan-activity;sid:84222486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359373)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359373/; classtype:trojan-activity;sid:84222473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359374)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359374/; classtype:trojan-activity;sid:84222474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359375)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359375/; classtype:trojan-activity;sid:84222475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359376)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359376/; classtype:trojan-activity;sid:84222476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359377)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359377/; classtype:trojan-activity;sid:84222477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359378)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359378/; classtype:trojan-activity;sid:84222478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359379)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359379/; classtype:trojan-activity;sid:84222479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359380)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359380/; classtype:trojan-activity;sid:84222480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359365)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359365/; classtype:trojan-activity;sid:84222465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359366)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359366/; classtype:trojan-activity;sid:84222466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359367)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359367/; classtype:trojan-activity;sid:84222467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359368)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359368/; classtype:trojan-activity;sid:84222468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359369)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359369/; classtype:trojan-activity;sid:84222469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359370)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359370/; classtype:trojan-activity;sid:84222470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359371)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359371/; classtype:trojan-activity;sid:84222471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359372)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359372/; classtype:trojan-activity;sid:84222472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359360)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359360/; classtype:trojan-activity;sid:84222460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359361)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359361/; classtype:trojan-activity;sid:84222461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359362)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359362/; classtype:trojan-activity;sid:84222462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359363)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359363/; classtype:trojan-activity;sid:84222463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359364)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359364/; classtype:trojan-activity;sid:84222464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359357)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359357/; classtype:trojan-activity;sid:84222457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359358)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359358/; classtype:trojan-activity;sid:84222458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359359)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359359/; classtype:trojan-activity;sid:84222459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359355)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359355/; classtype:trojan-activity;sid:84222455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359356)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359356/; classtype:trojan-activity;sid:84222456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359354)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359354/; classtype:trojan-activity;sid:84222454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359352)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359352/; classtype:trojan-activity;sid:84222452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359353)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359353/; classtype:trojan-activity;sid:84222453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359351)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359351/; classtype:trojan-activity;sid:84222451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359342)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359342/; classtype:trojan-activity;sid:84222442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359343)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359343/; classtype:trojan-activity;sid:84222443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359344)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359344/; classtype:trojan-activity;sid:84222444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359345)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359345/; classtype:trojan-activity;sid:84222445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359346)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359346/; classtype:trojan-activity;sid:84222446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359347)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359347/; classtype:trojan-activity;sid:84222447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359348)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359348/; classtype:trojan-activity;sid:84222448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359349)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359349/; classtype:trojan-activity;sid:84222449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359350)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359350/; classtype:trojan-activity;sid:84222450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359341)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359341/; classtype:trojan-activity;sid:84222441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359334)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359334/; classtype:trojan-activity;sid:84222434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359335)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359335/; classtype:trojan-activity;sid:84222435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359336)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359336/; classtype:trojan-activity;sid:84222436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359337)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359337/; classtype:trojan-activity;sid:84222437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359338)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359338/; classtype:trojan-activity;sid:84222438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359339)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359339/; classtype:trojan-activity;sid:84222439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359340)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359340/; classtype:trojan-activity;sid:84222440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359329)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359329/; classtype:trojan-activity;sid:84222429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359330)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359330/; classtype:trojan-activity;sid:84222430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359331)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359331/; classtype:trojan-activity;sid:84222431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359332)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359332/; classtype:trojan-activity;sid:84222432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359333)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359333/; classtype:trojan-activity;sid:84222433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359323)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359323/; classtype:trojan-activity;sid:84222423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359324)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359324/; classtype:trojan-activity;sid:84222424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359325)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359325/; classtype:trojan-activity;sid:84222425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359326)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359326/; classtype:trojan-activity;sid:84222426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359327)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359327/; classtype:trojan-activity;sid:84222427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359328)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359328/; classtype:trojan-activity;sid:84222428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359319)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359319/; classtype:trojan-activity;sid:84222419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359320)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359320/; classtype:trojan-activity;sid:84222420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359321)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359321/; classtype:trojan-activity;sid:84222421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359322)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359322/; classtype:trojan-activity;sid:84222422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359316)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359316/; classtype:trojan-activity;sid:84222416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359317)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359317/; classtype:trojan-activity;sid:84222417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359318)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359318/; classtype:trojan-activity;sid:84222418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359313)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359313/; classtype:trojan-activity;sid:84222413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359314)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359314/; classtype:trojan-activity;sid:84222414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359315)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359315/; classtype:trojan-activity;sid:84222415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359311)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359311/; classtype:trojan-activity;sid:84222411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359312)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359312/; classtype:trojan-activity;sid:84222412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359308)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359308/; classtype:trojan-activity;sid:84222408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359309)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359309/; classtype:trojan-activity;sid:84222409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359310)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359310/; classtype:trojan-activity;sid:84222410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359302)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359302/; classtype:trojan-activity;sid:84222402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359303)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359303/; classtype:trojan-activity;sid:84222403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359304)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359304/; classtype:trojan-activity;sid:84222404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359305)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359305/; classtype:trojan-activity;sid:84222405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359306)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359306/; classtype:trojan-activity;sid:84222406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359307)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359307/; classtype:trojan-activity;sid:84222407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359297)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359297/; classtype:trojan-activity;sid:84222397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359298)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359298/; classtype:trojan-activity;sid:84222398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359299)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359299/; classtype:trojan-activity;sid:84222399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359300)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359300/; classtype:trojan-activity;sid:84222400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359301)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359301/; classtype:trojan-activity;sid:84222401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359292)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359292/; classtype:trojan-activity;sid:84222392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359293)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359293/; classtype:trojan-activity;sid:84222393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359294)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359294/; classtype:trojan-activity;sid:84222394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359295)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359295/; classtype:trojan-activity;sid:84222395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359296)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359296/; classtype:trojan-activity;sid:84222396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359284)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359284/; classtype:trojan-activity;sid:84222384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359285)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359285/; classtype:trojan-activity;sid:84222385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359286)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359286/; classtype:trojan-activity;sid:84222386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359287)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359287/; classtype:trojan-activity;sid:84222387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359288)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359288/; classtype:trojan-activity;sid:84222388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359289)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359289/; classtype:trojan-activity;sid:84222389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359290)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359290/; classtype:trojan-activity;sid:84222390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359291)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359291/; classtype:trojan-activity;sid:84222391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359281)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359281/; classtype:trojan-activity;sid:84222381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359282)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359282/; classtype:trojan-activity;sid:84222382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359283)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359283/; classtype:trojan-activity;sid:84222383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359275)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359275/; classtype:trojan-activity;sid:84222375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359276)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359276/; classtype:trojan-activity;sid:84222376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359277)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359277/; classtype:trojan-activity;sid:84222377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359278)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359278/; classtype:trojan-activity;sid:84222378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359279)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359279/; classtype:trojan-activity;sid:84222379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359280)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359280/; classtype:trojan-activity;sid:84222380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359274)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359274/; classtype:trojan-activity;sid:84222374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359272)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359272/; classtype:trojan-activity;sid:84222372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359273)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359273/; classtype:trojan-activity;sid:84222373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359270)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359270/; classtype:trojan-activity;sid:84222370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359271)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359271/; classtype:trojan-activity;sid:84222371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359266)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359266/; classtype:trojan-activity;sid:84222366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359267)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359267/; classtype:trojan-activity;sid:84222367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359268)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359268/; classtype:trojan-activity;sid:84222368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359269)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359269/; classtype:trojan-activity;sid:84222369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359259)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359259/; classtype:trojan-activity;sid:84222359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359260)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359260/; classtype:trojan-activity;sid:84222360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359261)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359261/; classtype:trojan-activity;sid:84222361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359262)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359262/; classtype:trojan-activity;sid:84222362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359263)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359263/; classtype:trojan-activity;sid:84222363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359264)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359264/; classtype:trojan-activity;sid:84222364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359265)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359265/; classtype:trojan-activity;sid:84222365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359253)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359253/; classtype:trojan-activity;sid:84222353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359254)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359254/; classtype:trojan-activity;sid:84222354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359255)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359255/; classtype:trojan-activity;sid:84222355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359256)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359256/; classtype:trojan-activity;sid:84222356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359257)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359257/; classtype:trojan-activity;sid:84222357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359258)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359258/; classtype:trojan-activity;sid:84222358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359247)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359247/; classtype:trojan-activity;sid:84222347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359248)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359248/; classtype:trojan-activity;sid:84222348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359249)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359249/; classtype:trojan-activity;sid:84222349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359250)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359250/; classtype:trojan-activity;sid:84222350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359251)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359251/; classtype:trojan-activity;sid:84222351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359252)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359252/; classtype:trojan-activity;sid:84222352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359238)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359238/; classtype:trojan-activity;sid:84222338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359239)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359239/; classtype:trojan-activity;sid:84222339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359240)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359240/; classtype:trojan-activity;sid:84222340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359241)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359241/; classtype:trojan-activity;sid:84222341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359242)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359242/; classtype:trojan-activity;sid:84222342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359243)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359243/; classtype:trojan-activity;sid:84222343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359244)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359244/; classtype:trojan-activity;sid:84222344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359245)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359245/; classtype:trojan-activity;sid:84222345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359246)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359246/; classtype:trojan-activity;sid:84222346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359235)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359235/; classtype:trojan-activity;sid:84222335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359236)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359236/; classtype:trojan-activity;sid:84222336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359237)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359237/; classtype:trojan-activity;sid:84222337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359233)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359233/; classtype:trojan-activity;sid:84222333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359234)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359234/; classtype:trojan-activity;sid:84222334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359230)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359230/; classtype:trojan-activity;sid:84222330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359231)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359231/; classtype:trojan-activity;sid:84222331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359232)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359232/; classtype:trojan-activity;sid:84222332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359228)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359228/; classtype:trojan-activity;sid:84222328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359229)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359229/; classtype:trojan-activity;sid:84222329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359225)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359225/; classtype:trojan-activity;sid:84222325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359226)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359226/; classtype:trojan-activity;sid:84222326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359227)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359227/; classtype:trojan-activity;sid:84222327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359220)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359220/; classtype:trojan-activity;sid:84222320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359221)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359221/; classtype:trojan-activity;sid:84222321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359222)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359222/; classtype:trojan-activity;sid:84222322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359223)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359223/; classtype:trojan-activity;sid:84222323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359224)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359224/; classtype:trojan-activity;sid:84222324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359216)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359216/; classtype:trojan-activity;sid:84222316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359217)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359217/; classtype:trojan-activity;sid:84222317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359218)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359218/; classtype:trojan-activity;sid:84222318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359219)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359219/; classtype:trojan-activity;sid:84222319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359204)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359204/; classtype:trojan-activity;sid:84222304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359205)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359205/; classtype:trojan-activity;sid:84222305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359206)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359206/; classtype:trojan-activity;sid:84222306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359207)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359207/; classtype:trojan-activity;sid:84222307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359208)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359208/; classtype:trojan-activity;sid:84222308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359209)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359209/; classtype:trojan-activity;sid:84222309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359210)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359210/; classtype:trojan-activity;sid:84222310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359211)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359211/; classtype:trojan-activity;sid:84222311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359212)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359212/; classtype:trojan-activity;sid:84222312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359213)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359213/; classtype:trojan-activity;sid:84222313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359214)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359214/; classtype:trojan-activity;sid:84222314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359215)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359215/; classtype:trojan-activity;sid:84222315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359197)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359197/; classtype:trojan-activity;sid:84222297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359198)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359198/; classtype:trojan-activity;sid:84222298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359199)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359199/; classtype:trojan-activity;sid:84222299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359200)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359200/; classtype:trojan-activity;sid:84222300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359201)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359201/; classtype:trojan-activity;sid:84222301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359202)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359202/; classtype:trojan-activity;sid:84222302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359203)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359203/; classtype:trojan-activity;sid:84222303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359194)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359194/; classtype:trojan-activity;sid:84222294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359195)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359195/; classtype:trojan-activity;sid:84222295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359196)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359196/; classtype:trojan-activity;sid:84222296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359192)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359192/; classtype:trojan-activity;sid:84222292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359193)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359193/; classtype:trojan-activity;sid:84222293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359191)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359191/; classtype:trojan-activity;sid:84222291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359190)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359190/; classtype:trojan-activity;sid:84222290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359185)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359185/; classtype:trojan-activity;sid:84222285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359186)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359186/; classtype:trojan-activity;sid:84222286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359187)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359187/; classtype:trojan-activity;sid:84222287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359188)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359188/; classtype:trojan-activity;sid:84222288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359189)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359189/; classtype:trojan-activity;sid:84222289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359180)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359180/; classtype:trojan-activity;sid:84222280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359181)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359181/; classtype:trojan-activity;sid:84222281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359182)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359182/; classtype:trojan-activity;sid:84222282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359183)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359183/; classtype:trojan-activity;sid:84222283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359184)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359184/; classtype:trojan-activity;sid:84222284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359176)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359176/; classtype:trojan-activity;sid:84222276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359177)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359177/; classtype:trojan-activity;sid:84222277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359178)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359178/; classtype:trojan-activity;sid:84222278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359179)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359179/; classtype:trojan-activity;sid:84222279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359164)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359164/; classtype:trojan-activity;sid:84222264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359165)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359165/; classtype:trojan-activity;sid:84222265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359166)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359166/; classtype:trojan-activity;sid:84222266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359167)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359167/; classtype:trojan-activity;sid:84222267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359168)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359168/; classtype:trojan-activity;sid:84222268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359169)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359169/; classtype:trojan-activity;sid:84222269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359170)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359170/; classtype:trojan-activity;sid:84222270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359171)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359171/; classtype:trojan-activity;sid:84222271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359172)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359172/; classtype:trojan-activity;sid:84222272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359173)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359173/; classtype:trojan-activity;sid:84222273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359174)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359174/; classtype:trojan-activity;sid:84222274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359175)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359175/; classtype:trojan-activity;sid:84222275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359156)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359156/; classtype:trojan-activity;sid:84222256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359157)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359157/; classtype:trojan-activity;sid:84222257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359158)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359158/; classtype:trojan-activity;sid:84222258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359159)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359159/; classtype:trojan-activity;sid:84222259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359160)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359160/; classtype:trojan-activity;sid:84222260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359161)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359161/; classtype:trojan-activity;sid:84222261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359162)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359162/; classtype:trojan-activity;sid:84222262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359163)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359163/; classtype:trojan-activity;sid:84222263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359154)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359154/; classtype:trojan-activity;sid:84222254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359155)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359155/; classtype:trojan-activity;sid:84222255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359152)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359152/; classtype:trojan-activity;sid:84222252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359153)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359153/; classtype:trojan-activity;sid:84222253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359150)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359150/; classtype:trojan-activity;sid:84222250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359151)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359151/; classtype:trojan-activity;sid:84222251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359145)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359145/; classtype:trojan-activity;sid:84222245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359146)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359146/; classtype:trojan-activity;sid:84222246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359147)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359147/; classtype:trojan-activity;sid:84222247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359148)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359148/; classtype:trojan-activity;sid:84222248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359149)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359149/; classtype:trojan-activity;sid:84222249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359138)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359138/; classtype:trojan-activity;sid:84222238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359139)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359139/; classtype:trojan-activity;sid:84222239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359140)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359140/; classtype:trojan-activity;sid:84222240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359141)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359141/; classtype:trojan-activity;sid:84222241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359142)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359142/; classtype:trojan-activity;sid:84222242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359143)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359143/; classtype:trojan-activity;sid:84222243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359144)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359144/; classtype:trojan-activity;sid:84222244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359131)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359131/; classtype:trojan-activity;sid:84222231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359132)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359132/; classtype:trojan-activity;sid:84222232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359133)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359133/; classtype:trojan-activity;sid:84222233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359134)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359134/; classtype:trojan-activity;sid:84222234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359135)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359135/; classtype:trojan-activity;sid:84222235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359136)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359136/; classtype:trojan-activity;sid:84222236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359137)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359137/; classtype:trojan-activity;sid:84222237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359121)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359121/; classtype:trojan-activity;sid:84222221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359122)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359122/; classtype:trojan-activity;sid:84222222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359123)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359123/; classtype:trojan-activity;sid:84222223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359124)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359124/; classtype:trojan-activity;sid:84222224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359125)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359125/; classtype:trojan-activity;sid:84222225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359126)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359126/; classtype:trojan-activity;sid:84222226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359127)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359127/; classtype:trojan-activity;sid:84222227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359128)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359128/; classtype:trojan-activity;sid:84222228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359129)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359129/; classtype:trojan-activity;sid:84222229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359130)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359130/; classtype:trojan-activity;sid:84222230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359116)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359116/; classtype:trojan-activity;sid:84222216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359117)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359117/; classtype:trojan-activity;sid:84222217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359118)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359118/; classtype:trojan-activity;sid:84222218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359119)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359119/; classtype:trojan-activity;sid:84222219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359120)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359120/; classtype:trojan-activity;sid:84222220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359114)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359114/; classtype:trojan-activity;sid:84222214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359115)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359115/; classtype:trojan-activity;sid:84222215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359113)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359113/; classtype:trojan-activity;sid:84222213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359110)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359110/; classtype:trojan-activity;sid:84222210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359111)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359111/; classtype:trojan-activity;sid:84222211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359112)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359112/; classtype:trojan-activity;sid:84222212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359107)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359107/; classtype:trojan-activity;sid:84222207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359108)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359108/; classtype:trojan-activity;sid:84222208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359109)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359109/; classtype:trojan-activity;sid:84222209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359106)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359106/; classtype:trojan-activity;sid:84222206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359102)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359102/; classtype:trojan-activity;sid:84222202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359103)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359103/; classtype:trojan-activity;sid:84222203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359104)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359104/; classtype:trojan-activity;sid:84222204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359105)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359105/; classtype:trojan-activity;sid:84222205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359088)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359088/; classtype:trojan-activity;sid:84222188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359089)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359089/; classtype:trojan-activity;sid:84222189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359090)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359090/; classtype:trojan-activity;sid:84222190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359091)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359091/; classtype:trojan-activity;sid:84222191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359092)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359092/; classtype:trojan-activity;sid:84222192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359093)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359093/; classtype:trojan-activity;sid:84222193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359094)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359094/; classtype:trojan-activity;sid:84222194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359095)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359095/; classtype:trojan-activity;sid:84222195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359096)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359096/; classtype:trojan-activity;sid:84222196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359097)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359097/; classtype:trojan-activity;sid:84222197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359098)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359098/; classtype:trojan-activity;sid:84222198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359099)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359099/; classtype:trojan-activity;sid:84222199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359100)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359100/; classtype:trojan-activity;sid:84222200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359101)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359101/; classtype:trojan-activity;sid:84222201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359081)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359081/; classtype:trojan-activity;sid:84222181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359082)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359082/; classtype:trojan-activity;sid:84222182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359083)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359083/; classtype:trojan-activity;sid:84222183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359084)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359084/; classtype:trojan-activity;sid:84222184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359085)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359085/; classtype:trojan-activity;sid:84222185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359086)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359086/; classtype:trojan-activity;sid:84222186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359087)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359087/; classtype:trojan-activity;sid:84222187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359075)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359075/; classtype:trojan-activity;sid:84222175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359076)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359076/; classtype:trojan-activity;sid:84222176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359077)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359077/; classtype:trojan-activity;sid:84222177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359078)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359078/; classtype:trojan-activity;sid:84222178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359079)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359079/; classtype:trojan-activity;sid:84222179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359080)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359080/; classtype:trojan-activity;sid:84222180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359073)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359073/; classtype:trojan-activity;sid:84222173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359074)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359074/; classtype:trojan-activity;sid:84222174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359071)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359071/; classtype:trojan-activity;sid:84222171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359072)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359072/; classtype:trojan-activity;sid:84222172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359067)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359067/; classtype:trojan-activity;sid:84222167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359068)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359068/; classtype:trojan-activity;sid:84222168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359069)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359069/; classtype:trojan-activity;sid:84222169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359070)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359070/; classtype:trojan-activity;sid:84222170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359054)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359054/; classtype:trojan-activity;sid:84222154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359055)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359055/; classtype:trojan-activity;sid:84222155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359056)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359056/; classtype:trojan-activity;sid:84222156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359057)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359057/; classtype:trojan-activity;sid:84222157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359058)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359058/; classtype:trojan-activity;sid:84222158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359059)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359059/; classtype:trojan-activity;sid:84222159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359060)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359060/; classtype:trojan-activity;sid:84222160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359061)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359061/; classtype:trojan-activity;sid:84222161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359062)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359062/; classtype:trojan-activity;sid:84222162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359063)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359063/; classtype:trojan-activity;sid:84222163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359064)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359064/; classtype:trojan-activity;sid:84222164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359065)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359065/; classtype:trojan-activity;sid:84222165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359066)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359066/; classtype:trojan-activity;sid:84222166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359045)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359045/; classtype:trojan-activity;sid:84222145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359046)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359046/; classtype:trojan-activity;sid:84222146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359047)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359047/; classtype:trojan-activity;sid:84222147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359048)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359048/; classtype:trojan-activity;sid:84222148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359049)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359049/; classtype:trojan-activity;sid:84222149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359050)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359050/; classtype:trojan-activity;sid:84222150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359051)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359051/; classtype:trojan-activity;sid:84222151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359052)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359052/; classtype:trojan-activity;sid:84222152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359053)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359053/; classtype:trojan-activity;sid:84222153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359041)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359041/; classtype:trojan-activity;sid:84222141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359042)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359042/; classtype:trojan-activity;sid:84222142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359043)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359043/; classtype:trojan-activity;sid:84222143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359044)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359044/; classtype:trojan-activity;sid:84222144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359035)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359035/; classtype:trojan-activity;sid:84222135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359036)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359036/; classtype:trojan-activity;sid:84222136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359037)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359037/; classtype:trojan-activity;sid:84222137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359038)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359038/; classtype:trojan-activity;sid:84222138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359039)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359039/; classtype:trojan-activity;sid:84222139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359040)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359040/; classtype:trojan-activity;sid:84222140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359033)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359033/; classtype:trojan-activity;sid:84222133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359034)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359034/; classtype:trojan-activity;sid:84222134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359032)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359032/; classtype:trojan-activity;sid:84222132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359030)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359030/; classtype:trojan-activity;sid:84222130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359031)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359031/; classtype:trojan-activity;sid:84222131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359028)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359028/; classtype:trojan-activity;sid:84222128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359029)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359029/; classtype:trojan-activity;sid:84222129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359025)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359025/; classtype:trojan-activity;sid:84222125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359026)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359026/; classtype:trojan-activity;sid:84222126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359027)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359027/; classtype:trojan-activity;sid:84222127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359020)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359020/; classtype:trojan-activity;sid:84222120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359021)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359021/; classtype:trojan-activity;sid:84222121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359022)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359022/; classtype:trojan-activity;sid:84222122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359023)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359023/; classtype:trojan-activity;sid:84222123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359024)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359024/; classtype:trojan-activity;sid:84222124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359010)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359010/; classtype:trojan-activity;sid:84222110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359011)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359011/; classtype:trojan-activity;sid:84222111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359012)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359012/; classtype:trojan-activity;sid:84222112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359013)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359013/; classtype:trojan-activity;sid:84222113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359014)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359014/; classtype:trojan-activity;sid:84222114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359015)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359015/; classtype:trojan-activity;sid:84222115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359016)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359016/; classtype:trojan-activity;sid:84222116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359017)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359017/; classtype:trojan-activity;sid:84222117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359018)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359018/; classtype:trojan-activity;sid:84222118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359019)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359019/; classtype:trojan-activity;sid:84222119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359000)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359000/; classtype:trojan-activity;sid:84222100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359001)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359001/; classtype:trojan-activity;sid:84222101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359002)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359002/; classtype:trojan-activity;sid:84222102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359003)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359003/; classtype:trojan-activity;sid:84222103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359004)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359004/; classtype:trojan-activity;sid:84222104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359005)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359005/; classtype:trojan-activity;sid:84222105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359006)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359006/; classtype:trojan-activity;sid:84222106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359007)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359007/; classtype:trojan-activity;sid:84222107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359008)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359008/; classtype:trojan-activity;sid:84222108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3359009)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3359009/; classtype:trojan-activity;sid:84222109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358996)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358996/; classtype:trojan-activity;sid:84222096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358997)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358997/; classtype:trojan-activity;sid:84222097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358998)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358998/; classtype:trojan-activity;sid:84222098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358999)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358999/; classtype:trojan-activity;sid:84222099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358995)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358995/; classtype:trojan-activity;sid:84222095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358991)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358991/; classtype:trojan-activity;sid:84222091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358992)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358992/; classtype:trojan-activity;sid:84222092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358993)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358993/; classtype:trojan-activity;sid:84222093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358994)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358994/; classtype:trojan-activity;sid:84222094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358990)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358990/; classtype:trojan-activity;sid:84222090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358985)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358985/; classtype:trojan-activity;sid:84222085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358986)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358986/; classtype:trojan-activity;sid:84222086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358987)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358987/; classtype:trojan-activity;sid:84222087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358988)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358988/; classtype:trojan-activity;sid:84222088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358989)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358989/; classtype:trojan-activity;sid:84222089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358984)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358984/; classtype:trojan-activity;sid:84222084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358972)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358972/; classtype:trojan-activity;sid:84222072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358973)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358973/; classtype:trojan-activity;sid:84222073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358974)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358974/; classtype:trojan-activity;sid:84222074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358975)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358975/; classtype:trojan-activity;sid:84222075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358976)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358976/; classtype:trojan-activity;sid:84222076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358977)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358977/; classtype:trojan-activity;sid:84222077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358978)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358978/; classtype:trojan-activity;sid:84222078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358979)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358979/; classtype:trojan-activity;sid:84222079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358980)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358980/; classtype:trojan-activity;sid:84222080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358981)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358981/; classtype:trojan-activity;sid:84222081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358982)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358982/; classtype:trojan-activity;sid:84222082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358983)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358983/; classtype:trojan-activity;sid:84222083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358958)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358958/; classtype:trojan-activity;sid:84222058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358959)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358959/; classtype:trojan-activity;sid:84222059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358960)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358960/; classtype:trojan-activity;sid:84222060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358961)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358961/; classtype:trojan-activity;sid:84222061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358962)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358962/; classtype:trojan-activity;sid:84222062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358963)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358963/; classtype:trojan-activity;sid:84222063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358964)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358964/; classtype:trojan-activity;sid:84222064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358965)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358965/; classtype:trojan-activity;sid:84222065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358966)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358966/; classtype:trojan-activity;sid:84222066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358967)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358967/; classtype:trojan-activity;sid:84222067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358968)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358968/; classtype:trojan-activity;sid:84222068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358969)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358969/; classtype:trojan-activity;sid:84222069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358970)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358970/; classtype:trojan-activity;sid:84222070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358971)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358971/; classtype:trojan-activity;sid:84222071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358957)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358957/; classtype:trojan-activity;sid:84222057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358954)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358954/; classtype:trojan-activity;sid:84222054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358955)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358955/; classtype:trojan-activity;sid:84222055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358956)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358956/; classtype:trojan-activity;sid:84222056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358953)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358953/; classtype:trojan-activity;sid:84222053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358950)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358950/; classtype:trojan-activity;sid:84222050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358951)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358951/; classtype:trojan-activity;sid:84222051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358952)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358952/; classtype:trojan-activity;sid:84222052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358947)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358947/; classtype:trojan-activity;sid:84222047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358948)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358948/; classtype:trojan-activity;sid:84222048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358949)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358949/; classtype:trojan-activity;sid:84222049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358944)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358944/; classtype:trojan-activity;sid:84222044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358945)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358945/; classtype:trojan-activity;sid:84222045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358946)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358946/; classtype:trojan-activity;sid:84222046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358936)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358936/; classtype:trojan-activity;sid:84222036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358937)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358937/; classtype:trojan-activity;sid:84222037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358938)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358938/; classtype:trojan-activity;sid:84222038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358939)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358939/; classtype:trojan-activity;sid:84222039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358940)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358940/; classtype:trojan-activity;sid:84222040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358941)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358941/; classtype:trojan-activity;sid:84222041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358942)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358942/; classtype:trojan-activity;sid:84222042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358943)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358943/; classtype:trojan-activity;sid:84222043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358930)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358930/; classtype:trojan-activity;sid:84222030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358931)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358931/; classtype:trojan-activity;sid:84222031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358932)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358932/; classtype:trojan-activity;sid:84222032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358933)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358933/; classtype:trojan-activity;sid:84222033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358934)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358934/; classtype:trojan-activity;sid:84222034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358935)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358935/; classtype:trojan-activity;sid:84222035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358920)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358920/; classtype:trojan-activity;sid:84222020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358921)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358921/; classtype:trojan-activity;sid:84222021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358922)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358922/; classtype:trojan-activity;sid:84222022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358923)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358923/; classtype:trojan-activity;sid:84222023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358924)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358924/; classtype:trojan-activity;sid:84222024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358925)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358925/; classtype:trojan-activity;sid:84222025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358926)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358926/; classtype:trojan-activity;sid:84222026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358927)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358927/; classtype:trojan-activity;sid:84222027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358928)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358928/; classtype:trojan-activity;sid:84222028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358929)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358929/; classtype:trojan-activity;sid:84222029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358915)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358915/; classtype:trojan-activity;sid:84222015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358916)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358916/; classtype:trojan-activity;sid:84222016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358917)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358917/; classtype:trojan-activity;sid:84222017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358918)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358918/; classtype:trojan-activity;sid:84222018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358919)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358919/; classtype:trojan-activity;sid:84222019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358914)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358914/; classtype:trojan-activity;sid:84222014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358911)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358911/; classtype:trojan-activity;sid:84222011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358912)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358912/; classtype:trojan-activity;sid:84222012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358913)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358913/; classtype:trojan-activity;sid:84222013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358905)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358905/; classtype:trojan-activity;sid:84222005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358906)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358906/; classtype:trojan-activity;sid:84222006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358907)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358907/; classtype:trojan-activity;sid:84222007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358908)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358908/; classtype:trojan-activity;sid:84222008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358909)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358909/; classtype:trojan-activity;sid:84222009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358910)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358910/; classtype:trojan-activity;sid:84222010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358901)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358901/; classtype:trojan-activity;sid:84222001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358902)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358902/; classtype:trojan-activity;sid:84222002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358903)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358903/; classtype:trojan-activity;sid:84222003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358904)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358904/; classtype:trojan-activity;sid:84222004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358891)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358891/; classtype:trojan-activity;sid:84221991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358892)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358892/; classtype:trojan-activity;sid:84221992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358893)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358893/; classtype:trojan-activity;sid:84221993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358894)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358894/; classtype:trojan-activity;sid:84221994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358895)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358895/; classtype:trojan-activity;sid:84221995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358896)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358896/; classtype:trojan-activity;sid:84221996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358897)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358897/; classtype:trojan-activity;sid:84221997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358898)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358898/; classtype:trojan-activity;sid:84221998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358899)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358899/; classtype:trojan-activity;sid:84221999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358900)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358900/; classtype:trojan-activity;sid:84222000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358884)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358884/; classtype:trojan-activity;sid:84221984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358885)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358885/; classtype:trojan-activity;sid:84221985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358886)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358886/; classtype:trojan-activity;sid:84221986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358887)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358887/; classtype:trojan-activity;sid:84221987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358888)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358888/; classtype:trojan-activity;sid:84221988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358889)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358889/; classtype:trojan-activity;sid:84221989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358890)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358890/; classtype:trojan-activity;sid:84221990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358880)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358880/; classtype:trojan-activity;sid:84221980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358881)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358881/; classtype:trojan-activity;sid:84221981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358882)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358882/; classtype:trojan-activity;sid:84221982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358883)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358883/; classtype:trojan-activity;sid:84221983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358877)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358877/; classtype:trojan-activity;sid:84221977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358878)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358878/; classtype:trojan-activity;sid:84221978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358879)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358879/; classtype:trojan-activity;sid:84221979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358876)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358876/; classtype:trojan-activity;sid:84221976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358874)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358874/; classtype:trojan-activity;sid:84221974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358875)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358875/; classtype:trojan-activity;sid:84221975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358871)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358871/; classtype:trojan-activity;sid:84221971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358872)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358872/; classtype:trojan-activity;sid:84221972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358873)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358873/; classtype:trojan-activity;sid:84221973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358867)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358867/; classtype:trojan-activity;sid:84221967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358868)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358868/; classtype:trojan-activity;sid:84221968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358869)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358869/; classtype:trojan-activity;sid:84221969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358870)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358870/; classtype:trojan-activity;sid:84221970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358854)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358854/; classtype:trojan-activity;sid:84221954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358855)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358855/; classtype:trojan-activity;sid:84221955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358856)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358856/; classtype:trojan-activity;sid:84221956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358857)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358857/; classtype:trojan-activity;sid:84221957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358858)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358858/; classtype:trojan-activity;sid:84221958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358859)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358859/; classtype:trojan-activity;sid:84221959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358860)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358860/; classtype:trojan-activity;sid:84221960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358861)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358861/; classtype:trojan-activity;sid:84221961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358862)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358862/; classtype:trojan-activity;sid:84221962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358863)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358863/; classtype:trojan-activity;sid:84221963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358864)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358864/; classtype:trojan-activity;sid:84221964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358865)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358865/; classtype:trojan-activity;sid:84221965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358866)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358866/; classtype:trojan-activity;sid:84221966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358842)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358842/; classtype:trojan-activity;sid:84221942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358843)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358843/; classtype:trojan-activity;sid:84221943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358844)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358844/; classtype:trojan-activity;sid:84221944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358845)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358845/; classtype:trojan-activity;sid:84221945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358846)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358846/; classtype:trojan-activity;sid:84221946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358847)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358847/; classtype:trojan-activity;sid:84221947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358848)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358848/; classtype:trojan-activity;sid:84221948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358849)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358849/; classtype:trojan-activity;sid:84221949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358850)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358850/; classtype:trojan-activity;sid:84221950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358851)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358851/; classtype:trojan-activity;sid:84221951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358852)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358852/; classtype:trojan-activity;sid:84221952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358853)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358853/; classtype:trojan-activity;sid:84221953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358839)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358839/; classtype:trojan-activity;sid:84221939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358840)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358840/; classtype:trojan-activity;sid:84221940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358841)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358841/; classtype:trojan-activity;sid:84221941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358838)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358838/; classtype:trojan-activity;sid:84221938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358837)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358837/; classtype:trojan-activity;sid:84221937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358834)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358834/; classtype:trojan-activity;sid:84221934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358835)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358835/; classtype:trojan-activity;sid:84221935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358836)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358836/; classtype:trojan-activity;sid:84221936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358828)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358828/; classtype:trojan-activity;sid:84221928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358829)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358829/; classtype:trojan-activity;sid:84221929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358830)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358830/; classtype:trojan-activity;sid:84221930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358831)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358831/; classtype:trojan-activity;sid:84221931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358832)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358832/; classtype:trojan-activity;sid:84221932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358833)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358833/; classtype:trojan-activity;sid:84221933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358818)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358818/; classtype:trojan-activity;sid:84221918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358819)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358819/; classtype:trojan-activity;sid:84221919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358820)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358820/; classtype:trojan-activity;sid:84221920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358821)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358821/; classtype:trojan-activity;sid:84221921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358822)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358822/; classtype:trojan-activity;sid:84221922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358823)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358823/; classtype:trojan-activity;sid:84221923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358824)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358824/; classtype:trojan-activity;sid:84221924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358825)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358825/; classtype:trojan-activity;sid:84221925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358826)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358826/; classtype:trojan-activity;sid:84221926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358827)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358827/; classtype:trojan-activity;sid:84221927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358809)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358809/; classtype:trojan-activity;sid:84221909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358810)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358810/; classtype:trojan-activity;sid:84221910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358811)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358811/; classtype:trojan-activity;sid:84221911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358812)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358812/; classtype:trojan-activity;sid:84221912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358813)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358813/; classtype:trojan-activity;sid:84221913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358814)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358814/; classtype:trojan-activity;sid:84221914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358815)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358815/; classtype:trojan-activity;sid:84221915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358816)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358816/; classtype:trojan-activity;sid:84221916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358817)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358817/; classtype:trojan-activity;sid:84221917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358804)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358804/; classtype:trojan-activity;sid:84221904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358805)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358805/; classtype:trojan-activity;sid:84221905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358806)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358806/; classtype:trojan-activity;sid:84221906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358807)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358807/; classtype:trojan-activity;sid:84221907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358808)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358808/; classtype:trojan-activity;sid:84221908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358800)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358800/; classtype:trojan-activity;sid:84221900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358801)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358801/; classtype:trojan-activity;sid:84221901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358802)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358802/; classtype:trojan-activity;sid:84221902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358803)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358803/; classtype:trojan-activity;sid:84221903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358799)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358799/; classtype:trojan-activity;sid:84221899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358798)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358798/; classtype:trojan-activity;sid:84221898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358797)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358797/; classtype:trojan-activity;sid:84221897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358793)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358793/; classtype:trojan-activity;sid:84221893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358794)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358794/; classtype:trojan-activity;sid:84221894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358795)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358795/; classtype:trojan-activity;sid:84221895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358796)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358796/; classtype:trojan-activity;sid:84221896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358786)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358786/; classtype:trojan-activity;sid:84221886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358787)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358787/; classtype:trojan-activity;sid:84221887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358788)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358788/; classtype:trojan-activity;sid:84221888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358789)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358789/; classtype:trojan-activity;sid:84221889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358790)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358790/; classtype:trojan-activity;sid:84221890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358791)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358791/; classtype:trojan-activity;sid:84221891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358792)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358792/; classtype:trojan-activity;sid:84221892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358773)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358773/; classtype:trojan-activity;sid:84221873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358774)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358774/; classtype:trojan-activity;sid:84221874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358775)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358775/; classtype:trojan-activity;sid:84221875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358776)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358776/; classtype:trojan-activity;sid:84221876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358777)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358777/; classtype:trojan-activity;sid:84221877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358778)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358778/; classtype:trojan-activity;sid:84221878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358779)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358779/; classtype:trojan-activity;sid:84221879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358780)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358780/; classtype:trojan-activity;sid:84221880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358781)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358781/; classtype:trojan-activity;sid:84221881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358782)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358782/; classtype:trojan-activity;sid:84221882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358783)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358783/; classtype:trojan-activity;sid:84221883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358784)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358784/; classtype:trojan-activity;sid:84221884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358785)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358785/; classtype:trojan-activity;sid:84221885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358766)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358766/; classtype:trojan-activity;sid:84221866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358767)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358767/; classtype:trojan-activity;sid:84221867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358768)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358768/; classtype:trojan-activity;sid:84221868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358769)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358769/; classtype:trojan-activity;sid:84221869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358770)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358770/; classtype:trojan-activity;sid:84221870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358771)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358771/; classtype:trojan-activity;sid:84221871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358772)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358772/; classtype:trojan-activity;sid:84221872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358762)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358762/; classtype:trojan-activity;sid:84221862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358763)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358763/; classtype:trojan-activity;sid:84221863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358764)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358764/; classtype:trojan-activity;sid:84221864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358765)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358765/; classtype:trojan-activity;sid:84221865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358761)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358761/; classtype:trojan-activity;sid:84221861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358760)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358760/; classtype:trojan-activity;sid:84221860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358759)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358759/; classtype:trojan-activity;sid:84221859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358757)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358757/; classtype:trojan-activity;sid:84221857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358758)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358758/; classtype:trojan-activity;sid:84221858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358744)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358744/; classtype:trojan-activity;sid:84221844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358745)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358745/; classtype:trojan-activity;sid:84221845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358746)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358746/; classtype:trojan-activity;sid:84221846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358747)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358747/; classtype:trojan-activity;sid:84221847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358748)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358748/; classtype:trojan-activity;sid:84221848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358749)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358749/; classtype:trojan-activity;sid:84221849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358750)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358750/; classtype:trojan-activity;sid:84221850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358751)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358751/; classtype:trojan-activity;sid:84221851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358752)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358752/; classtype:trojan-activity;sid:84221852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358753)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358753/; classtype:trojan-activity;sid:84221853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358754)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358754/; classtype:trojan-activity;sid:84221854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358755)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358755/; classtype:trojan-activity;sid:84221855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358756)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358756/; classtype:trojan-activity;sid:84221856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358736)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358736/; classtype:trojan-activity;sid:84221836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358737)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358737/; classtype:trojan-activity;sid:84221837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358738)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358738/; classtype:trojan-activity;sid:84221838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358739)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358739/; classtype:trojan-activity;sid:84221839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358740)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358740/; classtype:trojan-activity;sid:84221840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358741)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358741/; classtype:trojan-activity;sid:84221841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358742)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358742/; classtype:trojan-activity;sid:84221842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358743)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358743/; classtype:trojan-activity;sid:84221843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358731)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358731/; classtype:trojan-activity;sid:84221831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358732)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358732/; classtype:trojan-activity;sid:84221832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358733)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358733/; classtype:trojan-activity;sid:84221833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358734)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358734/; classtype:trojan-activity;sid:84221834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358735)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358735/; classtype:trojan-activity;sid:84221835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358727)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358727/; classtype:trojan-activity;sid:84221827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358728)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358728/; classtype:trojan-activity;sid:84221828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358729)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358729/; classtype:trojan-activity;sid:84221829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358730)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358730/; classtype:trojan-activity;sid:84221830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358726)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358726/; classtype:trojan-activity;sid:84221826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358723)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358723/; classtype:trojan-activity;sid:84221823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358724)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358724/; classtype:trojan-activity;sid:84221824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358725)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358725/; classtype:trojan-activity;sid:84221825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358722)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358722/; classtype:trojan-activity;sid:84221822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358719)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358719/; classtype:trojan-activity;sid:84221819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358720)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358720/; classtype:trojan-activity;sid:84221820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358721)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358721/; classtype:trojan-activity;sid:84221821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358711)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358711/; classtype:trojan-activity;sid:84221811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358712)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358712/; classtype:trojan-activity;sid:84221812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358713)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358713/; classtype:trojan-activity;sid:84221813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358714)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358714/; classtype:trojan-activity;sid:84221814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358715)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358715/; classtype:trojan-activity;sid:84221815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358716)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358716/; classtype:trojan-activity;sid:84221816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358717)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358717/; classtype:trojan-activity;sid:84221817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358718)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358718/; classtype:trojan-activity;sid:84221818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358703)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358703/; classtype:trojan-activity;sid:84221803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358704)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358704/; classtype:trojan-activity;sid:84221804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358705)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358705/; classtype:trojan-activity;sid:84221805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358706)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358706/; classtype:trojan-activity;sid:84221806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358707)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358707/; classtype:trojan-activity;sid:84221807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358708)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358708/; classtype:trojan-activity;sid:84221808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358709)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358709/; classtype:trojan-activity;sid:84221809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358710)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358710/; classtype:trojan-activity;sid:84221810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358695)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358695/; classtype:trojan-activity;sid:84221795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358696)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358696/; classtype:trojan-activity;sid:84221796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358697)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358697/; classtype:trojan-activity;sid:84221797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358698)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358698/; classtype:trojan-activity;sid:84221798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358699)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358699/; classtype:trojan-activity;sid:84221799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358700)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358700/; classtype:trojan-activity;sid:84221800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358701)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358701/; classtype:trojan-activity;sid:84221801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358702)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358702/; classtype:trojan-activity;sid:84221802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358693)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358693/; classtype:trojan-activity;sid:84221793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358694)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358694/; classtype:trojan-activity;sid:84221794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358691)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358691/; classtype:trojan-activity;sid:84221791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358692)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358692/; classtype:trojan-activity;sid:84221792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358688)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358688/; classtype:trojan-activity;sid:84221788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358689)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358689/; classtype:trojan-activity;sid:84221789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358690)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358690/; classtype:trojan-activity;sid:84221790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358686)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358686/; classtype:trojan-activity;sid:84221786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358687)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358687/; classtype:trojan-activity;sid:84221787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358684)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358684/; classtype:trojan-activity;sid:84221784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358685)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358685/; classtype:trojan-activity;sid:84221785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358682)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358682/; classtype:trojan-activity;sid:84221782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358683)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358683/; classtype:trojan-activity;sid:84221783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358679)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358679/; classtype:trojan-activity;sid:84221779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358680)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358680/; classtype:trojan-activity;sid:84221780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358681)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358681/; classtype:trojan-activity;sid:84221781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358675)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358675/; classtype:trojan-activity;sid:84221775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358676)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358676/; classtype:trojan-activity;sid:84221776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358677)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358677/; classtype:trojan-activity;sid:84221777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358678)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358678/; classtype:trojan-activity;sid:84221778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358668)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358668/; classtype:trojan-activity;sid:84221768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358669)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358669/; classtype:trojan-activity;sid:84221769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358670)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358670/; classtype:trojan-activity;sid:84221770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358671)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358671/; classtype:trojan-activity;sid:84221771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358672)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358672/; classtype:trojan-activity;sid:84221772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358673)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358673/; classtype:trojan-activity;sid:84221773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358674)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358674/; classtype:trojan-activity;sid:84221774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358661)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358661/; classtype:trojan-activity;sid:84221761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358662)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358662/; classtype:trojan-activity;sid:84221762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358663)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358663/; classtype:trojan-activity;sid:84221763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358664)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358664/; classtype:trojan-activity;sid:84221764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358665)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358665/; classtype:trojan-activity;sid:84221765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358666)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358666/; classtype:trojan-activity;sid:84221766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358667)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358667/; classtype:trojan-activity;sid:84221767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358658)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358658/; classtype:trojan-activity;sid:84221758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358659)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358659/; classtype:trojan-activity;sid:84221759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358660)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358660/; classtype:trojan-activity;sid:84221760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358655)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358655/; classtype:trojan-activity;sid:84221755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358656)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358656/; classtype:trojan-activity;sid:84221756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358657)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358657/; classtype:trojan-activity;sid:84221757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358654)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358654/; classtype:trojan-activity;sid:84221754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358653)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358653/; classtype:trojan-activity;sid:84221753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358652)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358652/; classtype:trojan-activity;sid:84221752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358649)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358649/; classtype:trojan-activity;sid:84221749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358650)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358650/; classtype:trojan-activity;sid:84221750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358651)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358651/; classtype:trojan-activity;sid:84221751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358648)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358648/; classtype:trojan-activity;sid:84221748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358646)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358646/; classtype:trojan-activity;sid:84221746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358647)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358647/; classtype:trojan-activity;sid:84221747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358643)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358643/; classtype:trojan-activity;sid:84221743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358644)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358644/; classtype:trojan-activity;sid:84221744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358645)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358645/; classtype:trojan-activity;sid:84221745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358631)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358631/; classtype:trojan-activity;sid:84221731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358632)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358632/; classtype:trojan-activity;sid:84221732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358633)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358633/; classtype:trojan-activity;sid:84221733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358634)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358634/; classtype:trojan-activity;sid:84221734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358635)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358635/; classtype:trojan-activity;sid:84221735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358636)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358636/; classtype:trojan-activity;sid:84221736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358637)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358637/; classtype:trojan-activity;sid:84221737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358638)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358638/; classtype:trojan-activity;sid:84221738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358639)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358639/; classtype:trojan-activity;sid:84221739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358640)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358640/; classtype:trojan-activity;sid:84221740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358641)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358641/; classtype:trojan-activity;sid:84221741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358642)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358642/; classtype:trojan-activity;sid:84221742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358627)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358627/; classtype:trojan-activity;sid:84221727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358628)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358628/; classtype:trojan-activity;sid:84221728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358629)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358629/; classtype:trojan-activity;sid:84221729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358630)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358630/; classtype:trojan-activity;sid:84221730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358623)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358623/; classtype:trojan-activity;sid:84221723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358624)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358624/; classtype:trojan-activity;sid:84221724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358625)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358625/; classtype:trojan-activity;sid:84221725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358626)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358626/; classtype:trojan-activity;sid:84221726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358621)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358621/; classtype:trojan-activity;sid:84221721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358622)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358622/; classtype:trojan-activity;sid:84221722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358620)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358620/; classtype:trojan-activity;sid:84221720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358619)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358619/; classtype:trojan-activity;sid:84221719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358608)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358608/; classtype:trojan-activity;sid:84221708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358609)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358609/; classtype:trojan-activity;sid:84221709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358610)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358610/; classtype:trojan-activity;sid:84221710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358611)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358611/; classtype:trojan-activity;sid:84221711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358612)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358612/; classtype:trojan-activity;sid:84221712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358613)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358613/; classtype:trojan-activity;sid:84221713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358614)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358614/; classtype:trojan-activity;sid:84221714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358615)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358615/; classtype:trojan-activity;sid:84221715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358616)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358616/; classtype:trojan-activity;sid:84221716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358617)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358617/; classtype:trojan-activity;sid:84221717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358618)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358618/; classtype:trojan-activity;sid:84221718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358606)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358606/; classtype:trojan-activity;sid:84221706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358607)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358607/; classtype:trojan-activity;sid:84221707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358605)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358605/; classtype:trojan-activity;sid:84221705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358603)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358603/; classtype:trojan-activity;sid:84221703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358604)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358604/; classtype:trojan-activity;sid:84221704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358601)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358601/; classtype:trojan-activity;sid:84221701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358602)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358602/; classtype:trojan-activity;sid:84221702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358600)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358600/; classtype:trojan-activity;sid:84221700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358597)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358597/; classtype:trojan-activity;sid:84221697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358598)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358598/; classtype:trojan-activity;sid:84221698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358599)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358599/; classtype:trojan-activity;sid:84221699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358592)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358592/; classtype:trojan-activity;sid:84221692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358593)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358593/; classtype:trojan-activity;sid:84221693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358594)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358594/; classtype:trojan-activity;sid:84221694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358595)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358595/; classtype:trojan-activity;sid:84221695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358596)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358596/; classtype:trojan-activity;sid:84221696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358585)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358585/; classtype:trojan-activity;sid:84221685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358586)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358586/; classtype:trojan-activity;sid:84221686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358587)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358587/; classtype:trojan-activity;sid:84221687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358588)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358588/; classtype:trojan-activity;sid:84221688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358589)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358589/; classtype:trojan-activity;sid:84221689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358590)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358590/; classtype:trojan-activity;sid:84221690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358591)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358591/; classtype:trojan-activity;sid:84221691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358582)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358582/; classtype:trojan-activity;sid:84221682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358583)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358583/; classtype:trojan-activity;sid:84221683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358584)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358584/; classtype:trojan-activity;sid:84221684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358579)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358579/; classtype:trojan-activity;sid:84221679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358580)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358580/; classtype:trojan-activity;sid:84221680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358581)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358581/; classtype:trojan-activity;sid:84221681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358578)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358578/; classtype:trojan-activity;sid:84221678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358576)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358576/; classtype:trojan-activity;sid:84221676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358577)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358577/; classtype:trojan-activity;sid:84221677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358570)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358570/; classtype:trojan-activity;sid:84221670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358571)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358571/; classtype:trojan-activity;sid:84221671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358572)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358572/; classtype:trojan-activity;sid:84221672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358573)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358573/; classtype:trojan-activity;sid:84221673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358574)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358574/; classtype:trojan-activity;sid:84221674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358575)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358575/; classtype:trojan-activity;sid:84221675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358555)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358555/; classtype:trojan-activity;sid:84221655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358556)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358556/; classtype:trojan-activity;sid:84221656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358557)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358557/; classtype:trojan-activity;sid:84221657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358558)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358558/; classtype:trojan-activity;sid:84221658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358559)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358559/; classtype:trojan-activity;sid:84221659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358560)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358560/; classtype:trojan-activity;sid:84221660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358561)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358561/; classtype:trojan-activity;sid:84221661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358562)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358562/; classtype:trojan-activity;sid:84221662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358563)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358563/; classtype:trojan-activity;sid:84221663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358564)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358564/; classtype:trojan-activity;sid:84221664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358565)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358565/; classtype:trojan-activity;sid:84221665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358566)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358566/; classtype:trojan-activity;sid:84221666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358567)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358567/; classtype:trojan-activity;sid:84221667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358568)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358568/; classtype:trojan-activity;sid:84221668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358569)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358569/; classtype:trojan-activity;sid:84221669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358554)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358554/; classtype:trojan-activity;sid:84221654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358553)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358553/; classtype:trojan-activity;sid:84221653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358548)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358548/; classtype:trojan-activity;sid:84221648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358549)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358549/; classtype:trojan-activity;sid:84221649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358550)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358550/; classtype:trojan-activity;sid:84221650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358551)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358551/; classtype:trojan-activity;sid:84221651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358552)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358552/; classtype:trojan-activity;sid:84221652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358537)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358537/; classtype:trojan-activity;sid:84221637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358538)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358538/; classtype:trojan-activity;sid:84221638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358539)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358539/; classtype:trojan-activity;sid:84221639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358540)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358540/; classtype:trojan-activity;sid:84221640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358541)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358541/; classtype:trojan-activity;sid:84221641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358542)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358542/; classtype:trojan-activity;sid:84221642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358543)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358543/; classtype:trojan-activity;sid:84221643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358544)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358544/; classtype:trojan-activity;sid:84221644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358545)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358545/; classtype:trojan-activity;sid:84221645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358546)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358546/; classtype:trojan-activity;sid:84221646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358547)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358547/; classtype:trojan-activity;sid:84221647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358529)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358529/; classtype:trojan-activity;sid:84221629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358530)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358530/; classtype:trojan-activity;sid:84221630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358531)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358531/; classtype:trojan-activity;sid:84221631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358532)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358532/; classtype:trojan-activity;sid:84221632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358533)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358533/; classtype:trojan-activity;sid:84221633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358534)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358534/; classtype:trojan-activity;sid:84221634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358535)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358535/; classtype:trojan-activity;sid:84221635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358536)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358536/; classtype:trojan-activity;sid:84221636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358528)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358528/; classtype:trojan-activity;sid:84221628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358526)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358526/; classtype:trojan-activity;sid:84221626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358527)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358527/; classtype:trojan-activity;sid:84221627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358519)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358519/; classtype:trojan-activity;sid:84221619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358520)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358520/; classtype:trojan-activity;sid:84221620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358521)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358521/; classtype:trojan-activity;sid:84221621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358522)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358522/; classtype:trojan-activity;sid:84221622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358523)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358523/; classtype:trojan-activity;sid:84221623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358524)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358524/; classtype:trojan-activity;sid:84221624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358525)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358525/; classtype:trojan-activity;sid:84221625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358503)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358503/; classtype:trojan-activity;sid:84221603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358504)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358504/; classtype:trojan-activity;sid:84221604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358505)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358505/; classtype:trojan-activity;sid:84221605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358506)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358506/; classtype:trojan-activity;sid:84221606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358507)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358507/; classtype:trojan-activity;sid:84221607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358508)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358508/; classtype:trojan-activity;sid:84221608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358509)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358509/; classtype:trojan-activity;sid:84221609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358510)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358510/; classtype:trojan-activity;sid:84221610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358511)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358511/; classtype:trojan-activity;sid:84221611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358512)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358512/; classtype:trojan-activity;sid:84221612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358513)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358513/; classtype:trojan-activity;sid:84221613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358514)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358514/; classtype:trojan-activity;sid:84221614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358515)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358515/; classtype:trojan-activity;sid:84221615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358516)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358516/; classtype:trojan-activity;sid:84221616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358517)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358517/; classtype:trojan-activity;sid:84221617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358518)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358518/; classtype:trojan-activity;sid:84221618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358500)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358500/; classtype:trojan-activity;sid:84221600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358501)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358501/; classtype:trojan-activity;sid:84221601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358502)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358502/; classtype:trojan-activity;sid:84221602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358498)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358498/; classtype:trojan-activity;sid:84221598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358499)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358499/; classtype:trojan-activity;sid:84221599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358497)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358497/; classtype:trojan-activity;sid:84221597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358496)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358496/; classtype:trojan-activity;sid:84221596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358493)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358493/; classtype:trojan-activity;sid:84221593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358494)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358494/; classtype:trojan-activity;sid:84221594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358495)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358495/; classtype:trojan-activity;sid:84221595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358492)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358492/; classtype:trojan-activity;sid:84221592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358477)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358477/; classtype:trojan-activity;sid:84221577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358478)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358478/; classtype:trojan-activity;sid:84221578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358479)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358479/; classtype:trojan-activity;sid:84221579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358480)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358480/; classtype:trojan-activity;sid:84221580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358481)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358481/; classtype:trojan-activity;sid:84221581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358482)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358482/; classtype:trojan-activity;sid:84221582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358483)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358483/; classtype:trojan-activity;sid:84221583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358484)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358484/; classtype:trojan-activity;sid:84221584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358485)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358485/; classtype:trojan-activity;sid:84221585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358486)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358486/; classtype:trojan-activity;sid:84221586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358487)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358487/; classtype:trojan-activity;sid:84221587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358488)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358488/; classtype:trojan-activity;sid:84221588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358489)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358489/; classtype:trojan-activity;sid:84221589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358490)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358490/; classtype:trojan-activity;sid:84221590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358491)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358491/; classtype:trojan-activity;sid:84221591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358469)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358469/; classtype:trojan-activity;sid:84221569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358470)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358470/; classtype:trojan-activity;sid:84221570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358471)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358471/; classtype:trojan-activity;sid:84221571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358472)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358472/; classtype:trojan-activity;sid:84221572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358473)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358473/; classtype:trojan-activity;sid:84221573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358474)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358474/; classtype:trojan-activity;sid:84221574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358475)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358475/; classtype:trojan-activity;sid:84221575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358476)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358476/; classtype:trojan-activity;sid:84221576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358465)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358465/; classtype:trojan-activity;sid:84221565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358466)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358466/; classtype:trojan-activity;sid:84221566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358467)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358467/; classtype:trojan-activity;sid:84221567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358468)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358468/; classtype:trojan-activity;sid:84221568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358462)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358462/; classtype:trojan-activity;sid:84221562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358463)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358463/; classtype:trojan-activity;sid:84221563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358464)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358464/; classtype:trojan-activity;sid:84221564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358461)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358461/; classtype:trojan-activity;sid:84221561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358460)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358460/; classtype:trojan-activity;sid:84221560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358451)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358451/; classtype:trojan-activity;sid:84221551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358452)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358452/; classtype:trojan-activity;sid:84221552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358453)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358453/; classtype:trojan-activity;sid:84221553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358454)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358454/; classtype:trojan-activity;sid:84221554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358455)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358455/; classtype:trojan-activity;sid:84221555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358456)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358456/; classtype:trojan-activity;sid:84221556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358457)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358457/; classtype:trojan-activity;sid:84221557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358458)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358458/; classtype:trojan-activity;sid:84221558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358459)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358459/; classtype:trojan-activity;sid:84221559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358439)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358439/; classtype:trojan-activity;sid:84221539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358440)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358440/; classtype:trojan-activity;sid:84221540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358441)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358441/; classtype:trojan-activity;sid:84221541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358442)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358442/; classtype:trojan-activity;sid:84221542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358443)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358443/; classtype:trojan-activity;sid:84221543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358444)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358444/; classtype:trojan-activity;sid:84221544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358445)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358445/; classtype:trojan-activity;sid:84221545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358446)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358446/; classtype:trojan-activity;sid:84221546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358447)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358447/; classtype:trojan-activity;sid:84221547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358448)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358448/; classtype:trojan-activity;sid:84221548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358449)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358449/; classtype:trojan-activity;sid:84221549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358450)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358450/; classtype:trojan-activity;sid:84221550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358434)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358434/; classtype:trojan-activity;sid:84221534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358435)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358435/; classtype:trojan-activity;sid:84221535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358436)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358436/; classtype:trojan-activity;sid:84221536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358437)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358437/; classtype:trojan-activity;sid:84221537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358438)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358438/; classtype:trojan-activity;sid:84221538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358433)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358433/; classtype:trojan-activity;sid:84221533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358432)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358432/; classtype:trojan-activity;sid:84221532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358430)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358430/; classtype:trojan-activity;sid:84221530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358431)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358431/; classtype:trojan-activity;sid:84221531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358423)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358423/; classtype:trojan-activity;sid:84221523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358424)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358424/; classtype:trojan-activity;sid:84221524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358425)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358425/; classtype:trojan-activity;sid:84221525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358426)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358426/; classtype:trojan-activity;sid:84221526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358427)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358427/; classtype:trojan-activity;sid:84221527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358428)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358428/; classtype:trojan-activity;sid:84221528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358429)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358429/; classtype:trojan-activity;sid:84221529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358406)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358406/; classtype:trojan-activity;sid:84221506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358407)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358407/; classtype:trojan-activity;sid:84221507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358408)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358408/; classtype:trojan-activity;sid:84221508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358409)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358409/; classtype:trojan-activity;sid:84221509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358410)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358410/; classtype:trojan-activity;sid:84221510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358411)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358411/; classtype:trojan-activity;sid:84221511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358412)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358412/; classtype:trojan-activity;sid:84221512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358413)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358413/; classtype:trojan-activity;sid:84221513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358414)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358414/; classtype:trojan-activity;sid:84221514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358415)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358415/; classtype:trojan-activity;sid:84221515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358416)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358416/; classtype:trojan-activity;sid:84221516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358417)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358417/; classtype:trojan-activity;sid:84221517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358418)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358418/; classtype:trojan-activity;sid:84221518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358419)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358419/; classtype:trojan-activity;sid:84221519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358420)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358420/; classtype:trojan-activity;sid:84221520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358421)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358421/; classtype:trojan-activity;sid:84221521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358422)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358422/; classtype:trojan-activity;sid:84221522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358405)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358405/; classtype:trojan-activity;sid:84221505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358404)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358404/; classtype:trojan-activity;sid:84221504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358403)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358403/; classtype:trojan-activity;sid:84221503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358402)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358402/; classtype:trojan-activity;sid:84221502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358386)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358386/; classtype:trojan-activity;sid:84221486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358387)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358387/; classtype:trojan-activity;sid:84221487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358388)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358388/; classtype:trojan-activity;sid:84221488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358389)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358389/; classtype:trojan-activity;sid:84221489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358390)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358390/; classtype:trojan-activity;sid:84221490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358391)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358391/; classtype:trojan-activity;sid:84221491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358392)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358392/; classtype:trojan-activity;sid:84221492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358393)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358393/; classtype:trojan-activity;sid:84221493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358394)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358394/; classtype:trojan-activity;sid:84221494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358395)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358395/; classtype:trojan-activity;sid:84221495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358396)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358396/; classtype:trojan-activity;sid:84221496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358397)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358397/; classtype:trojan-activity;sid:84221497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358398)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358398/; classtype:trojan-activity;sid:84221498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358399)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358399/; classtype:trojan-activity;sid:84221499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358400)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358400/; classtype:trojan-activity;sid:84221500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358401)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358401/; classtype:trojan-activity;sid:84221501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358381)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358381/; classtype:trojan-activity;sid:84221481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358382)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358382/; classtype:trojan-activity;sid:84221482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358383)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358383/; classtype:trojan-activity;sid:84221483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358384)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358384/; classtype:trojan-activity;sid:84221484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358385)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358385/; classtype:trojan-activity;sid:84221485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358378)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358378/; classtype:trojan-activity;sid:84221478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358379)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358379/; classtype:trojan-activity;sid:84221479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358380)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358380/; classtype:trojan-activity;sid:84221480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358371)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358371/; classtype:trojan-activity;sid:84221471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358372)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358372/; classtype:trojan-activity;sid:84221472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358373)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358373/; classtype:trojan-activity;sid:84221473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358374)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358374/; classtype:trojan-activity;sid:84221474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358375)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358375/; classtype:trojan-activity;sid:84221475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358376)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358376/; classtype:trojan-activity;sid:84221476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358377)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358377/; classtype:trojan-activity;sid:84221477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358358)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358358/; classtype:trojan-activity;sid:84221458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358359)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358359/; classtype:trojan-activity;sid:84221459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358360)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358360/; classtype:trojan-activity;sid:84221460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358361)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358361/; classtype:trojan-activity;sid:84221461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358362)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358362/; classtype:trojan-activity;sid:84221462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358363)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358363/; classtype:trojan-activity;sid:84221463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358364)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358364/; classtype:trojan-activity;sid:84221464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358365)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358365/; classtype:trojan-activity;sid:84221465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358366)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358366/; classtype:trojan-activity;sid:84221466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358367)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358367/; classtype:trojan-activity;sid:84221467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358368)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358368/; classtype:trojan-activity;sid:84221468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358369)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358369/; classtype:trojan-activity;sid:84221469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358370)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358370/; classtype:trojan-activity;sid:84221470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358353)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358353/; classtype:trojan-activity;sid:84221453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358354)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358354/; classtype:trojan-activity;sid:84221454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358355)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358355/; classtype:trojan-activity;sid:84221455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358356)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358356/; classtype:trojan-activity;sid:84221456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358357)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358357/; classtype:trojan-activity;sid:84221457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358351)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358351/; classtype:trojan-activity;sid:84221451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358352)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358352/; classtype:trojan-activity;sid:84221452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358348)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358348/; classtype:trojan-activity;sid:84221448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358349)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358349/; classtype:trojan-activity;sid:84221449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358350)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358350/; classtype:trojan-activity;sid:84221450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358344)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358344/; classtype:trojan-activity;sid:84221444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358345)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358345/; classtype:trojan-activity;sid:84221445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358346)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358346/; classtype:trojan-activity;sid:84221446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358347)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358347/; classtype:trojan-activity;sid:84221447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358331)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358331/; classtype:trojan-activity;sid:84221431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358332)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358332/; classtype:trojan-activity;sid:84221432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358333)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358333/; classtype:trojan-activity;sid:84221433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358334)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358334/; classtype:trojan-activity;sid:84221434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358335)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358335/; classtype:trojan-activity;sid:84221435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358336)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358336/; classtype:trojan-activity;sid:84221436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358337)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358337/; classtype:trojan-activity;sid:84221437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358338)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358338/; classtype:trojan-activity;sid:84221438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358339)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358339/; classtype:trojan-activity;sid:84221439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358340)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358340/; classtype:trojan-activity;sid:84221440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358341)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358341/; classtype:trojan-activity;sid:84221441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358342)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358342/; classtype:trojan-activity;sid:84221442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358343)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358343/; classtype:trojan-activity;sid:84221443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358326)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358326/; classtype:trojan-activity;sid:84221426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358327)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358327/; classtype:trojan-activity;sid:84221427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358328)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358328/; classtype:trojan-activity;sid:84221428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358329)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358329/; classtype:trojan-activity;sid:84221429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358330)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358330/; classtype:trojan-activity;sid:84221430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358322)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358322/; classtype:trojan-activity;sid:84221422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358323)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358323/; classtype:trojan-activity;sid:84221423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358324)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358324/; classtype:trojan-activity;sid:84221424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358325)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358325/; classtype:trojan-activity;sid:84221425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358319)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358319/; classtype:trojan-activity;sid:84221419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358320)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358320/; classtype:trojan-activity;sid:84221420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358321)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358321/; classtype:trojan-activity;sid:84221421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358298)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358298/; classtype:trojan-activity;sid:84221398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358299)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358299/; classtype:trojan-activity;sid:84221399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358300)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358300/; classtype:trojan-activity;sid:84221400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358301)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358301/; classtype:trojan-activity;sid:84221401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358302)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358302/; classtype:trojan-activity;sid:84221402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358303)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358303/; classtype:trojan-activity;sid:84221403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358304)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358304/; classtype:trojan-activity;sid:84221404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358305)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358305/; classtype:trojan-activity;sid:84221405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358306)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358306/; classtype:trojan-activity;sid:84221406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358307)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358307/; classtype:trojan-activity;sid:84221407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358308)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358308/; classtype:trojan-activity;sid:84221408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358309)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358309/; classtype:trojan-activity;sid:84221409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358310)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358310/; classtype:trojan-activity;sid:84221410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358311)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358311/; classtype:trojan-activity;sid:84221411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358312)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358312/; classtype:trojan-activity;sid:84221412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358313)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358313/; classtype:trojan-activity;sid:84221413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358314)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358314/; classtype:trojan-activity;sid:84221414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358315)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358315/; classtype:trojan-activity;sid:84221415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358316)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358316/; classtype:trojan-activity;sid:84221416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358317)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358317/; classtype:trojan-activity;sid:84221417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358318)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358318/; classtype:trojan-activity;sid:84221418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358294)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358294/; classtype:trojan-activity;sid:84221394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358295)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358295/; classtype:trojan-activity;sid:84221395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358296)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358296/; classtype:trojan-activity;sid:84221396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358297)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358297/; classtype:trojan-activity;sid:84221397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358293)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358293/; classtype:trojan-activity;sid:84221393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358292)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358292/; classtype:trojan-activity;sid:84221392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358290)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358290/; classtype:trojan-activity;sid:84221390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358291)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358291/; classtype:trojan-activity;sid:84221391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358288)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358288/; classtype:trojan-activity;sid:84221388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358289)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358289/; classtype:trojan-activity;sid:84221389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358276)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358276/; classtype:trojan-activity;sid:84221376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358277)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358277/; classtype:trojan-activity;sid:84221377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358278)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358278/; classtype:trojan-activity;sid:84221378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358279)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358279/; classtype:trojan-activity;sid:84221379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358280)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358280/; classtype:trojan-activity;sid:84221380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358281)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358281/; classtype:trojan-activity;sid:84221381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358282)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358282/; classtype:trojan-activity;sid:84221382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358283)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358283/; classtype:trojan-activity;sid:84221383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358284)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358284/; classtype:trojan-activity;sid:84221384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358285)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358285/; classtype:trojan-activity;sid:84221385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358286)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358286/; classtype:trojan-activity;sid:84221386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358287)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358287/; classtype:trojan-activity;sid:84221387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358261)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358261/; classtype:trojan-activity;sid:84221361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358262)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358262/; classtype:trojan-activity;sid:84221362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358263)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358263/; classtype:trojan-activity;sid:84221363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358264)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358264/; classtype:trojan-activity;sid:84221364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358265)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358265/; classtype:trojan-activity;sid:84221365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358266)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358266/; classtype:trojan-activity;sid:84221366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358267)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358267/; classtype:trojan-activity;sid:84221367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358268)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358268/; classtype:trojan-activity;sid:84221368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358269)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358269/; classtype:trojan-activity;sid:84221369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358270)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358270/; classtype:trojan-activity;sid:84221370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358271)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358271/; classtype:trojan-activity;sid:84221371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358272)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358272/; classtype:trojan-activity;sid:84221372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358273)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358273/; classtype:trojan-activity;sid:84221373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358274)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358274/; classtype:trojan-activity;sid:84221374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358275)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358275/; classtype:trojan-activity;sid:84221375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358258)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358258/; classtype:trojan-activity;sid:84221358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358259)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358259/; classtype:trojan-activity;sid:84221359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358260)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358260/; classtype:trojan-activity;sid:84221360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358256)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358256/; classtype:trojan-activity;sid:84221356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358257)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358257/; classtype:trojan-activity;sid:84221357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358255)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358255/; classtype:trojan-activity;sid:84221355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358253)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358253/; classtype:trojan-activity;sid:84221353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358254)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358254/; classtype:trojan-activity;sid:84221354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358250)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358250/; classtype:trojan-activity;sid:84221350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358251)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358251/; classtype:trojan-activity;sid:84221351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358252)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358252/; classtype:trojan-activity;sid:84221352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358231)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358231/; classtype:trojan-activity;sid:84221331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358232)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358232/; classtype:trojan-activity;sid:84221332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358233)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358233/; classtype:trojan-activity;sid:84221333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358234)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358234/; classtype:trojan-activity;sid:84221334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358235)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358235/; classtype:trojan-activity;sid:84221335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358236)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358236/; classtype:trojan-activity;sid:84221336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358237)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358237/; classtype:trojan-activity;sid:84221337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358238)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358238/; classtype:trojan-activity;sid:84221338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358239)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358239/; classtype:trojan-activity;sid:84221339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358240)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358240/; classtype:trojan-activity;sid:84221340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358241)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358241/; classtype:trojan-activity;sid:84221341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358242)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358242/; classtype:trojan-activity;sid:84221342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358243)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358243/; classtype:trojan-activity;sid:84221343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358244)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358244/; classtype:trojan-activity;sid:84221344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358245)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358245/; classtype:trojan-activity;sid:84221345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358246)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358246/; classtype:trojan-activity;sid:84221346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358247)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358247/; classtype:trojan-activity;sid:84221347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358248)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358248/; classtype:trojan-activity;sid:84221348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358249)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358249/; classtype:trojan-activity;sid:84221349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358221)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358221/; classtype:trojan-activity;sid:84221321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358222)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358222/; classtype:trojan-activity;sid:84221322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358223)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358223/; classtype:trojan-activity;sid:84221323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358224)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358224/; classtype:trojan-activity;sid:84221324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358225)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358225/; classtype:trojan-activity;sid:84221325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358226)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358226/; classtype:trojan-activity;sid:84221326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358227)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358227/; classtype:trojan-activity;sid:84221327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358228)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358228/; classtype:trojan-activity;sid:84221328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358229)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358229/; classtype:trojan-activity;sid:84221329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358230)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358230/; classtype:trojan-activity;sid:84221330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358218)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358218/; classtype:trojan-activity;sid:84221318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358219)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358219/; classtype:trojan-activity;sid:84221319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358220)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358220/; classtype:trojan-activity;sid:84221320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358217)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358217/; classtype:trojan-activity;sid:84221317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358208)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358208/; classtype:trojan-activity;sid:84221308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358209)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358209/; classtype:trojan-activity;sid:84221309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358210)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358210/; classtype:trojan-activity;sid:84221310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358211)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358211/; classtype:trojan-activity;sid:84221311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358212)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358212/; classtype:trojan-activity;sid:84221312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358213)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358213/; classtype:trojan-activity;sid:84221313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358214)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358214/; classtype:trojan-activity;sid:84221314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358215)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358215/; classtype:trojan-activity;sid:84221315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358216)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358216/; classtype:trojan-activity;sid:84221316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358182)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358182/; classtype:trojan-activity;sid:84221282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358183)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358183/; classtype:trojan-activity;sid:84221283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358184)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358184/; classtype:trojan-activity;sid:84221284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358185)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358185/; classtype:trojan-activity;sid:84221285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358186)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358186/; classtype:trojan-activity;sid:84221286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358187)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358187/; classtype:trojan-activity;sid:84221287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358188)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358188/; classtype:trojan-activity;sid:84221288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358189)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358189/; classtype:trojan-activity;sid:84221289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358190)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358190/; classtype:trojan-activity;sid:84221290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358191)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358191/; classtype:trojan-activity;sid:84221291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358192)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358192/; classtype:trojan-activity;sid:84221292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358193)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358193/; classtype:trojan-activity;sid:84221293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358194)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358194/; classtype:trojan-activity;sid:84221294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358195)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358195/; classtype:trojan-activity;sid:84221295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358196)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358196/; classtype:trojan-activity;sid:84221296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358197)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358197/; classtype:trojan-activity;sid:84221297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358198)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358198/; classtype:trojan-activity;sid:84221298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358199)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358199/; classtype:trojan-activity;sid:84221299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358200)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358200/; classtype:trojan-activity;sid:84221300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358201)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358201/; classtype:trojan-activity;sid:84221301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358202)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358202/; classtype:trojan-activity;sid:84221302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358203)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358203/; classtype:trojan-activity;sid:84221303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358204)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358204/; classtype:trojan-activity;sid:84221304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358205)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358205/; classtype:trojan-activity;sid:84221305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358206)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358206/; classtype:trojan-activity;sid:84221306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358207)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358207/; classtype:trojan-activity;sid:84221307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358180)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358180/; classtype:trojan-activity;sid:84221280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358181)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358181/; classtype:trojan-activity;sid:84221281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358179)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358179/; classtype:trojan-activity;sid:84221279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358163)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358163/; classtype:trojan-activity;sid:84221263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358164)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358164/; classtype:trojan-activity;sid:84221264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358165)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358165/; classtype:trojan-activity;sid:84221265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358166)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358166/; classtype:trojan-activity;sid:84221266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358167)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358167/; classtype:trojan-activity;sid:84221267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358168)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358168/; classtype:trojan-activity;sid:84221268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358169)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358169/; classtype:trojan-activity;sid:84221269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358170)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358170/; classtype:trojan-activity;sid:84221270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358171)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358171/; classtype:trojan-activity;sid:84221271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358172)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358172/; classtype:trojan-activity;sid:84221272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358173)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358173/; classtype:trojan-activity;sid:84221273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358174)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358174/; classtype:trojan-activity;sid:84221274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358175)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358175/; classtype:trojan-activity;sid:84221275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358176)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358176/; classtype:trojan-activity;sid:84221276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358177)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358177/; classtype:trojan-activity;sid:84221277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358178)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358178/; classtype:trojan-activity;sid:84221278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358144)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358144/; classtype:trojan-activity;sid:84221244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358145)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358145/; classtype:trojan-activity;sid:84221245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358146)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358146/; classtype:trojan-activity;sid:84221246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358147)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358147/; classtype:trojan-activity;sid:84221247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358148)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358148/; classtype:trojan-activity;sid:84221248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358149)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358149/; classtype:trojan-activity;sid:84221249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358150)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358150/; classtype:trojan-activity;sid:84221250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358151)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358151/; classtype:trojan-activity;sid:84221251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358152)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358152/; classtype:trojan-activity;sid:84221252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358153)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358153/; classtype:trojan-activity;sid:84221253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358154)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358154/; classtype:trojan-activity;sid:84221254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358155)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358155/; classtype:trojan-activity;sid:84221255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358156)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358156/; classtype:trojan-activity;sid:84221256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358157)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358157/; classtype:trojan-activity;sid:84221257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358158)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358158/; classtype:trojan-activity;sid:84221258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358159)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358159/; classtype:trojan-activity;sid:84221259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358160)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358160/; classtype:trojan-activity;sid:84221260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358161)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358161/; classtype:trojan-activity;sid:84221261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358162)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358162/; classtype:trojan-activity;sid:84221262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358142)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358142/; classtype:trojan-activity;sid:84221242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358143)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358143/; classtype:trojan-activity;sid:84221243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358141)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358141/; classtype:trojan-activity;sid:84221241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358140)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358140/; classtype:trojan-activity;sid:84221240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358120)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358120/; classtype:trojan-activity;sid:84221220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358121)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358121/; classtype:trojan-activity;sid:84221221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358122)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358122/; classtype:trojan-activity;sid:84221222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358123)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358123/; classtype:trojan-activity;sid:84221223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358124)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358124/; classtype:trojan-activity;sid:84221224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358125)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358125/; classtype:trojan-activity;sid:84221225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358126)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358126/; classtype:trojan-activity;sid:84221226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358127)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358127/; classtype:trojan-activity;sid:84221227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358128)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358128/; classtype:trojan-activity;sid:84221228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358129)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358129/; classtype:trojan-activity;sid:84221229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358130)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358130/; classtype:trojan-activity;sid:84221230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358131)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358131/; classtype:trojan-activity;sid:84221231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358132)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358132/; classtype:trojan-activity;sid:84221232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358133)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358133/; classtype:trojan-activity;sid:84221233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358134)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358134/; classtype:trojan-activity;sid:84221234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358135)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358135/; classtype:trojan-activity;sid:84221235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358136)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358136/; classtype:trojan-activity;sid:84221236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358137)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358137/; classtype:trojan-activity;sid:84221237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358138)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358138/; classtype:trojan-activity;sid:84221238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358139)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358139/; classtype:trojan-activity;sid:84221239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358105)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358105/; classtype:trojan-activity;sid:84221205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358106)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358106/; classtype:trojan-activity;sid:84221206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358107)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358107/; classtype:trojan-activity;sid:84221207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358108)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358108/; classtype:trojan-activity;sid:84221208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358109)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358109/; classtype:trojan-activity;sid:84221209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358110)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358110/; classtype:trojan-activity;sid:84221210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358111)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358111/; classtype:trojan-activity;sid:84221211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358112)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358112/; classtype:trojan-activity;sid:84221212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358113)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358113/; classtype:trojan-activity;sid:84221213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358114)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358114/; classtype:trojan-activity;sid:84221214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358115)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358115/; classtype:trojan-activity;sid:84221215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358116)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358116/; classtype:trojan-activity;sid:84221216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358117)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358117/; classtype:trojan-activity;sid:84221217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358118)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358118/; classtype:trojan-activity;sid:84221218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358119)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358119/; classtype:trojan-activity;sid:84221219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358104)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358104/; classtype:trojan-activity;sid:84221204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358103)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358103/; classtype:trojan-activity;sid:84221203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358101)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358101/; classtype:trojan-activity;sid:84221201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358102)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358102/; classtype:trojan-activity;sid:84221202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358067)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358067/; classtype:trojan-activity;sid:84221167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358068)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358068/; classtype:trojan-activity;sid:84221168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358069)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358069/; classtype:trojan-activity;sid:84221169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358070)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358070/; classtype:trojan-activity;sid:84221170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358071)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358071/; classtype:trojan-activity;sid:84221171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358072)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358072/; classtype:trojan-activity;sid:84221172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358073)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358073/; classtype:trojan-activity;sid:84221173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358074)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358074/; classtype:trojan-activity;sid:84221174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358075)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358075/; classtype:trojan-activity;sid:84221175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358076)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358076/; classtype:trojan-activity;sid:84221176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358077)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358077/; classtype:trojan-activity;sid:84221177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358078)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358078/; classtype:trojan-activity;sid:84221178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358079)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358079/; classtype:trojan-activity;sid:84221179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358080)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358080/; classtype:trojan-activity;sid:84221180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358081)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358081/; classtype:trojan-activity;sid:84221181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358082)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358082/; classtype:trojan-activity;sid:84221182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358083)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358083/; classtype:trojan-activity;sid:84221183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358084)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358084/; classtype:trojan-activity;sid:84221184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358085)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358085/; classtype:trojan-activity;sid:84221185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358086)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358086/; classtype:trojan-activity;sid:84221186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358087)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358087/; classtype:trojan-activity;sid:84221187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358088)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358088/; classtype:trojan-activity;sid:84221188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358089)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358089/; classtype:trojan-activity;sid:84221189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358090)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358090/; classtype:trojan-activity;sid:84221190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358091)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358091/; classtype:trojan-activity;sid:84221191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358092)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358092/; classtype:trojan-activity;sid:84221192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358093)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358093/; classtype:trojan-activity;sid:84221193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358094)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358094/; classtype:trojan-activity;sid:84221194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358095)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358095/; classtype:trojan-activity;sid:84221195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358096)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358096/; classtype:trojan-activity;sid:84221196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358097)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358097/; classtype:trojan-activity;sid:84221197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358098)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358098/; classtype:trojan-activity;sid:84221198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358099)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358099/; classtype:trojan-activity;sid:84221199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358100)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358100/; classtype:trojan-activity;sid:84221200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358064)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358064/; classtype:trojan-activity;sid:84221164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358065)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358065/; classtype:trojan-activity;sid:84221165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358066)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358066/; classtype:trojan-activity;sid:84221166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358047)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358047/; classtype:trojan-activity;sid:84221147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358048)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358048/; classtype:trojan-activity;sid:84221148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358049)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358049/; classtype:trojan-activity;sid:84221149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358050)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358050/; classtype:trojan-activity;sid:84221150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358051)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358051/; classtype:trojan-activity;sid:84221151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358052)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358052/; classtype:trojan-activity;sid:84221152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358053)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358053/; classtype:trojan-activity;sid:84221153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358054)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358054/; classtype:trojan-activity;sid:84221154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358055)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358055/; classtype:trojan-activity;sid:84221155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358056)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358056/; classtype:trojan-activity;sid:84221156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358057)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358057/; classtype:trojan-activity;sid:84221157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358058)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"formulaire-sociale.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358058/; classtype:trojan-activity;sid:84221158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358059)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358059/; classtype:trojan-activity;sid:84221159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358060)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358060/; classtype:trojan-activity;sid:84221160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358061)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358061/; classtype:trojan-activity;sid:84221161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358062)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358062/; classtype:trojan-activity;sid:84221162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358063)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358063/; classtype:trojan-activity;sid:84221163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358025)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358025/; classtype:trojan-activity;sid:84221125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358026)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358026/; classtype:trojan-activity;sid:84221126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358027)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358027/; classtype:trojan-activity;sid:84221127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358028)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358028/; classtype:trojan-activity;sid:84221128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358029)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358029/; classtype:trojan-activity;sid:84221129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358030)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358030/; classtype:trojan-activity;sid:84221130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358031)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358031/; classtype:trojan-activity;sid:84221131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358032)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358032/; classtype:trojan-activity;sid:84221132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358033)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358033/; classtype:trojan-activity;sid:84221133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358034)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358034/; classtype:trojan-activity;sid:84221134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358035)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358035/; classtype:trojan-activity;sid:84221135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358036)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358036/; classtype:trojan-activity;sid:84221136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358037)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358037/; classtype:trojan-activity;sid:84221137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358038)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358038/; classtype:trojan-activity;sid:84221138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358039)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358039/; classtype:trojan-activity;sid:84221139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358040)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358040/; classtype:trojan-activity;sid:84221140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358041)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358041/; classtype:trojan-activity;sid:84221141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358042)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358042/; classtype:trojan-activity;sid:84221142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358043)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358043/; classtype:trojan-activity;sid:84221143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358044)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358044/; classtype:trojan-activity;sid:84221144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358045)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358045/; classtype:trojan-activity;sid:84221145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358046)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358046/; classtype:trojan-activity;sid:84221146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358024)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358024/; classtype:trojan-activity;sid:84221124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358022)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358022/; classtype:trojan-activity;sid:84221122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358023)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358023/; classtype:trojan-activity;sid:84221123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358012)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"controlpedido.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358012/; classtype:trojan-activity;sid:84221112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358013)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358013/; classtype:trojan-activity;sid:84221113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358014)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358014/; classtype:trojan-activity;sid:84221114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358015)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358015/; classtype:trojan-activity;sid:84221115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358016)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358016/; classtype:trojan-activity;sid:84221116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358017)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358017/; classtype:trojan-activity;sid:84221117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358018)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358018/; classtype:trojan-activity;sid:84221118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358019)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358019/; classtype:trojan-activity;sid:84221119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358020)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ups-support.dns-report.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358020/; classtype:trojan-activity;sid:84221120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358021)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358021/; classtype:trojan-activity;sid:84221121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357986)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357986/; classtype:trojan-activity;sid:84221086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357987)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357987/; classtype:trojan-activity;sid:84221087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357988)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357988/; classtype:trojan-activity;sid:84221088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357989)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357989/; classtype:trojan-activity;sid:84221089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357990)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357990/; classtype:trojan-activity;sid:84221090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357991)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357991/; classtype:trojan-activity;sid:84221091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357992)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357992/; classtype:trojan-activity;sid:84221092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357993)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357993/; classtype:trojan-activity;sid:84221093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357994)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357994/; classtype:trojan-activity;sid:84221094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357995)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357995/; classtype:trojan-activity;sid:84221095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357996)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357996/; classtype:trojan-activity;sid:84221096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357997)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357997/; classtype:trojan-activity;sid:84221097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357998)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357998/; classtype:trojan-activity;sid:84221098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357999)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357999/; classtype:trojan-activity;sid:84221099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358000)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358000/; classtype:trojan-activity;sid:84221100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358001)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358001/; classtype:trojan-activity;sid:84221101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358002)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358002/; classtype:trojan-activity;sid:84221102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358003)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358003/; classtype:trojan-activity;sid:84221103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358004)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358004/; classtype:trojan-activity;sid:84221104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358005)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minupakk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358005/; classtype:trojan-activity;sid:84221105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358006)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358006/; classtype:trojan-activity;sid:84221106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358007)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358007/; classtype:trojan-activity;sid:84221107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358008)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"suivre-commande.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358008/; classtype:trojan-activity;sid:84221108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358009)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mon-espace-carte-vitale.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358009/; classtype:trojan-activity;sid:84221109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358010)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minu-pakk.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358010/; classtype:trojan-activity;sid:84221110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3358011)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aide-acheminement-info.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3358011/; classtype:trojan-activity;sid:84221111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357985)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357985/; classtype:trojan-activity;sid:84221085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357982)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aboverlangerung.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357982/; classtype:trojan-activity;sid:84221082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357983)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357983/; classtype:trojan-activity;sid:84221083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357984)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357984/; classtype:trojan-activity;sid:84221084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357951)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357951/; classtype:trojan-activity;sid:84221051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357952)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357952/; classtype:trojan-activity;sid:84221052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357953)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357953/; classtype:trojan-activity;sid:84221053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357954)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upspacket.delivery"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357954/; classtype:trojan-activity;sid:84221054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357955)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357955/; classtype:trojan-activity;sid:84221055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357956)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357956/; classtype:trojan-activity;sid:84221056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357957)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"live-sendungsverfolgung.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357957/; classtype:trojan-activity;sid:84221057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357958)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"espace-medical.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357958/; classtype:trojan-activity;sid:84221058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357959)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357959/; classtype:trojan-activity;sid:84221059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357960)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"minu-pakk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357960/; classtype:trojan-activity;sid:84221060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357961)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mes-demarches-renouvellement.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357961/; classtype:trojan-activity;sid:84221061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357962)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357962/; classtype:trojan-activity;sid:84221062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357963)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357963/; classtype:trojan-activity;sid:84221063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357964)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357964/; classtype:trojan-activity;sid:84221064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357965)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"trackpacking-ups.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357965/; classtype:trojan-activity;sid:84221065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357966)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servvital.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357966/; classtype:trojan-activity;sid:84221066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357967)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"acheminement-suivis.fr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357967/; classtype:trojan-activity;sid:84221067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357968)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357968/; classtype:trojan-activity;sid:84221068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357969)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"monsuivicommande.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357969/; classtype:trojan-activity;sid:84221069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357970)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-ma-commande.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357970/; classtype:trojan-activity;sid:84221070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357971)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357971/; classtype:trojan-activity;sid:84221071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357972)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357972/; classtype:trojan-activity;sid:84221072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357973)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357973/; classtype:trojan-activity;sid:84221073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357974)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"commande-suivre.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357974/; classtype:trojan-activity;sid:84221074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357975)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myparcel-track-find.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357975/; classtype:trojan-activity;sid:84221075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357976)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"my.upspacket.delivery"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357976/; classtype:trojan-activity;sid:84221076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357977)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357977/; classtype:trojan-activity;sid:84221077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357978)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dienstmyhermes.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357978/; classtype:trojan-activity;sid:84221078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357979)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"support-ma-commande.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357979/; classtype:trojan-activity;sid:84221079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357980)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"contravinf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357980/; classtype:trojan-activity;sid:84221080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357981)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"webmail.tracking-packages.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357981/; classtype:trojan-activity;sid:84221081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357946)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-packages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357946/; classtype:trojan-activity;sid:84221046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357947)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357947/; classtype:trojan-activity;sid:84221047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357948)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"service-espace-sante.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357948/; classtype:trojan-activity;sid:84221048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357949)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357949/; classtype:trojan-activity;sid:84221049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357950)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"newmajwebmeil.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357950/; classtype:trojan-activity;sid:84221050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357945)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"renouvellement-espace-vitale-ameli.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357945/; classtype:trojan-activity;sid:84221045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357944)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357944/; classtype:trojan-activity;sid:84221044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357943)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357943/; classtype:trojan-activity;sid:84221043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357923)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357923/; classtype:trojan-activity;sid:84221023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357924)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357924/; classtype:trojan-activity;sid:84221024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357925)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357925/; classtype:trojan-activity;sid:84221025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357926)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357926/; classtype:trojan-activity;sid:84221026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357927)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357927/; classtype:trojan-activity;sid:84221027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357928)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357928/; classtype:trojan-activity;sid:84221028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357929)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357929/; classtype:trojan-activity;sid:84221029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357930)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357930/; classtype:trojan-activity;sid:84221030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357931)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357931/; classtype:trojan-activity;sid:84221031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357932)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357932/; classtype:trojan-activity;sid:84221032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357933)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357933/; classtype:trojan-activity;sid:84221033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357934)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357934/; classtype:trojan-activity;sid:84221034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357935)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357935/; classtype:trojan-activity;sid:84221035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357936)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357936/; classtype:trojan-activity;sid:84221036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357937)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357937/; classtype:trojan-activity;sid:84221037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357938)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357938/; classtype:trojan-activity;sid:84221038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357939)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357939/; classtype:trojan-activity;sid:84221039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357940)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357940/; classtype:trojan-activity;sid:84221040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357941)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357941/; classtype:trojan-activity;sid:84221041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357942)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357942/; classtype:trojan-activity;sid:84221042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357922)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357922/; classtype:trojan-activity;sid:84221022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357921)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357921/; classtype:trojan-activity;sid:84221021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357891)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357891/; classtype:trojan-activity;sid:84220991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357892)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357892/; classtype:trojan-activity;sid:84220992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357893)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357893/; classtype:trojan-activity;sid:84220993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357894)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357894/; classtype:trojan-activity;sid:84220994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357895)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357895/; classtype:trojan-activity;sid:84220995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357896)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357896/; classtype:trojan-activity;sid:84220996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357897)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357897/; classtype:trojan-activity;sid:84220997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357898)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357898/; classtype:trojan-activity;sid:84220998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357899)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357899/; classtype:trojan-activity;sid:84220999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357900)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357900/; classtype:trojan-activity;sid:84221000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357901)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357901/; classtype:trojan-activity;sid:84221001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357902)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357902/; classtype:trojan-activity;sid:84221002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357903)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357903/; classtype:trojan-activity;sid:84221003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357904)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357904/; classtype:trojan-activity;sid:84221004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357905)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357905/; classtype:trojan-activity;sid:84221005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357906)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357906/; classtype:trojan-activity;sid:84221006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357907)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357907/; classtype:trojan-activity;sid:84221007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357908)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357908/; classtype:trojan-activity;sid:84221008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357909)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357909/; classtype:trojan-activity;sid:84221009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357910)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357910/; classtype:trojan-activity;sid:84221010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357911)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357911/; classtype:trojan-activity;sid:84221011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357912)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357912/; classtype:trojan-activity;sid:84221012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357913)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357913/; classtype:trojan-activity;sid:84221013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357914)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357914/; classtype:trojan-activity;sid:84221014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357915)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357915/; classtype:trojan-activity;sid:84221015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357916)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357916/; classtype:trojan-activity;sid:84221016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357917)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357917/; classtype:trojan-activity;sid:84221017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357918)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357918/; classtype:trojan-activity;sid:84221018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357919)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357919/; classtype:trojan-activity;sid:84221019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357920)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357920/; classtype:trojan-activity;sid:84221020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357883)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357883/; classtype:trojan-activity;sid:84220983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357884)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357884/; classtype:trojan-activity;sid:84220984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357885)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357885/; classtype:trojan-activity;sid:84220985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357886)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357886/; classtype:trojan-activity;sid:84220986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357887)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357887/; classtype:trojan-activity;sid:84220987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357888)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357888/; classtype:trojan-activity;sid:84220988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357889)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357889/; classtype:trojan-activity;sid:84220989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357890)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357890/; classtype:trojan-activity;sid:84220990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357882)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357882/; classtype:trojan-activity;sid:84220982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357881)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357881/; classtype:trojan-activity;sid:84220981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357880)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.143.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357880/; classtype:trojan-activity;sid:84220980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.6.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357879/; classtype:trojan-activity;sid:84220979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.178.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357878/; classtype:trojan-activity;sid:84220978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.187.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357877/; classtype:trojan-activity;sid:84220977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.86.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357876/; classtype:trojan-activity;sid:84220976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.46.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357875/; classtype:trojan-activity;sid:84220975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.47.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357873/; classtype:trojan-activity;sid:84220973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.47.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357874/; classtype:trojan-activity;sid:84220974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357872/; classtype:trojan-activity;sid:84220972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.47.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357862/; classtype:trojan-activity;sid:84220962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357863)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.47.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357863/; classtype:trojan-activity;sid:84220963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357864)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.47.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357864/; classtype:trojan-activity;sid:84220964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357865)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.47.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357865/; classtype:trojan-activity;sid:84220965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357866)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.47.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357866/; classtype:trojan-activity;sid:84220966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357867)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.47.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357867/; classtype:trojan-activity;sid:84220967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"209.141.47.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357868/; classtype:trojan-activity;sid:84220968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/star.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"209.141.47.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357869/; classtype:trojan-activity;sid:84220969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.47.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357870/; classtype:trojan-activity;sid:84220970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.47.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357871/; classtype:trojan-activity;sid:84220971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.165.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357861/; classtype:trojan-activity;sid:84220961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357859)"; flow:established,from_client; content:"GET"; http_method; content:"/yj/update.dat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.he4v2ieq.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357859/; classtype:trojan-activity;sid:84220959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357860)"; flow:established,from_client; content:"GET"; http_method; content:"/yj/update.dat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.he4v2ieq.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357860/; classtype:trojan-activity;sid:84220960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.85.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357857/; classtype:trojan-activity;sid:84220957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.21.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357858/; classtype:trojan-activity;sid:84220958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.218.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357855/; classtype:trojan-activity;sid:84220955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357856/; classtype:trojan-activity;sid:84220956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357854/; classtype:trojan-activity;sid:84220954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.184.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357852/; classtype:trojan-activity;sid:84220952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.160.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357853/; classtype:trojan-activity;sid:84220953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.200.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357851/; classtype:trojan-activity;sid:84220951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.178.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357850/; classtype:trojan-activity;sid:84220950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.46.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357849/; classtype:trojan-activity;sid:84220949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357848/; classtype:trojan-activity;sid:84220948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.223.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357847/; classtype:trojan-activity;sid:84220947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.70.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357846/; classtype:trojan-activity;sid:84220946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357844/; classtype:trojan-activity;sid:84220944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.96.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357845/; classtype:trojan-activity;sid:84220945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.122.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357843/; classtype:trojan-activity;sid:84220943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.211.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357842/; classtype:trojan-activity;sid:84220942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357841/; classtype:trojan-activity;sid:84220941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.6.101.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357840/; classtype:trojan-activity;sid:84220940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.70.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357839/; classtype:trojan-activity;sid:84220939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.218.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357838/; classtype:trojan-activity;sid:84220938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.127.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357837/; classtype:trojan-activity;sid:84220937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357833/; classtype:trojan-activity;sid:84220933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357834/; classtype:trojan-activity;sid:84220934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.165.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357835/; classtype:trojan-activity;sid:84220935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.119.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357836/; classtype:trojan-activity;sid:84220936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.254.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357832/; classtype:trojan-activity;sid:84220932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.27.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357830/; classtype:trojan-activity;sid:84220930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.178.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357831/; classtype:trojan-activity;sid:84220931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357829/; classtype:trojan-activity;sid:84220929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.223.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357828/; classtype:trojan-activity;sid:84220928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.202.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357827/; classtype:trojan-activity;sid:84220927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.231.132.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357826/; classtype:trojan-activity;sid:84220926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.0.103"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357822/; classtype:trojan-activity;sid:84220922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357823/; classtype:trojan-activity;sid:84220923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357824/; classtype:trojan-activity;sid:84220924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357825/; classtype:trojan-activity;sid:84220925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.207.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357821/; classtype:trojan-activity;sid:84220921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.39.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357819/; classtype:trojan-activity;sid:84220919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.217.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357820/; classtype:trojan-activity;sid:84220920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.85.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357818/; classtype:trojan-activity;sid:84220918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357817/; classtype:trojan-activity;sid:84220917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357816)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.183.56.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357816/; classtype:trojan-activity;sid:84220916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.83.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357815/; classtype:trojan-activity;sid:84220915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357814/; classtype:trojan-activity;sid:84220914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357813/; classtype:trojan-activity;sid:84220913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.189.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357812/; classtype:trojan-activity;sid:84220912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.203.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357811/; classtype:trojan-activity;sid:84220911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.101.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357809/; classtype:trojan-activity;sid:84220909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.199.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357810/; classtype:trojan-activity;sid:84220910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.217.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357808/; classtype:trojan-activity;sid:84220908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.64.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357807/; classtype:trojan-activity;sid:84220907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.31.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357806/; classtype:trojan-activity;sid:84220906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357805/; classtype:trojan-activity;sid:84220905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.122.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357804/; classtype:trojan-activity;sid:84220904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.96.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357803/; classtype:trojan-activity;sid:84220903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.203.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357802/; classtype:trojan-activity;sid:84220902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.255.239.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357801/; classtype:trojan-activity;sid:84220901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.199.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357800/; classtype:trojan-activity;sid:84220900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.122.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357799/; classtype:trojan-activity;sid:84220899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.100.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357797/; classtype:trojan-activity;sid:84220897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357798/; classtype:trojan-activity;sid:84220898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.255.239.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357796/; classtype:trojan-activity;sid:84220896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357795)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.196.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357795/; classtype:trojan-activity;sid:84220895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.193.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357794/; classtype:trojan-activity;sid:84220894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.246.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357793/; classtype:trojan-activity;sid:84220893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.126.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357792/; classtype:trojan-activity;sid:84220892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357791/; classtype:trojan-activity;sid:84220891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357790/; classtype:trojan-activity;sid:84220890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.159.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357789/; classtype:trojan-activity;sid:84220889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.153.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357788/; classtype:trojan-activity;sid:84220888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.35.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357787/; classtype:trojan-activity;sid:84220887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.201.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357786/; classtype:trojan-activity;sid:84220886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357784)"; flow:established,from_client; content:"GET"; http_method; content:"/r/yxzy5/0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357784/; classtype:trojan-activity;sid:84220884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357785)"; flow:established,from_client; content:"GET"; http_method; content:"/d3431f8d-9484-496a-84d9-b0900c0a41a2/playstoreupdate.apk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357785/; classtype:trojan-activity;sid:84220885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357783)"; flow:established,from_client; content:"GET"; http_method; content:"/dzvai86uh/image/upload/v1734315244/m3gtbqktvnocyvm410aa.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357783/; classtype:trojan-activity;sid:84220883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357782/; classtype:trojan-activity;sid:84220882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.90.3.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357781/; classtype:trojan-activity;sid:84220881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.159.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357780/; classtype:trojan-activity;sid:84220880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357779/; classtype:trojan-activity;sid:84220879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.234.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357778/; classtype:trojan-activity;sid:84220878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.237.4.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357777/; classtype:trojan-activity;sid:84220877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.90.3.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357776/; classtype:trojan-activity;sid:84220876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357762)"; flow:established,from_client; content:"GET"; http_method; content:"/garvdsf/dsfg/-/blob/main/de17de16.bat"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357762/; classtype:trojan-activity;sid:84220862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357763)"; flow:established,from_client; content:"GET"; http_method; content:"/garvdsf/dsfg/-/blob/main/hsfgdf17.bat"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357763/; classtype:trojan-activity;sid:84220863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357764)"; flow:established,from_client; content:"GET"; http_method; content:"/fgh8090051/jgh/-/blob/main/hnghksdjfhs19de.bat"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357764/; classtype:trojan-activity;sid:84220864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357765)"; flow:established,from_client; content:"GET"; http_method; content:"/fgh8090051/jgh/-/blob/main/slifdgjsidfg19.bat"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357765/; classtype:trojan-activity;sid:84220865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357766)"; flow:established,from_client; content:"GET"; http_method; content:"/fgh8090051/jgh/-/blob/main/hnsjdghf18.bat"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357766/; classtype:trojan-activity;sid:84220866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357767)"; flow:established,from_client; content:"GET"; http_method; content:"/fgh8090051/jgh/-/blob/main/hnsadjhfg18de.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357767/; classtype:trojan-activity;sid:84220867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357768)"; flow:established,from_client; content:"GET"; http_method; content:"/fgh8090051/jgh/-/blob/main/f1912.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357768/; classtype:trojan-activity;sid:84220868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357769)"; flow:established,from_client; content:"GET"; http_method; content:"/garvdsf/dsfg/-/blob/main/fghdsdf17.bat"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357769/; classtype:trojan-activity;sid:84220869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357770)"; flow:established,from_client; content:"GET"; http_method; content:"/fgh8090051/jgh/-/blob/main/kjshdgacg18.bat"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357770/; classtype:trojan-activity;sid:84220870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357771)"; flow:established,from_client; content:"GET"; http_method; content:"/garvdsf/dsfg/-/blob/main/hngadsfkgj17.bat"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357771/; classtype:trojan-activity;sid:84220871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357772)"; flow:established,from_client; content:"GET"; http_method; content:"/garvdsf/dsfg/-/blob/main/fga1712.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357772/; classtype:trojan-activity;sid:84220872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357773)"; flow:established,from_client; content:"GET"; http_method; content:"/garvdsf/dsfg/-/blob/main/gar17lksgf.bat"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357773/; classtype:trojan-activity;sid:84220873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357774)"; flow:established,from_client; content:"GET"; http_method; content:"/fgh8090051/jgh/-/blob/main/fga1812.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357774/; classtype:trojan-activity;sid:84220874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357775)"; flow:established,from_client; content:"GET"; http_method; content:"/garvdsf/dsfg/-/blob/main/kjhsdggarmin17.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357775/; classtype:trojan-activity;sid:84220875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357761)"; flow:established,from_client; content:"GET"; http_method; content:"/fgh8090051/jgh/-/blob/main/jhsdgfjkh236.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357761/; classtype:trojan-activity;sid:84220861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.242.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357760/; classtype:trojan-activity;sid:84220860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.198.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357759/; classtype:trojan-activity;sid:84220859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.98.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357758/; classtype:trojan-activity;sid:84220858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.66.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357757/; classtype:trojan-activity;sid:84220857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.198.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357756/; classtype:trojan-activity;sid:84220856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.105.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357754/; classtype:trojan-activity;sid:84220854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.14.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357755/; classtype:trojan-activity;sid:84220855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.242.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357753/; classtype:trojan-activity;sid:84220853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.42.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357752/; classtype:trojan-activity;sid:84220852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.231.154.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357751/; classtype:trojan-activity;sid:84220851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.47.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357750/; classtype:trojan-activity;sid:84220850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.107.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357749/; classtype:trojan-activity;sid:84220849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.195.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357748/; classtype:trojan-activity;sid:84220848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357747/; classtype:trojan-activity;sid:84220847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.243.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357744/; classtype:trojan-activity;sid:84220844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.98.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357745/; classtype:trojan-activity;sid:84220845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.163.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357746/; classtype:trojan-activity;sid:84220846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.173.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357743/; classtype:trojan-activity;sid:84220843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.66.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357742/; classtype:trojan-activity;sid:84220842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.32.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357741/; classtype:trojan-activity;sid:84220841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.66.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357740/; classtype:trojan-activity;sid:84220840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357739)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357739/; classtype:trojan-activity;sid:84220839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.29.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357738/; classtype:trojan-activity;sid:84220838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357733)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357733/; classtype:trojan-activity;sid:84220833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357734)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357734/; classtype:trojan-activity;sid:84220834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357735)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357735/; classtype:trojan-activity;sid:84220835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357736)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357736/; classtype:trojan-activity;sid:84220836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357737)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357737/; classtype:trojan-activity;sid:84220837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.154.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357732/; classtype:trojan-activity;sid:84220832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357725)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357725/; classtype:trojan-activity;sid:84220825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.161.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357726/; classtype:trojan-activity;sid:84220826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357727)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357727/; classtype:trojan-activity;sid:84220827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357728)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357728/; classtype:trojan-activity;sid:84220828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357729)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357729/; classtype:trojan-activity;sid:84220829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357730)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357730/; classtype:trojan-activity;sid:84220830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357731)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357731/; classtype:trojan-activity;sid:84220831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357724/; classtype:trojan-activity;sid:84220824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.3.27"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357723/; classtype:trojan-activity;sid:84220823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.115.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357721/; classtype:trojan-activity;sid:84220821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.200.84.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357722/; classtype:trojan-activity;sid:84220822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.197.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357717/; classtype:trojan-activity;sid:84220817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357718/; classtype:trojan-activity;sid:84220818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.113.100.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357719/; classtype:trojan-activity;sid:84220819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357720/; classtype:trojan-activity;sid:84220820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.153.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357716/; classtype:trojan-activity;sid:84220816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.19.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357715/; classtype:trojan-activity;sid:84220815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357714/; classtype:trojan-activity;sid:84220814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.56.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357713/; classtype:trojan-activity;sid:84220813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.161.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357712/; classtype:trojan-activity;sid:84220812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.234.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357710/; classtype:trojan-activity;sid:84220810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.20.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357711/; classtype:trojan-activity;sid:84220811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.180.130.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357707/; classtype:trojan-activity;sid:84220807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.54.160.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357708/; classtype:trojan-activity;sid:84220808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.181.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357709/; classtype:trojan-activity;sid:84220809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.32.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357705/; classtype:trojan-activity;sid:84220805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.229.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357706/; classtype:trojan-activity;sid:84220806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.150.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357704/; classtype:trojan-activity;sid:84220804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.73.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357703/; classtype:trojan-activity;sid:84220803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.18.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357702/; classtype:trojan-activity;sid:84220802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357701)"; flow:established,from_client; content:"GET"; http_method; content:"/1/2vd.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mtclibraries.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357701/; classtype:trojan-activity;sid:84220801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.170.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357699/; classtype:trojan-activity;sid:84220799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.173.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357700/; classtype:trojan-activity;sid:84220800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.66.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357698/; classtype:trojan-activity;sid:84220798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.99.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357697/; classtype:trojan-activity;sid:84220797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.243.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357696/; classtype:trojan-activity;sid:84220796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.149.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357694/; classtype:trojan-activity;sid:84220794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.161.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357695/; classtype:trojan-activity;sid:84220795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.28.43"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357693/; classtype:trojan-activity;sid:84220793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.229.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357691/; classtype:trojan-activity;sid:84220791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357692/; classtype:trojan-activity;sid:84220792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.26.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357690/; classtype:trojan-activity;sid:84220790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.220.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357689/; classtype:trojan-activity;sid:84220789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.110.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357687/; classtype:trojan-activity;sid:84220787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.205.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357688/; classtype:trojan-activity;sid:84220788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357686)"; flow:established,from_client; content:"GET"; http_method; content:"/load.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357686/; classtype:trojan-activity;sid:84220786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.181.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357685/; classtype:trojan-activity;sid:84220785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357684/; classtype:trojan-activity;sid:84220784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357683/; classtype:trojan-activity;sid:84220783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.114.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357682/; classtype:trojan-activity;sid:84220782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357681/; classtype:trojan-activity;sid:84220781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.221.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357679/; classtype:trojan-activity;sid:84220779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.37.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357680/; classtype:trojan-activity;sid:84220780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357678/; classtype:trojan-activity;sid:84220778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357677/; classtype:trojan-activity;sid:84220777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357676/; classtype:trojan-activity;sid:84220776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.149.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357675/; classtype:trojan-activity;sid:84220775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.21.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357674/; classtype:trojan-activity;sid:84220774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357673)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/12/truepepe-qt-windows.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"palegreen-cheetah-217044.hostingersite.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357673/; classtype:trojan-activity;sid:84220773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.205.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357672/; classtype:trojan-activity;sid:84220772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.181.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357671/; classtype:trojan-activity;sid:84220771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.185.217.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357670/; classtype:trojan-activity;sid:84220770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.238.203.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357669/; classtype:trojan-activity;sid:84220769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357668)"; flow:established,from_client; content:"GET"; http_method; content:"/ms/neaters.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.al-rasikh.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357668/; classtype:trojan-activity;sid:84220768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357667)"; flow:established,from_client; content:"GET"; http_method; content:"/ms/neata.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.al-rasikh.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357667/; classtype:trojan-activity;sid:84220767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357666)"; flow:established,from_client; content:"GET"; http_method; content:"/ms/neats.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.al-rasikh.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357666/; classtype:trojan-activity;sid:84220766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357664)"; flow:established,from_client; content:"GET"; http_method; content:"/ms/neatz.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.al-rasikh.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357664/; classtype:trojan-activity;sid:84220764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357665)"; flow:established,from_client; content:"GET"; http_method; content:"/ms/neatez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.al-rasikh.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357665/; classtype:trojan-activity;sid:84220765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357663)"; flow:established,from_client; content:"GET"; http_method; content:"/ms/neatsz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.al-rasikh.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357663/; classtype:trojan-activity;sid:84220763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.37.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357662/; classtype:trojan-activity;sid:84220762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.4.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357661/; classtype:trojan-activity;sid:84220761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.109.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357660/; classtype:trojan-activity;sid:84220760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357659/; classtype:trojan-activity;sid:84220759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.221.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357658/; classtype:trojan-activity;sid:84220758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357657/; classtype:trojan-activity;sid:84220757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357656/; classtype:trojan-activity;sid:84220756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.122.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357655/; classtype:trojan-activity;sid:84220755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.32.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357654/; classtype:trojan-activity;sid:84220754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357653/; classtype:trojan-activity;sid:84220753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.97.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357652/; classtype:trojan-activity;sid:84220752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.172.51.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357651/; classtype:trojan-activity;sid:84220751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.234.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357650/; classtype:trojan-activity;sid:84220750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.214.25.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357649/; classtype:trojan-activity;sid:84220749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.42.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357648/; classtype:trojan-activity;sid:84220748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.160.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357646/; classtype:trojan-activity;sid:84220746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357647)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/cgi7ywv5qan3v5rpe20xoq5lo2xhlltnk-df-9gdrc88dlcfeuutxr4rh3mczyz2qjhnilqz1avusbq8zzgkke2euqa01lpbe-htaay3pbqxmvgzr3jbc_aobvrtpswx_tcxzugvwvfiuppikdjihfswtuaczaqwdwpwxi50diyfyw/file|3f|_download_id=04015257907542069651738131529554885545377829849237223652973533322|7c|26|7c|_log_download_success=1|7c|26|7c|_notify_domain=www.dropbox.com|7c|26|7c|dl=1"; http_uri; depth:358; isdataat:!1,relative; nocase; content:"uc07fd9d5ac5fb301f46a43ced12.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357647/; classtype:trojan-activity;sid:84220747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357645)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fo/imqvfo7ednyj6s2r7c9mi/adkapou7kdhwuotkkuqv_wi|3f|rlkey=e3gjg0fqsaqgiba3og4xydu9d|7c|26|7c|e=1|7c|26|7c|st=2vbjb92c|7c|26|7c|dl=0"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357645/; classtype:trojan-activity;sid:84220745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357644)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fo/imqvfo7ednyj6s2r7c9mi/agkcoixsyrnzlyhyyskgoeu/required%20items%20and%20services.zip|3f|rlkey=e3gjg0fqsaqgiba3og4xydu9d|7c|26|7c|dl=0"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357644/; classtype:trojan-activity;sid:84220744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.111.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357643/; classtype:trojan-activity;sid:84220743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.109.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357642/; classtype:trojan-activity;sid:84220742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.128.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357641/; classtype:trojan-activity;sid:84220741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357640)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.180.197.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357640/; classtype:trojan-activity;sid:84220740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.209.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357639/; classtype:trojan-activity;sid:84220739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.21.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357638/; classtype:trojan-activity;sid:84220738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.80.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357637/; classtype:trojan-activity;sid:84220737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357636)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.1.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357636/; classtype:trojan-activity;sid:84220736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.208.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357635/; classtype:trojan-activity;sid:84220735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.97.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357634/; classtype:trojan-activity;sid:84220734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.42.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357633/; classtype:trojan-activity;sid:84220733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.160.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357632/; classtype:trojan-activity;sid:84220732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.153.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357631/; classtype:trojan-activity;sid:84220731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.169.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357630/; classtype:trojan-activity;sid:84220730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.115.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357629/; classtype:trojan-activity;sid:84220729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.71.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357628/; classtype:trojan-activity;sid:84220728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.205.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357627/; classtype:trojan-activity;sid:84220727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.223.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357626/; classtype:trojan-activity;sid:84220726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.111.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357625/; classtype:trojan-activity;sid:84220725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.221.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357624/; classtype:trojan-activity;sid:84220724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.43.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357622/; classtype:trojan-activity;sid:84220722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.153.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357623/; classtype:trojan-activity;sid:84220723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.80.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357621/; classtype:trojan-activity;sid:84220721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.209.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357620/; classtype:trojan-activity;sid:84220720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.146.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357619/; classtype:trojan-activity;sid:84220719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.39.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357618/; classtype:trojan-activity;sid:84220718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.13.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357617/; classtype:trojan-activity;sid:84220717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.61.231.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357616/; classtype:trojan-activity;sid:84220716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357615)"; flow:established,from_client; content:"GET"; http_method; content:"/applicationframehost.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"144.172.73.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357615/; classtype:trojan-activity;sid:84220715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.64.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357613/; classtype:trojan-activity;sid:84220713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357614/; classtype:trojan-activity;sid:84220714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357612/; classtype:trojan-activity;sid:84220712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.209.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357611/; classtype:trojan-activity;sid:84220711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.191.83.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357610/; classtype:trojan-activity;sid:84220710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357609/; classtype:trojan-activity;sid:84220709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357608/; classtype:trojan-activity;sid:84220708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.10.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357607/; classtype:trojan-activity;sid:84220707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.78.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357606/; classtype:trojan-activity;sid:84220706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.230.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357605/; classtype:trojan-activity;sid:84220705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.154.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357604/; classtype:trojan-activity;sid:84220704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.185.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357603/; classtype:trojan-activity;sid:84220703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357602/; classtype:trojan-activity;sid:84220702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.18.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357600/; classtype:trojan-activity;sid:84220700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.78.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357601/; classtype:trojan-activity;sid:84220701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357599)"; flow:established,from_client; content:"GET"; http_method; content:"/reflectdlhf.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.2.229.232"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357599/; classtype:trojan-activity;sid:84220699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.220.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357598/; classtype:trojan-activity;sid:84220698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.57.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357597/; classtype:trojan-activity;sid:84220697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.191.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357596/; classtype:trojan-activity;sid:84220696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.10.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357595/; classtype:trojan-activity;sid:84220695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.41.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357594/; classtype:trojan-activity;sid:84220694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.45.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357593/; classtype:trojan-activity;sid:84220693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.18.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357592/; classtype:trojan-activity;sid:84220692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.220.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357591/; classtype:trojan-activity;sid:84220691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.186.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357590/; classtype:trojan-activity;sid:84220690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.111.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357589/; classtype:trojan-activity;sid:84220689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.154.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357588/; classtype:trojan-activity;sid:84220688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.182.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357587/; classtype:trojan-activity;sid:84220687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.195.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357586/; classtype:trojan-activity;sid:84220686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.17.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357585/; classtype:trojan-activity;sid:84220685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.36.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357584/; classtype:trojan-activity;sid:84220684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.43.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357583/; classtype:trojan-activity;sid:84220683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.59.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357582/; classtype:trojan-activity;sid:84220682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.7.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357581/; classtype:trojan-activity;sid:84220681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.42.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357580/; classtype:trojan-activity;sid:84220680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.210.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357579/; classtype:trojan-activity;sid:84220679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.185.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357578/; classtype:trojan-activity;sid:84220678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.49.11"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357577/; classtype:trojan-activity;sid:84220677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.41.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357576/; classtype:trojan-activity;sid:84220676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357574/; classtype:trojan-activity;sid:84220674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.39.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357575/; classtype:trojan-activity;sid:84220675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.230.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357572/; classtype:trojan-activity;sid:84220672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.241.149.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357573/; classtype:trojan-activity;sid:84220673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.186.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357570/; classtype:trojan-activity;sid:84220670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.12.204"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357571/; classtype:trojan-activity;sid:84220671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.87.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357569/; classtype:trojan-activity;sid:84220669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.238.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357568/; classtype:trojan-activity;sid:84220668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.111.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357567/; classtype:trojan-activity;sid:84220667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.221.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357566/; classtype:trojan-activity;sid:84220666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.59.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357565/; classtype:trojan-activity;sid:84220665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.39.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357564/; classtype:trojan-activity;sid:84220664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.62.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357563/; classtype:trojan-activity;sid:84220663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357562/; classtype:trojan-activity;sid:84220662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.195.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357561/; classtype:trojan-activity;sid:84220661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.58.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357560/; classtype:trojan-activity;sid:84220660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357559/; classtype:trojan-activity;sid:84220659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.45.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357558/; classtype:trojan-activity;sid:84220658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357555)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/lnk/blob/main/ud.bat"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357555/; classtype:trojan-activity;sid:84220655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357556)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/blob/main/lib111.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357556/; classtype:trojan-activity;sid:84220656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357557)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/lnk/blob/main/y.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357557/; classtype:trojan-activity;sid:84220657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357546)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/blob/main/update0.bat"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357546/; classtype:trojan-activity;sid:84220646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357547)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/lnk/blob/main/q.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357547/; classtype:trojan-activity;sid:84220647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357548)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/ud/blob/main/ud.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357548/; classtype:trojan-activity;sid:84220648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357549)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/lnk/blob/main/t.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357549/; classtype:trojan-activity;sid:84220649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357550)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/dcm/blob/main/document.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357550/; classtype:trojan-activity;sid:84220650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357551)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/dcm2/blob/main/document.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357551/; classtype:trojan-activity;sid:84220651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357552)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/blob/main/lplp.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357552/; classtype:trojan-activity;sid:84220652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357553)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/bs64/blob/main/bs642"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357553/; classtype:trojan-activity;sid:84220653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357554)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/lnk/blob/main/u.xls"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357554/; classtype:trojan-activity;sid:84220654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.232.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357545/; classtype:trojan-activity;sid:84220645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.211.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357544/; classtype:trojan-activity;sid:84220644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.123.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357543/; classtype:trojan-activity;sid:84220643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.239.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357542/; classtype:trojan-activity;sid:84220642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.191.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357541/; classtype:trojan-activity;sid:84220641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.134.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357540/; classtype:trojan-activity;sid:84220640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.12.204"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357539/; classtype:trojan-activity;sid:84220639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357538/; classtype:trojan-activity;sid:84220638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.189.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357537/; classtype:trojan-activity;sid:84220637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.239.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357535/; classtype:trojan-activity;sid:84220635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.62.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357536/; classtype:trojan-activity;sid:84220636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.190.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357534/; classtype:trojan-activity;sid:84220634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357533)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.178.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357533/; classtype:trojan-activity;sid:84220633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.10.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357532/; classtype:trojan-activity;sid:84220632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.124.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357531/; classtype:trojan-activity;sid:84220631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.204.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357530/; classtype:trojan-activity;sid:84220630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.93.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357529/; classtype:trojan-activity;sid:84220629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.92.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357528/; classtype:trojan-activity;sid:84220628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.189.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357527/; classtype:trojan-activity;sid:84220627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.211.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357526/; classtype:trojan-activity;sid:84220626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357525/; classtype:trojan-activity;sid:84220625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357524)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14f3atjryfesaerwp7pe4brhqnpfa95ne"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357524/; classtype:trojan-activity;sid:84220624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.115.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357523/; classtype:trojan-activity;sid:84220623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357522/; classtype:trojan-activity;sid:84220622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357521)"; flow:established,from_client; content:"GET"; http_method; content:"/urerfie/base/blob/main/up.bat"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357521/; classtype:trojan-activity;sid:84220621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357517)"; flow:established,from_client; content:"GET"; http_method; content:"/urerfie/base/blob/main/pogba.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357517/; classtype:trojan-activity;sid:84220617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357518)"; flow:established,from_client; content:"GET"; http_method; content:"/urerfie/base/blob/main/main1.bat"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357518/; classtype:trojan-activity;sid:84220618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357519)"; flow:established,from_client; content:"GET"; http_method; content:"/urerfie/base/blob/main/a.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357519/; classtype:trojan-activity;sid:84220619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357520)"; flow:established,from_client; content:"GET"; http_method; content:"/urerfie/base/blob/main/update1.bat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357520/; classtype:trojan-activity;sid:84220620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357516)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ct3kf8kr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357516/; classtype:trojan-activity;sid:84220616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357515)"; flow:established,from_client; content:"GET"; http_method; content:"/0hc11b.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357515/; classtype:trojan-activity;sid:84220615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357514)"; flow:established,from_client; content:"GET"; http_method; content:"/t7rwbh.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357514/; classtype:trojan-activity;sid:84220614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.25.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357513/; classtype:trojan-activity;sid:84220613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357512)"; flow:established,from_client; content:"GET"; http_method; content:"/ugok5m.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357512/; classtype:trojan-activity;sid:84220612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.134.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357511/; classtype:trojan-activity;sid:84220611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357510/; classtype:trojan-activity;sid:84220610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.197.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357509/; classtype:trojan-activity;sid:84220609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.172.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357508/; classtype:trojan-activity;sid:84220608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357507)"; flow:established,from_client; content:"GET"; http_method; content:"/fdjskf88cvt/putty.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"spotcarservice.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357507/; classtype:trojan-activity;sid:84220607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357506)"; flow:established,from_client; content:"GET"; http_method; content:"/yadexf1/yadex/refs/heads/main/dlhost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357506/; classtype:trojan-activity;sid:84220606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357505)"; flow:established,from_client; content:"GET"; http_method; content:"/fdjskf88cvt/yumba/putty.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"spotcarservice.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357505/; classtype:trojan-activity;sid:84220605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.94.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357504/; classtype:trojan-activity;sid:84220604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.69.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357503/; classtype:trojan-activity;sid:84220603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357502)"; flow:established,from_client; content:"GET"; http_method; content:"/pntclijb/shotstar.psd"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"of1x.icu"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357502/; classtype:trojan-activity;sid:84220602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357500)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"raw.cardiacpure.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357500/; classtype:trojan-activity;sid:84220600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357501)"; flow:established,from_client; content:"GET"; http_method; content:"/yadexf1/yadex/raw/refs/heads/main/dlhost.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357501/; classtype:trojan-activity;sid:84220601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357495)"; flow:established,from_client; content:"GET"; http_method; content:"/script.hta"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"adobe-acrobat.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357495/; classtype:trojan-activity;sid:84220595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357496)"; flow:established,from_client; content:"GET"; http_method; content:"/feelme420.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chernobyl.stressing.world"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357496/; classtype:trojan-activity;sid:84220596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357497)"; flow:established,from_client; content:"GET"; http_method; content:"/spjvbnut/vgfkxiqujnreeqcxjfn242.bin"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"of1x.icu"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357497/; classtype:trojan-activity;sid:84220597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357498)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"raw.cardiacpure.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357498/; classtype:trojan-activity;sid:84220598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.67.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357499/; classtype:trojan-activity;sid:84220599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357493)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357493/; classtype:trojan-activity;sid:84220593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357494)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357494/; classtype:trojan-activity;sid:84220594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357486)"; flow:established,from_client; content:"GET"; http_method; content:"/cbrbinaries"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.229.81.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357486/; classtype:trojan-activity;sid:84220586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357487)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357487/; classtype:trojan-activity;sid:84220587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357488)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357488/; classtype:trojan-activity;sid:84220588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357489)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357489/; classtype:trojan-activity;sid:84220589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357490)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357490/; classtype:trojan-activity;sid:84220590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357491)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357491/; classtype:trojan-activity;sid:84220591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357492)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/aqua.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357492/; classtype:trojan-activity;sid:84220592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357485/; classtype:trojan-activity;sid:84220585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357481/; classtype:trojan-activity;sid:84220581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.28.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357482/; classtype:trojan-activity;sid:84220582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.154.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357483/; classtype:trojan-activity;sid:84220583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.10.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357484/; classtype:trojan-activity;sid:84220584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.229.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357480/; classtype:trojan-activity;sid:84220580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.204.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357479/; classtype:trojan-activity;sid:84220579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357478/; classtype:trojan-activity;sid:84220578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.47.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357477/; classtype:trojan-activity;sid:84220577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.36.180.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357476/; classtype:trojan-activity;sid:84220576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357472)"; flow:established,from_client; content:"GET"; http_method; content:"/iviewers.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.45.47.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357472/; classtype:trojan-activity;sid:84220572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.200.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357473/; classtype:trojan-activity;sid:84220573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357474)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.45.47.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357474/; classtype:trojan-activity;sid:84220574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.134.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357475/; classtype:trojan-activity;sid:84220575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357471)"; flow:established,from_client; content:"GET"; http_method; content:"/script.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"147.45.47.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357471/; classtype:trojan-activity;sid:84220571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.92.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357470/; classtype:trojan-activity;sid:84220570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.211.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357469/; classtype:trojan-activity;sid:84220569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.47.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357467/; classtype:trojan-activity;sid:84220567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.237.4.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357468/; classtype:trojan-activity;sid:84220568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.134.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357466/; classtype:trojan-activity;sid:84220566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.240.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357465/; classtype:trojan-activity;sid:84220565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.172.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357464/; classtype:trojan-activity;sid:84220564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357463/; classtype:trojan-activity;sid:84220563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.145.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357462/; classtype:trojan-activity;sid:84220562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.211.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357461/; classtype:trojan-activity;sid:84220561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.218.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357460/; classtype:trojan-activity;sid:84220560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.193.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357459/; classtype:trojan-activity;sid:84220559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357458)"; flow:established,from_client; content:"GET"; http_method; content:"/cbrbinaries/cbr.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.229.81.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357458/; classtype:trojan-activity;sid:84220558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.229.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357457/; classtype:trojan-activity;sid:84220557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.252.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357456/; classtype:trojan-activity;sid:84220556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357455/; classtype:trojan-activity;sid:84220555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357454/; classtype:trojan-activity;sid:84220554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.98.64.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357453/; classtype:trojan-activity;sid:84220553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.109.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357452/; classtype:trojan-activity;sid:84220552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.117.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357451/; classtype:trojan-activity;sid:84220551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.153.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357450/; classtype:trojan-activity;sid:84220550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.224.220.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357449/; classtype:trojan-activity;sid:84220549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.125.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357448/; classtype:trojan-activity;sid:84220548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.107.115.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357447/; classtype:trojan-activity;sid:84220547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357446)"; flow:established,from_client; content:"GET"; http_method; content:"/de4fe4f133a5af6f/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357446/; classtype:trojan-activity;sid:84220546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357440)"; flow:established,from_client; content:"GET"; http_method; content:"/de4fe4f133a5af6f/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357440/; classtype:trojan-activity;sid:84220540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357441)"; flow:established,from_client; content:"GET"; http_method; content:"/de4fe4f133a5af6f/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357441/; classtype:trojan-activity;sid:84220541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357442)"; flow:established,from_client; content:"GET"; http_method; content:"/de4fe4f133a5af6f/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357442/; classtype:trojan-activity;sid:84220542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357443)"; flow:established,from_client; content:"GET"; http_method; content:"/de4fe4f133a5af6f/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357443/; classtype:trojan-activity;sid:84220543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357444)"; flow:established,from_client; content:"GET"; http_method; content:"/de4fe4f133a5af6f/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357444/; classtype:trojan-activity;sid:84220544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357445)"; flow:established,from_client; content:"GET"; http_method; content:"/de4fe4f133a5af6f/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.219.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357445/; classtype:trojan-activity;sid:84220545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.240.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357439/; classtype:trojan-activity;sid:84220539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357438)"; flow:established,from_client; content:"GET"; http_method; content:"/googlechrome.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"filenjjutre.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357438/; classtype:trojan-activity;sid:84220538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357437)"; flow:established,from_client; content:"GET"; http_method; content:"/filez/zapret-discord-youtube_1.6.1.rar"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"gitrok.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357437/; classtype:trojan-activity;sid:84220537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357435)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1gfqpidscbsiz2zj9xws4rl4a68gb_fum"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357435/; classtype:trojan-activity;sid:84220535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357436)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ol7zwvtojloc8ofgv9pdbdqenveeijt2"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357436/; classtype:trojan-activity;sid:84220536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357433)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|id=15qixprcnxtzm-kbwxmrvx7tduktevn_z|7c|26|7c|export=download"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"drive.usercontent.google.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357433/; classtype:trojan-activity;sid:84220533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357434)"; flow:established,from_client; content:"GET"; http_method; content:"/js/e996f00bd63.js"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"zptjv.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357434/; classtype:trojan-activity;sid:84220534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.168.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357432/; classtype:trojan-activity;sid:84220532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.244.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357431/; classtype:trojan-activity;sid:84220531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.77.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357430/; classtype:trojan-activity;sid:84220530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.103.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357429/; classtype:trojan-activity;sid:84220529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"86.98.64.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357427/; classtype:trojan-activity;sid:84220527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.252.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357428/; classtype:trojan-activity;sid:84220528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.244.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357425/; classtype:trojan-activity;sid:84220525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.192.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357426/; classtype:trojan-activity;sid:84220526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.115.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357424/; classtype:trojan-activity;sid:84220524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.117.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357423/; classtype:trojan-activity;sid:84220523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.107.115.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357421/; classtype:trojan-activity;sid:84220521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.43.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357422/; classtype:trojan-activity;sid:84220522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.186.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357420/; classtype:trojan-activity;sid:84220520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.88.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357419/; classtype:trojan-activity;sid:84220519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.192.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357418/; classtype:trojan-activity;sid:84220518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357416/; classtype:trojan-activity;sid:84220516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.109.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357417/; classtype:trojan-activity;sid:84220517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357415/; classtype:trojan-activity;sid:84220515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.109.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357414/; classtype:trojan-activity;sid:84220514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.8.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357413/; classtype:trojan-activity;sid:84220513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.103.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357412/; classtype:trojan-activity;sid:84220512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.107.115.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357411/; classtype:trojan-activity;sid:84220511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.220.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357410/; classtype:trojan-activity;sid:84220510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.172.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357409/; classtype:trojan-activity;sid:84220509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.224.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357408/; classtype:trojan-activity;sid:84220508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.162.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357407/; classtype:trojan-activity;sid:84220507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.240.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357406/; classtype:trojan-activity;sid:84220506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.228.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357405/; classtype:trojan-activity;sid:84220505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357404/; classtype:trojan-activity;sid:84220504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.124.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357402/; classtype:trojan-activity;sid:84220502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.220.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357403/; classtype:trojan-activity;sid:84220503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357401/; classtype:trojan-activity;sid:84220501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.254.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357400/; classtype:trojan-activity;sid:84220500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.245.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357399/; classtype:trojan-activity;sid:84220499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357398/; classtype:trojan-activity;sid:84220498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.109.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357397/; classtype:trojan-activity;sid:84220497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.6.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357396/; classtype:trojan-activity;sid:84220496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.8.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357395/; classtype:trojan-activity;sid:84220495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.180.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357394/; classtype:trojan-activity;sid:84220494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.20.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357393/; classtype:trojan-activity;sid:84220493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357392/; classtype:trojan-activity;sid:84220492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.229.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357390/; classtype:trojan-activity;sid:84220490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.200.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357391/; classtype:trojan-activity;sid:84220491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.172.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357389/; classtype:trojan-activity;sid:84220489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.195.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357388/; classtype:trojan-activity;sid:84220488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.193.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357387/; classtype:trojan-activity;sid:84220487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.58.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357386/; classtype:trojan-activity;sid:84220486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.153.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357385/; classtype:trojan-activity;sid:84220485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.97.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357384/; classtype:trojan-activity;sid:84220484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.220.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357383/; classtype:trojan-activity;sid:84220483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.46.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357381/; classtype:trojan-activity;sid:84220481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.249.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357382/; classtype:trojan-activity;sid:84220482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.80.117.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357380/; classtype:trojan-activity;sid:84220480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.51.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357379/; classtype:trojan-activity;sid:84220479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.20.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357378/; classtype:trojan-activity;sid:84220478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.90.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357377/; classtype:trojan-activity;sid:84220477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.194.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357376/; classtype:trojan-activity;sid:84220476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357375/; classtype:trojan-activity;sid:84220475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.18.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357374/; classtype:trojan-activity;sid:84220474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.195.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357373/; classtype:trojan-activity;sid:84220473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.198.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357372/; classtype:trojan-activity;sid:84220472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.153.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357371/; classtype:trojan-activity;sid:84220471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.124.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357370/; classtype:trojan-activity;sid:84220470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.90.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357369/; classtype:trojan-activity;sid:84220469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.157.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357368/; classtype:trojan-activity;sid:84220468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357367/; classtype:trojan-activity;sid:84220467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357366/; classtype:trojan-activity;sid:84220466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.167.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357365/; classtype:trojan-activity;sid:84220465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.122.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357364/; classtype:trojan-activity;sid:84220464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.111.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357363/; classtype:trojan-activity;sid:84220463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.73.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357362/; classtype:trojan-activity;sid:84220462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.179.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357361/; classtype:trojan-activity;sid:84220461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357360/; classtype:trojan-activity;sid:84220460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357358/; classtype:trojan-activity;sid:84220458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.170.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357359/; classtype:trojan-activity;sid:84220459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.205.64.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357357/; classtype:trojan-activity;sid:84220457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357356/; classtype:trojan-activity;sid:84220456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.198.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357354/; classtype:trojan-activity;sid:84220454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.15.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357355/; classtype:trojan-activity;sid:84220455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.31.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357353/; classtype:trojan-activity;sid:84220453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357352)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.228.156.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357352/; classtype:trojan-activity;sid:84220452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.99.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357351/; classtype:trojan-activity;sid:84220451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357350/; classtype:trojan-activity;sid:84220450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.51.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357349/; classtype:trojan-activity;sid:84220449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357348)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.172.49.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357348/; classtype:trojan-activity;sid:84220448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.198.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357347/; classtype:trojan-activity;sid:84220447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.212.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357346/; classtype:trojan-activity;sid:84220446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.47.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357345/; classtype:trojan-activity;sid:84220445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.182.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357344/; classtype:trojan-activity;sid:84220444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.113.111.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357343/; classtype:trojan-activity;sid:84220443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.205.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357342/; classtype:trojan-activity;sid:84220442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.227.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357341/; classtype:trojan-activity;sid:84220441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.229.151.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357340/; classtype:trojan-activity;sid:84220440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357339/; classtype:trojan-activity;sid:84220439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.157.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357338/; classtype:trojan-activity;sid:84220438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.39.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357337/; classtype:trojan-activity;sid:84220437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.251.20.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357336/; classtype:trojan-activity;sid:84220436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.229.151.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357335/; classtype:trojan-activity;sid:84220435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.8.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357334/; classtype:trojan-activity;sid:84220434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.55.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357333/; classtype:trojan-activity;sid:84220433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357332/; classtype:trojan-activity;sid:84220432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357331/; classtype:trojan-activity;sid:84220431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.1.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357330/; classtype:trojan-activity;sid:84220430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.197.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357326/; classtype:trojan-activity;sid:84220426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.111.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357327/; classtype:trojan-activity;sid:84220427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357328/; classtype:trojan-activity;sid:84220428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.80.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357329/; classtype:trojan-activity;sid:84220429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.97.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357325/; classtype:trojan-activity;sid:84220425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.223.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357323/; classtype:trojan-activity;sid:84220423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.227.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357324/; classtype:trojan-activity;sid:84220424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.192.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357322/; classtype:trojan-activity;sid:84220422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.144.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357321/; classtype:trojan-activity;sid:84220421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.163.86.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357318/; classtype:trojan-activity;sid:84220418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.106.253.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357319/; classtype:trojan-activity;sid:84220419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.214.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357320/; classtype:trojan-activity;sid:84220420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.21.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357317/; classtype:trojan-activity;sid:84220417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.39.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357316/; classtype:trojan-activity;sid:84220416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.212.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357315/; classtype:trojan-activity;sid:84220415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.72.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357312/; classtype:trojan-activity;sid:84220412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.50.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357313/; classtype:trojan-activity;sid:84220413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.41.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357314/; classtype:trojan-activity;sid:84220414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.162.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357311/; classtype:trojan-activity;sid:84220411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.73.75.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357309/; classtype:trojan-activity;sid:84220409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.50.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357310/; classtype:trojan-activity;sid:84220410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.150.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357308/; classtype:trojan-activity;sid:84220408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.92.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357307/; classtype:trojan-activity;sid:84220407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357306/; classtype:trojan-activity;sid:84220406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.50.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357305/; classtype:trojan-activity;sid:84220405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.111.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357304/; classtype:trojan-activity;sid:84220404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.57.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357303/; classtype:trojan-activity;sid:84220403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.146.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357302/; classtype:trojan-activity;sid:84220402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.163.86.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357301/; classtype:trojan-activity;sid:84220401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.223.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357300/; classtype:trojan-activity;sid:84220400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.107.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357299/; classtype:trojan-activity;sid:84220399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.180.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357298/; classtype:trojan-activity;sid:84220398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.197.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357297/; classtype:trojan-activity;sid:84220397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.114.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357296/; classtype:trojan-activity;sid:84220396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.27.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357295/; classtype:trojan-activity;sid:84220395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.150.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357294/; classtype:trojan-activity;sid:84220394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.72.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357293/; classtype:trojan-activity;sid:84220393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.33.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357292/; classtype:trojan-activity;sid:84220392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.58.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357290/; classtype:trojan-activity;sid:84220390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.251.20.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357291/; classtype:trojan-activity;sid:84220391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.92.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357289/; classtype:trojan-activity;sid:84220389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.33.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357288/; classtype:trojan-activity;sid:84220388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.214.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357287/; classtype:trojan-activity;sid:84220387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.51.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357286/; classtype:trojan-activity;sid:84220386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.230.209.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357285/; classtype:trojan-activity;sid:84220385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.85.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357284/; classtype:trojan-activity;sid:84220384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.17.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357283/; classtype:trojan-activity;sid:84220383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.79.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357282/; classtype:trojan-activity;sid:84220382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.115.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357281/; classtype:trojan-activity;sid:84220381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.23.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357280/; classtype:trojan-activity;sid:84220380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.55.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357279/; classtype:trojan-activity;sid:84220379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357278/; classtype:trojan-activity;sid:84220378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.156.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357277/; classtype:trojan-activity;sid:84220377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357274/; classtype:trojan-activity;sid:84220374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.240.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357275/; classtype:trojan-activity;sid:84220375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.58.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357276/; classtype:trojan-activity;sid:84220376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.116.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357272/; classtype:trojan-activity;sid:84220372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.183.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357273/; classtype:trojan-activity;sid:84220373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.214.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357271/; classtype:trojan-activity;sid:84220371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.127.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357270/; classtype:trojan-activity;sid:84220370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.111.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357269/; classtype:trojan-activity;sid:84220369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.122.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357267/; classtype:trojan-activity;sid:84220367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.41.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357268/; classtype:trojan-activity;sid:84220368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.112.31.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357266/; classtype:trojan-activity;sid:84220366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357264/; classtype:trojan-activity;sid:84220364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.62.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357265/; classtype:trojan-activity;sid:84220365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357263/; classtype:trojan-activity;sid:84220363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.247.52.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357262/; classtype:trojan-activity;sid:84220362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.28.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357261/; classtype:trojan-activity;sid:84220361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357260/; classtype:trojan-activity;sid:84220360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.7.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357259/; classtype:trojan-activity;sid:84220359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.239.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357258/; classtype:trojan-activity;sid:84220358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.72.96.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357257/; classtype:trojan-activity;sid:84220357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.124.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357256/; classtype:trojan-activity;sid:84220356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.159.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357255/; classtype:trojan-activity;sid:84220355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.216.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357254/; classtype:trojan-activity;sid:84220354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357253/; classtype:trojan-activity;sid:84220353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.57.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357252/; classtype:trojan-activity;sid:84220352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.37.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357251/; classtype:trojan-activity;sid:84220351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.153.161.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357250/; classtype:trojan-activity;sid:84220350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357248/; classtype:trojan-activity;sid:84220348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.180.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357249/; classtype:trojan-activity;sid:84220349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.45.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357247/; classtype:trojan-activity;sid:84220347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.149.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357246/; classtype:trojan-activity;sid:84220346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.236.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357244/; classtype:trojan-activity;sid:84220344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.227.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357245/; classtype:trojan-activity;sid:84220345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.127.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357243/; classtype:trojan-activity;sid:84220343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.187.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357242/; classtype:trojan-activity;sid:84220342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.78.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357241/; classtype:trojan-activity;sid:84220341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357239/; classtype:trojan-activity;sid:84220339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.198.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357240/; classtype:trojan-activity;sid:84220340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.207.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357238/; classtype:trojan-activity;sid:84220338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.121.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357236/; classtype:trojan-activity;sid:84220336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.97.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357237/; classtype:trojan-activity;sid:84220337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.69.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357235/; classtype:trojan-activity;sid:84220335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357234/; classtype:trojan-activity;sid:84220334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.127.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357233/; classtype:trojan-activity;sid:84220333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.122.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357232/; classtype:trojan-activity;sid:84220332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.216.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357231/; classtype:trojan-activity;sid:84220331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.225.163.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357230/; classtype:trojan-activity;sid:84220330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.79.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357229/; classtype:trojan-activity;sid:84220329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.111.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357227/; classtype:trojan-activity;sid:84220327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.27.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357228/; classtype:trojan-activity;sid:84220328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.81.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357226/; classtype:trojan-activity;sid:84220326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.113.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357225/; classtype:trojan-activity;sid:84220325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357224/; classtype:trojan-activity;sid:84220324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.7.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357223/; classtype:trojan-activity;sid:84220323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357222/; classtype:trojan-activity;sid:84220322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.236.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357221/; classtype:trojan-activity;sid:84220321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.131.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357220/; classtype:trojan-activity;sid:84220320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.97.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357219/; classtype:trojan-activity;sid:84220319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.216.226.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357218/; classtype:trojan-activity;sid:84220318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.51.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357215/; classtype:trojan-activity;sid:84220315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357216/; classtype:trojan-activity;sid:84220316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.126.222.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357217/; classtype:trojan-activity;sid:84220317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.37.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357214/; classtype:trojan-activity;sid:84220314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.238.203.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357213/; classtype:trojan-activity;sid:84220313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.107.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357212/; classtype:trojan-activity;sid:84220312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.237.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357211/; classtype:trojan-activity;sid:84220311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.7.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357210/; classtype:trojan-activity;sid:84220310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357209/; classtype:trojan-activity;sid:84220309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.225.163.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357207/; classtype:trojan-activity;sid:84220307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357208/; classtype:trojan-activity;sid:84220308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.69.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357206/; classtype:trojan-activity;sid:84220306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357205/; classtype:trojan-activity;sid:84220305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357204/; classtype:trojan-activity;sid:84220304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.169.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357203/; classtype:trojan-activity;sid:84220303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.109.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357202/; classtype:trojan-activity;sid:84220302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.83.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357201/; classtype:trojan-activity;sid:84220301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357200/; classtype:trojan-activity;sid:84220300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.229.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357199/; classtype:trojan-activity;sid:84220299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.18.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357198/; classtype:trojan-activity;sid:84220298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357197/; classtype:trojan-activity;sid:84220297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.94.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357196/; classtype:trojan-activity;sid:84220296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.169.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357195/; classtype:trojan-activity;sid:84220295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.151.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357194/; classtype:trojan-activity;sid:84220294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.150.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357193/; classtype:trojan-activity;sid:84220293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.159.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357191/; classtype:trojan-activity;sid:84220291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357192/; classtype:trojan-activity;sid:84220292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.197.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357190/; classtype:trojan-activity;sid:84220290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357189/; classtype:trojan-activity;sid:84220289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357188/; classtype:trojan-activity;sid:84220288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.212.176.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357187/; classtype:trojan-activity;sid:84220287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.197.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357186/; classtype:trojan-activity;sid:84220286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.107.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357185/; classtype:trojan-activity;sid:84220285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357184/; classtype:trojan-activity;sid:84220284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.238.203.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357183/; classtype:trojan-activity;sid:84220283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357182/; classtype:trojan-activity;sid:84220282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.150.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357181/; classtype:trojan-activity;sid:84220281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357180/; classtype:trojan-activity;sid:84220280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.193.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357179/; classtype:trojan-activity;sid:84220279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357178/; classtype:trojan-activity;sid:84220278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.229.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357177/; classtype:trojan-activity;sid:84220277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.143.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357176/; classtype:trojan-activity;sid:84220276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.194.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357175/; classtype:trojan-activity;sid:84220275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.123.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357174/; classtype:trojan-activity;sid:84220274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.49.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357173/; classtype:trojan-activity;sid:84220273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.187.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357172/; classtype:trojan-activity;sid:84220272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.198.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357171/; classtype:trojan-activity;sid:84220271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.7.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357170/; classtype:trojan-activity;sid:84220270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.191.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357169/; classtype:trojan-activity;sid:84220269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.113.111.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357168/; classtype:trojan-activity;sid:84220268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357167/; classtype:trojan-activity;sid:84220267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.156.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357166/; classtype:trojan-activity;sid:84220266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.46.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357165/; classtype:trojan-activity;sid:84220265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.241.149.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357164/; classtype:trojan-activity;sid:84220264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.123.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357163/; classtype:trojan-activity;sid:84220263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.150.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357162/; classtype:trojan-activity;sid:84220262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357161/; classtype:trojan-activity;sid:84220261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.84.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357160/; classtype:trojan-activity;sid:84220260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.168.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357159/; classtype:trojan-activity;sid:84220259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.45.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357157/; classtype:trojan-activity;sid:84220257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.179.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357158/; classtype:trojan-activity;sid:84220258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.180.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357156/; classtype:trojan-activity;sid:84220256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.241.149.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357155/; classtype:trojan-activity;sid:84220255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357154/; classtype:trojan-activity;sid:84220254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.29.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357153/; classtype:trojan-activity;sid:84220253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.148.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357152/; classtype:trojan-activity;sid:84220252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.49.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357151/; classtype:trojan-activity;sid:84220251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.151.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357150/; classtype:trojan-activity;sid:84220250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.191.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357149/; classtype:trojan-activity;sid:84220249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.26.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357148/; classtype:trojan-activity;sid:84220248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.46.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357147/; classtype:trojan-activity;sid:84220247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.123.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357146/; classtype:trojan-activity;sid:84220246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.30.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357145/; classtype:trojan-activity;sid:84220245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357144/; classtype:trojan-activity;sid:84220244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.7.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357142/; classtype:trojan-activity;sid:84220242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.204.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357143/; classtype:trojan-activity;sid:84220243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.246.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357141/; classtype:trojan-activity;sid:84220241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.238.59.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357139/; classtype:trojan-activity;sid:84220239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.168.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357140/; classtype:trojan-activity;sid:84220240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.116.218.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357138/; classtype:trojan-activity;sid:84220238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357137/; classtype:trojan-activity;sid:84220237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.126.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357136/; classtype:trojan-activity;sid:84220236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.148.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357135/; classtype:trojan-activity;sid:84220235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357134/; classtype:trojan-activity;sid:84220234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.182.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357133/; classtype:trojan-activity;sid:84220233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357132/; classtype:trojan-activity;sid:84220232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.97.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357131/; classtype:trojan-activity;sid:84220231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357130/; classtype:trojan-activity;sid:84220230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357127/; classtype:trojan-activity;sid:84220227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.29.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357128/; classtype:trojan-activity;sid:84220228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.78.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357129/; classtype:trojan-activity;sid:84220229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.40.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357126/; classtype:trojan-activity;sid:84220226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357125/; classtype:trojan-activity;sid:84220225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.28.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357124/; classtype:trojan-activity;sid:84220224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.242.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357123/; classtype:trojan-activity;sid:84220223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.25.224.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357122/; classtype:trojan-activity;sid:84220222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.30.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357121/; classtype:trojan-activity;sid:84220221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.48.59.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357120/; classtype:trojan-activity;sid:84220220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.245.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357119/; classtype:trojan-activity;sid:84220219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.11.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357118/; classtype:trojan-activity;sid:84220218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.238.59.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357117/; classtype:trojan-activity;sid:84220217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.120.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357115/; classtype:trojan-activity;sid:84220215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.226.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357116/; classtype:trojan-activity;sid:84220216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.50.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357114/; classtype:trojan-activity;sid:84220214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.120.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357113/; classtype:trojan-activity;sid:84220213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.45.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357112/; classtype:trojan-activity;sid:84220212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.210.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357111/; classtype:trojan-activity;sid:84220211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.228.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357110/; classtype:trojan-activity;sid:84220210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.84.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357109/; classtype:trojan-activity;sid:84220209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.124.138.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357108/; classtype:trojan-activity;sid:84220208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357107/; classtype:trojan-activity;sid:84220207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.122.61.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357106/; classtype:trojan-activity;sid:84220206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357105/; classtype:trojan-activity;sid:84220205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357103/; classtype:trojan-activity;sid:84220203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.12.24"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357104/; classtype:trojan-activity;sid:84220204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.73.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357102/; classtype:trojan-activity;sid:84220202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357100/; classtype:trojan-activity;sid:84220200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.92.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357101/; classtype:trojan-activity;sid:84220201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357099/; classtype:trojan-activity;sid:84220199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.195.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357098/; classtype:trojan-activity;sid:84220198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.28.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357097/; classtype:trojan-activity;sid:84220197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.40.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357096/; classtype:trojan-activity;sid:84220196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.25.224.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357095/; classtype:trojan-activity;sid:84220195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.82.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357094/; classtype:trojan-activity;sid:84220194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357093/; classtype:trojan-activity;sid:84220193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.50.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357092/; classtype:trojan-activity;sid:84220192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.120.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357091/; classtype:trojan-activity;sid:84220191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.48.59.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357090/; classtype:trojan-activity;sid:84220190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357089/; classtype:trojan-activity;sid:84220189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.46.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357088/; classtype:trojan-activity;sid:84220188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357087/; classtype:trojan-activity;sid:84220187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.71.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357086/; classtype:trojan-activity;sid:84220186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.58.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357085/; classtype:trojan-activity;sid:84220185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.240.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357084/; classtype:trojan-activity;sid:84220184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.78.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357083/; classtype:trojan-activity;sid:84220183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357082/; classtype:trojan-activity;sid:84220182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.13.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357081/; classtype:trojan-activity;sid:84220181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.210.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357080/; classtype:trojan-activity;sid:84220180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.82.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357079/; classtype:trojan-activity;sid:84220179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.118.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357078/; classtype:trojan-activity;sid:84220178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.77.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357077/; classtype:trojan-activity;sid:84220177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.145.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357076/; classtype:trojan-activity;sid:84220176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.193.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357075/; classtype:trojan-activity;sid:84220175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.236.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357074/; classtype:trojan-activity;sid:84220174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.221.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357073/; classtype:trojan-activity;sid:84220173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357072/; classtype:trojan-activity;sid:84220172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.240.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357071/; classtype:trojan-activity;sid:84220171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.143.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357070/; classtype:trojan-activity;sid:84220170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.118.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357069/; classtype:trojan-activity;sid:84220169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.223.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357067/; classtype:trojan-activity;sid:84220167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.179.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357068/; classtype:trojan-activity;sid:84220168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.236.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357066/; classtype:trojan-activity;sid:84220166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.85.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357065/; classtype:trojan-activity;sid:84220165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.118.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357064/; classtype:trojan-activity;sid:84220164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.193.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357063/; classtype:trojan-activity;sid:84220163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.131.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357062/; classtype:trojan-activity;sid:84220162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.203.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357061/; classtype:trojan-activity;sid:84220161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.164.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357060/; classtype:trojan-activity;sid:84220160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.80.117.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357059/; classtype:trojan-activity;sid:84220159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.237.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357058/; classtype:trojan-activity;sid:84220158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.47.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357057/; classtype:trojan-activity;sid:84220157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.108.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357056/; classtype:trojan-activity;sid:84220156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.87.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357055/; classtype:trojan-activity;sid:84220155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.18.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357054/; classtype:trojan-activity;sid:84220154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357053/; classtype:trojan-activity;sid:84220153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.141.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357052/; classtype:trojan-activity;sid:84220152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.85.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357051/; classtype:trojan-activity;sid:84220151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.230.66.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357050/; classtype:trojan-activity;sid:84220150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.18.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357049/; classtype:trojan-activity;sid:84220149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.110.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357048/; classtype:trojan-activity;sid:84220148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.160.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357047/; classtype:trojan-activity;sid:84220147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.11.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357045/; classtype:trojan-activity;sid:84220145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.97.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357046/; classtype:trojan-activity;sid:84220146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.108.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357044/; classtype:trojan-activity;sid:84220144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.93.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357043/; classtype:trojan-activity;sid:84220143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.152.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357042/; classtype:trojan-activity;sid:84220142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357041/; classtype:trojan-activity;sid:84220141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.152.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357040/; classtype:trojan-activity;sid:84220140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.80.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357039/; classtype:trojan-activity;sid:84220139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.195.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357038/; classtype:trojan-activity;sid:84220138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.154.195.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357037/; classtype:trojan-activity;sid:84220137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.84.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357036/; classtype:trojan-activity;sid:84220136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.143.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357035/; classtype:trojan-activity;sid:84220135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.134.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357034/; classtype:trojan-activity;sid:84220134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.230.66.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357033/; classtype:trojan-activity;sid:84220133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.156.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357032/; classtype:trojan-activity;sid:84220132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.119.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357030/; classtype:trojan-activity;sid:84220130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"187.49.145.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357031/; classtype:trojan-activity;sid:84220131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.110.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357029/; classtype:trojan-activity;sid:84220129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.86.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357028/; classtype:trojan-activity;sid:84220128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.11.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357027/; classtype:trojan-activity;sid:84220127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.185.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357026/; classtype:trojan-activity;sid:84220126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.18.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357025/; classtype:trojan-activity;sid:84220125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.66.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357024/; classtype:trojan-activity;sid:84220124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.152.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357023/; classtype:trojan-activity;sid:84220123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.93.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357022/; classtype:trojan-activity;sid:84220122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.152.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357021/; classtype:trojan-activity;sid:84220121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.150.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357020/; classtype:trojan-activity;sid:84220120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.41.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357019/; classtype:trojan-activity;sid:84220119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.50.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357018/; classtype:trojan-activity;sid:84220118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.140.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357017/; classtype:trojan-activity;sid:84220117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357016/; classtype:trojan-activity;sid:84220116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357015)"; flow:established,from_client; content:"GET"; http_method; content:"/wjew64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cp.eye-network.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357015/; classtype:trojan-activity;sid:84220115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.119.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357014/; classtype:trojan-activity;sid:84220114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.89.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357013/; classtype:trojan-activity;sid:84220113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.156.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357012/; classtype:trojan-activity;sid:84220112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.10.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357011/; classtype:trojan-activity;sid:84220111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357010/; classtype:trojan-activity;sid:84220110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.12.94.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357008/; classtype:trojan-activity;sid:84220108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.58.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357009/; classtype:trojan-activity;sid:84220109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.39.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357007/; classtype:trojan-activity;sid:84220107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.135.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357006/; classtype:trojan-activity;sid:84220106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.182.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357005/; classtype:trojan-activity;sid:84220105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357004/; classtype:trojan-activity;sid:84220104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.175.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357003/; classtype:trojan-activity;sid:84220103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.242.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357002/; classtype:trojan-activity;sid:84220102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357001/; classtype:trojan-activity;sid:84220101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.236.244.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3357000/; classtype:trojan-activity;sid:84220100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.225.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356999/; classtype:trojan-activity;sid:84220099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.67.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356998/; classtype:trojan-activity;sid:84220098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.134.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356997/; classtype:trojan-activity;sid:84220097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.61.230.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356996/; classtype:trojan-activity;sid:84220096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.29.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356994/; classtype:trojan-activity;sid:84220094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.100.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356995/; classtype:trojan-activity;sid:84220095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356993/; classtype:trojan-activity;sid:84220093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.173.3.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356991/; classtype:trojan-activity;sid:84220091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356992/; classtype:trojan-activity;sid:84220092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356988/; classtype:trojan-activity;sid:84220088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.204.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356989/; classtype:trojan-activity;sid:84220089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356990/; classtype:trojan-activity;sid:84220090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.186.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356987/; classtype:trojan-activity;sid:84220087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.247.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356986/; classtype:trojan-activity;sid:84220086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.212.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356985/; classtype:trojan-activity;sid:84220085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.158.158.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356984/; classtype:trojan-activity;sid:84220084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.132.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356983/; classtype:trojan-activity;sid:84220083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.252.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356982/; classtype:trojan-activity;sid:84220082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.32.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356981/; classtype:trojan-activity;sid:84220081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.3.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356980/; classtype:trojan-activity;sid:84220080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.195.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356979/; classtype:trojan-activity;sid:84220079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.182.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356978/; classtype:trojan-activity;sid:84220078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.237.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356977/; classtype:trojan-activity;sid:84220077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.242.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356976/; classtype:trojan-activity;sid:84220076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356975/; classtype:trojan-activity;sid:84220075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.67.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356974/; classtype:trojan-activity;sid:84220074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.11.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356973/; classtype:trojan-activity;sid:84220073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.225.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356972/; classtype:trojan-activity;sid:84220072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.64.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356971/; classtype:trojan-activity;sid:84220071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.203.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356970/; classtype:trojan-activity;sid:84220070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356969)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vmz.sectors.bowentaxlaw.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356969/; classtype:trojan-activity;sid:84220069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.226.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356968/; classtype:trojan-activity;sid:84220068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.141.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356967/; classtype:trojan-activity;sid:84220067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.48.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356965/; classtype:trojan-activity;sid:84220065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.117.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356966/; classtype:trojan-activity;sid:84220066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.98.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356964/; classtype:trojan-activity;sid:84220064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356963/; classtype:trojan-activity;sid:84220063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.35.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356962/; classtype:trojan-activity;sid:84220062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356961/; classtype:trojan-activity;sid:84220061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.191.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356960/; classtype:trojan-activity;sid:84220060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.89.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356959/; classtype:trojan-activity;sid:84220059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.141.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356958/; classtype:trojan-activity;sid:84220058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.245.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356957/; classtype:trojan-activity;sid:84220057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.197.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356956/; classtype:trojan-activity;sid:84220056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.220.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356955/; classtype:trojan-activity;sid:84220055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.154.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356954/; classtype:trojan-activity;sid:84220054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356953/; classtype:trojan-activity;sid:84220053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.152.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356952/; classtype:trojan-activity;sid:84220052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.98.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356951/; classtype:trojan-activity;sid:84220051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356950/; classtype:trojan-activity;sid:84220050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.216.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356949/; classtype:trojan-activity;sid:84220049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.30.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356948/; classtype:trojan-activity;sid:84220048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.1.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356947/; classtype:trojan-activity;sid:84220047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.90.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356945/; classtype:trojan-activity;sid:84220045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.82.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356946/; classtype:trojan-activity;sid:84220046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.233.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356944/; classtype:trojan-activity;sid:84220044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.147.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356943/; classtype:trojan-activity;sid:84220043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.191.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356942/; classtype:trojan-activity;sid:84220042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356941/; classtype:trojan-activity;sid:84220041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.176.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356940/; classtype:trojan-activity;sid:84220040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.174.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356939/; classtype:trojan-activity;sid:84220039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.152.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356938/; classtype:trojan-activity;sid:84220038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.33.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356937/; classtype:trojan-activity;sid:84220037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.52.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356935/; classtype:trojan-activity;sid:84220035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.30.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356936/; classtype:trojan-activity;sid:84220036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.21.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356934/; classtype:trojan-activity;sid:84220034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.58.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356933/; classtype:trojan-activity;sid:84220033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.241.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356932/; classtype:trojan-activity;sid:84220032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.93.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356931/; classtype:trojan-activity;sid:84220031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356930/; classtype:trojan-activity;sid:84220030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356929/; classtype:trojan-activity;sid:84220029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.176.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356928/; classtype:trojan-activity;sid:84220028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.140.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356927/; classtype:trojan-activity;sid:84220027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.255.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356926/; classtype:trojan-activity;sid:84220026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.50.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356925/; classtype:trojan-activity;sid:84220025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.23.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356924/; classtype:trojan-activity;sid:84220024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.244.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356923/; classtype:trojan-activity;sid:84220023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.58.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356921/; classtype:trojan-activity;sid:84220021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.93.171.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356922/; classtype:trojan-activity;sid:84220022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.115.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356920/; classtype:trojan-activity;sid:84220020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356919)"; flow:established,from_client; content:"GET"; http_method; content:"/work/yyyy.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gotintouch.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356919/; classtype:trojan-activity;sid:84220019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356918)"; flow:established,from_client; content:"GET"; http_method; content:"/work/yyyy.zip|3f|69565"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"gotintouch.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356918/; classtype:trojan-activity;sid:84220018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.117.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356917/; classtype:trojan-activity;sid:84220017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356916/; classtype:trojan-activity;sid:84220016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.191.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356915/; classtype:trojan-activity;sid:84220015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.194.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356913/; classtype:trojan-activity;sid:84220013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.126.51.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356914/; classtype:trojan-activity;sid:84220014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356912)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356912/; classtype:trojan-activity;sid:84220012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356911)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/skifterne.sea"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356911/; classtype:trojan-activity;sid:84220011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356909)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.astenterprises.com.pk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356909/; classtype:trojan-activity;sid:84220009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356910)"; flow:established,from_client; content:"GET"; http_method; content:"/lm/list%20of%20required%20items%20and%20services.docx"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.fornid.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356910/; classtype:trojan-activity;sid:84220010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356908)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/list%20of%20required%20items%20and%20services.pdf.vbs"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.112.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356908/; classtype:trojan-activity;sid:84220008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.72.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356907/; classtype:trojan-activity;sid:84220007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.255.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356906/; classtype:trojan-activity;sid:84220006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.43.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356905/; classtype:trojan-activity;sid:84220005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.175.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356903/; classtype:trojan-activity;sid:84220003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.103.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356904/; classtype:trojan-activity;sid:84220004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.175.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356902/; classtype:trojan-activity;sid:84220002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.109.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356901/; classtype:trojan-activity;sid:84220001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.35.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356900/; classtype:trojan-activity;sid:84220000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.72.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356899/; classtype:trojan-activity;sid:84219999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.240.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356898/; classtype:trojan-activity;sid:84219998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.196.169.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356897/; classtype:trojan-activity;sid:84219997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.20.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356896/; classtype:trojan-activity;sid:84219996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.252.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356895/; classtype:trojan-activity;sid:84219995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.48.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356894/; classtype:trojan-activity;sid:84219994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.141.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356893/; classtype:trojan-activity;sid:84219993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.221.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356892/; classtype:trojan-activity;sid:84219992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.51.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356891/; classtype:trojan-activity;sid:84219991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.13.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356890/; classtype:trojan-activity;sid:84219990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.91.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356889/; classtype:trojan-activity;sid:84219989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356888)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.226.219.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356888/; classtype:trojan-activity;sid:84219988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.20.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356887/; classtype:trojan-activity;sid:84219987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.43.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356886/; classtype:trojan-activity;sid:84219986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.148.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356885/; classtype:trojan-activity;sid:84219985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.198.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356884/; classtype:trojan-activity;sid:84219984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.115.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356883/; classtype:trojan-activity;sid:84219983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.48.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356882/; classtype:trojan-activity;sid:84219982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.197.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356881/; classtype:trojan-activity;sid:84219981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.191.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356880/; classtype:trojan-activity;sid:84219980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356879/; classtype:trojan-activity;sid:84219979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.246"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356878/; classtype:trojan-activity;sid:84219978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356877)"; flow:established,from_client; content:"GET"; http_method; content:"/int_clp_ldr_sha.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kliptizq.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356877/; classtype:trojan-activity;sid:84219977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.242.157.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356876/; classtype:trojan-activity;sid:84219976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356874/; classtype:trojan-activity;sid:84219974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356875/; classtype:trojan-activity;sid:84219975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356873)"; flow:established,from_client; content:"GET"; http_method; content:"/sggnh85.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.189.131.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356873/; classtype:trojan-activity;sid:84219973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.191.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356872/; classtype:trojan-activity;sid:84219972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.15.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356871/; classtype:trojan-activity;sid:84219971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.191.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356869/; classtype:trojan-activity;sid:84219969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356870/; classtype:trojan-activity;sid:84219970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356868/; classtype:trojan-activity;sid:84219968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.247.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356867/; classtype:trojan-activity;sid:84219967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.184.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356866/; classtype:trojan-activity;sid:84219966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.108.59.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356865/; classtype:trojan-activity;sid:84219965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.201.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356864/; classtype:trojan-activity;sid:84219964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.98.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356863/; classtype:trojan-activity;sid:84219963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.126.222.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356862/; classtype:trojan-activity;sid:84219962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.208.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356861/; classtype:trojan-activity;sid:84219961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.247.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356860/; classtype:trojan-activity;sid:84219960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.120.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356859/; classtype:trojan-activity;sid:84219959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.44.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356858/; classtype:trojan-activity;sid:84219958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356857/; classtype:trojan-activity;sid:84219957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.4.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356855/; classtype:trojan-activity;sid:84219955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.36.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356856/; classtype:trojan-activity;sid:84219956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.83.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356854/; classtype:trojan-activity;sid:84219954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.64.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356853/; classtype:trojan-activity;sid:84219953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.126.222.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356852/; classtype:trojan-activity;sid:84219952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.201.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356851/; classtype:trojan-activity;sid:84219951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.18.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356850/; classtype:trojan-activity;sid:84219950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.232.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356849/; classtype:trojan-activity;sid:84219949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.208.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356848/; classtype:trojan-activity;sid:84219948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.36.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356847/; classtype:trojan-activity;sid:84219947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.22.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356846/; classtype:trojan-activity;sid:84219946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.213.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356845/; classtype:trojan-activity;sid:84219945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.197.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356844/; classtype:trojan-activity;sid:84219944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.136.84.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356843/; classtype:trojan-activity;sid:84219943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.150.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356842/; classtype:trojan-activity;sid:84219942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356841/; classtype:trojan-activity;sid:84219941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356840)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.255.120.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356840/; classtype:trojan-activity;sid:84219940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356831)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.255.120.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356831/; classtype:trojan-activity;sid:84219931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356832)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.255.120.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356832/; classtype:trojan-activity;sid:84219932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356833)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.255.120.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356833/; classtype:trojan-activity;sid:84219933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356834)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.255.120.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356834/; classtype:trojan-activity;sid:84219934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356835)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.255.120.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356835/; classtype:trojan-activity;sid:84219935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356836)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.255.120.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356836/; classtype:trojan-activity;sid:84219936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356837)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.255.120.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356837/; classtype:trojan-activity;sid:84219937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356838)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.255.120.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356838/; classtype:trojan-activity;sid:84219938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356839)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.255.120.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356839/; classtype:trojan-activity;sid:84219939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.201.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356829/; classtype:trojan-activity;sid:84219929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356830)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.255.120.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356830/; classtype:trojan-activity;sid:84219930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356826)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356826/; classtype:trojan-activity;sid:84219926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356827)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.213.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356827/; classtype:trojan-activity;sid:84219927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356828)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.213.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356828/; classtype:trojan-activity;sid:84219928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356820)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.sharkcdn.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356820/; classtype:trojan-activity;sid:84219920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356821)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.sharkcdn.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356821/; classtype:trojan-activity;sid:84219921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356822)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.sharkcdn.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356822/; classtype:trojan-activity;sid:84219922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356823)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.sharkcdn.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356823/; classtype:trojan-activity;sid:84219923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356824)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"botnet.sharkcdn.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356824/; classtype:trojan-activity;sid:84219924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356825)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"botnet.sharkcdn.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356825/; classtype:trojan-activity;sid:84219925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356808)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.213.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356808/; classtype:trojan-activity;sid:84219908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356809)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356809/; classtype:trojan-activity;sid:84219909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356810)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.213.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356810/; classtype:trojan-activity;sid:84219910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356811)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356811/; classtype:trojan-activity;sid:84219911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356812)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.sharkcdn.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356812/; classtype:trojan-activity;sid:84219912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356813)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.sharkcdn.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356813/; classtype:trojan-activity;sid:84219913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356814)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356814/; classtype:trojan-activity;sid:84219914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356815)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"botnet.sharkcdn.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356815/; classtype:trojan-activity;sid:84219915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356816)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356816/; classtype:trojan-activity;sid:84219916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356817)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356817/; classtype:trojan-activity;sid:84219917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356818)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"botnet.sharkcdn.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356818/; classtype:trojan-activity;sid:84219918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356819)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"botnet.sharkcdn.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356819/; classtype:trojan-activity;sid:84219919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.170.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356807/; classtype:trojan-activity;sid:84219907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.208.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356806/; classtype:trojan-activity;sid:84219906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356804)"; flow:established,from_client; content:"GET"; http_method; content:"/c3pool/xmrig.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"c3poolbat.oss-accelerate.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356804/; classtype:trojan-activity;sid:84219904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356805)"; flow:established,from_client; content:"GET"; http_method; content:"/class/initiate/bmb1tctf.txt"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"asgbucket.oss-ap-southeast-3.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356805/; classtype:trojan-activity;sid:84219905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356803)"; flow:established,from_client; content:"GET"; http_method; content:"/yn5og-40i6-9gu-9hjf.html"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bj5y6-0f-9h4-9fgg4-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356803/; classtype:trojan-activity;sid:84219903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356802)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7055252561/x0qq2dh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356802/; classtype:trojan-activity;sid:84219902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.151.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356801/; classtype:trojan-activity;sid:84219901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356800)"; flow:established,from_client; content:"GET"; http_method; content:"/files/dodo/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356800/; classtype:trojan-activity;sid:84219900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356799)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1293295511/3lthfqd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356799/; classtype:trojan-activity;sid:84219899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356798)"; flow:established,from_client; content:"GET"; http_method; content:"/files/151334531/mzrgsfl.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356798/; classtype:trojan-activity;sid:84219898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356790)"; flow:established,from_client; content:"GET"; http_method; content:"/iles/martin/random.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356790/; classtype:trojan-activity;sid:84219890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356791)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1293295511/j4qduwq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356791/; classtype:trojan-activity;sid:84219891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356792)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6546212505/4ipqybo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356792/; classtype:trojan-activity;sid:84219892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356793)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6521298510/dxfmgsu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356793/; classtype:trojan-activity;sid:84219893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356794)"; flow:established,from_client; content:"GET"; http_method; content:"/files/623678601/wevahhw.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356794/; classtype:trojan-activity;sid:84219894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356795)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6989783370/bep1djf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356795/; classtype:trojan-activity;sid:84219895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356797)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fuds.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356797/; classtype:trojan-activity;sid:84219897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356789/; classtype:trojan-activity;sid:84219889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356788)"; flow:established,from_client; content:"GET"; http_method; content:"/idk/home.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"104.225.140.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356788/; classtype:trojan-activity;sid:84219888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.57.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356787/; classtype:trojan-activity;sid:84219887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356786)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356786/; classtype:trojan-activity;sid:84219886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356785)"; flow:established,from_client; content:"GET"; http_method; content:"/zillaslab-bold.subset.e96c15f68c68.woff/y_ohdfal6vw_ct4lwcbmwqov_6zn0vmy90263rg5hll-0k2ntbs69nds2e6dvymbf6axdkj-8ny8cijsdwi8spgv2oyyu88mctdauociwy_ah"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356785/; classtype:trojan-activity;sid:84219885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356784)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"anydesk17.s3.ap-east-1.amazonaws.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356784/; classtype:trojan-activity;sid:84219884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356783)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356783/; classtype:trojan-activity;sid:84219883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356782)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dokkaebi.netlify.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356782/; classtype:trojan-activity;sid:84219882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.144.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356781/; classtype:trojan-activity;sid:84219881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356779)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356779/; classtype:trojan-activity;sid:84219879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356780)"; flow:established,from_client; content:"GET"; http_method; content:"/forward/litv61ky.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lusibuck.oss-cn-hongkong.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356780/; classtype:trojan-activity;sid:84219880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356778)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356778/; classtype:trojan-activity;sid:84219878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356777)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356777/; classtype:trojan-activity;sid:84219877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356776)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/090cc5c1a5dc444dbeb0099f36f74657.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356776/; classtype:trojan-activity;sid:84219876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356775)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356775/; classtype:trojan-activity;sid:84219875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356772)"; flow:established,from_client; content:"GET"; http_method; content:"/dark_autre_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356772/; classtype:trojan-activity;sid:84219872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356773)"; flow:established,from_client; content:"GET"; http_method; content:"/in/1229.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356773/; classtype:trojan-activity;sid:84219873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356774)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356774/; classtype:trojan-activity;sid:84219874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356762)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356762/; classtype:trojan-activity;sid:84219862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356763)"; flow:established,from_client; content:"GET"; http_method; content:"/ficheros/adjuntos/28022_d404a996a5a1f3627e291739c8c1aecf@bambozzi.com.br_20170816314543596.rar"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"trocobuy.s3.amazonaws.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356763/; classtype:trojan-activity;sid:84219863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356764)"; flow:established,from_client; content:"GET"; http_method; content:"/reservations.html"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"reservations-09-1318069902.cos.sa-saopaulo.myqcloud.com"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356764/; classtype:trojan-activity;sid:84219864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356765)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356765/; classtype:trojan-activity;sid:84219865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356766)"; flow:established,from_client; content:"GET"; http_method; content:"/onedrive.html"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"freshfaxmail-1318034737.cos.sa-saopaulo.myqcloud.com"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356766/; classtype:trojan-activity;sid:84219866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356767)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356767/; classtype:trojan-activity;sid:84219867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356768)"; flow:established,from_client; content:"GET"; http_method; content:"/futon"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356768/; classtype:trojan-activity;sid:84219868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356769)"; flow:established,from_client; content:"GET"; http_method; content:"/qq%e5%8d%8e%e5%a4%8f%e6%9b%b4%e6%96%b0%e6%96%87%e4%bb%b6/%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0%e8%be%85%e5%8a%a9%e7%a8%8b%e5%ba%8f.exe"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"kuakuawenjian.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356769/; classtype:trojan-activity;sid:84219869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356770)"; flow:established,from_client; content:"GET"; http_method; content:"/dark_brout_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356770/; classtype:trojan-activity;sid:84219870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356771)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/b0b34b3375b144c680a0456ffdd639a0.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356771/; classtype:trojan-activity;sid:84219871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356759)"; flow:established,from_client; content:"GET"; http_method; content:"/nan_autre_ncrypt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356759/; classtype:trojan-activity;sid:84219859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356760)"; flow:established,from_client; content:"GET"; http_method; content:"/pack_autre_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356760/; classtype:trojan-activity;sid:84219860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356761)"; flow:established,from_client; content:"GET"; http_method; content:"/smiple_4yue"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356761/; classtype:trojan-activity;sid:84219861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356753)"; flow:established,from_client; content:"GET"; http_method; content:"/4pof3-59-9hg44g.html"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cc-35g-pg03u5i-9gh-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356753/; classtype:trojan-activity;sid:84219853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356754)"; flow:established,from_client; content:"GET"; http_method; content:"/documentations09.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"constrainthome080doc-1318069902.cos.ap-chengdu.myqcloud.com"; http_host; depth:59; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356754/; classtype:trojan-activity;sid:84219854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356755)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356755/; classtype:trojan-activity;sid:84219855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356756)"; flow:established,from_client; content:"GET"; http_method; content:"/pack_brout_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356756/; classtype:trojan-activity;sid:84219856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356757)"; flow:established,from_client; content:"GET"; http_method; content:"/h43-59g-u493hg-9b3.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r7988-8t7jb6-u-1324992141.cos.ap-jakarta.myqcloud.com"; http_host; depth:53; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356757/; classtype:trojan-activity;sid:84219857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356758)"; flow:established,from_client; content:"GET"; http_method; content:"/36hg-04ik6-9j4-9h5.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f3i5-0g49bgn-3h95-1324992141.cos.ap-jakarta.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356758/; classtype:trojan-activity;sid:84219858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356746)"; flow:established,from_client; content:"GET"; http_method; content:"/easy-v1.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356746/; classtype:trojan-activity;sid:84219846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356747)"; flow:established,from_client; content:"GET"; http_method; content:"/s4egy.html"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"s4egy.oss-ap-northeast-1.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356747/; classtype:trojan-activity;sid:84219847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356748)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356748/; classtype:trojan-activity;sid:84219848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356749)"; flow:established,from_client; content:"GET"; http_method; content:"/b6fab9a8-3dab-4bf8-a2cb-b955b0c00ce8-11f44531fb088d31307d87b01e8eabff.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"files-ld.s3.us-east-2.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356749/; classtype:trojan-activity;sid:84219849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356750)"; flow:established,from_client; content:"GET"; http_method; content:"/35-0350gh9v-39yh5g.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"j-0-09g-9bh-h-ggf-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356750/; classtype:trojan-activity;sid:84219850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356751)"; flow:established,from_client; content:"GET"; http_method; content:"/simple"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356751/; classtype:trojan-activity;sid:84219851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356752)"; flow:established,from_client; content:"GET"; http_method; content:"/onerive.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"onlinemicrosoft-1318069902.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356752/; classtype:trojan-activity;sid:84219852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356745)"; flow:established,from_client; content:"GET"; http_method; content:"/news.html"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fegy.oss-ap-northeast-1.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356745/; classtype:trojan-activity;sid:84219845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356735)"; flow:established,from_client; content:"GET"; http_method; content:"/nan_autre_crypt.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356735/; classtype:trojan-activity;sid:84219835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356736)"; flow:established,from_client; content:"GET"; http_method; content:"/pack_brout_crypt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356736/; classtype:trojan-activity;sid:84219836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356737)"; flow:established,from_client; content:"GET"; http_method; content:"/pack_drole_crypt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356737/; classtype:trojan-activity;sid:84219837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356738)"; flow:established,from_client; content:"GET"; http_method; content:"/quas_brout_crypt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356738/; classtype:trojan-activity;sid:84219838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356739)"; flow:established,from_client; content:"GET"; http_method; content:"/pack_autre_crypt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356739/; classtype:trojan-activity;sid:84219839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356740)"; flow:established,from_client; content:"GET"; http_method; content:"/nan_brout_crypt.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356740/; classtype:trojan-activity;sid:84219840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356741)"; flow:established,from_client; content:"GET"; http_method; content:"/pack_drole_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356741/; classtype:trojan-activity;sid:84219841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356742)"; flow:established,from_client; content:"GET"; http_method; content:"/quas_autre_crypt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356742/; classtype:trojan-activity;sid:84219842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356743)"; flow:established,from_client; content:"GET"; http_method; content:"/dark_brout_crypt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356743/; classtype:trojan-activity;sid:84219843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356744)"; flow:established,from_client; content:"GET"; http_method; content:"/dark_autre_crypt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356744/; classtype:trojan-activity;sid:84219844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.160.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356734/; classtype:trojan-activity;sid:84219834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356732)"; flow:established,from_client; content:"GET"; http_method; content:"/worldwindclient.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356732/; classtype:trojan-activity;sid:84219832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356733)"; flow:established,from_client; content:"GET"; http_method; content:"/dyno-ai.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356733/; classtype:trojan-activity;sid:84219833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356731)"; flow:established,from_client; content:"GET"; http_method; content:"/dynai.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356731/; classtype:trojan-activity;sid:84219831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356730)"; flow:established,from_client; content:"GET"; http_method; content:"/1010-duck-01.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356730/; classtype:trojan-activity;sid:84219830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.147.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356729/; classtype:trojan-activity;sid:84219829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.45.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356727/; classtype:trojan-activity;sid:84219827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356726/; classtype:trojan-activity;sid:84219826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.150.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356725/; classtype:trojan-activity;sid:84219825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.225.36.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356724/; classtype:trojan-activity;sid:84219824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356723)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/kscan_windows_amd64.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356723/; classtype:trojan-activity;sid:84219823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356722)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/kscan_windows_arm64.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356722/; classtype:trojan-activity;sid:84219822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356721)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/fscan.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356721/; classtype:trojan-activity;sid:84219821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356720)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356720/; classtype:trojan-activity;sid:84219820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356719)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/winpeasx64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356719/; classtype:trojan-activity;sid:84219819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356718)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/browserghost.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356718/; classtype:trojan-activity;sid:84219818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356717)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/realblindingedr.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356717/; classtype:trojan-activity;sid:84219817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356714)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/sigmapotato.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356714/; classtype:trojan-activity;sid:84219814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356715)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/sigmapotatocore.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356715/; classtype:trojan-activity;sid:84219815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356716)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/jignesh.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356716/; classtype:trojan-activity;sid:84219816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356713)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/raw/main/client-built.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356713/; classtype:trojan-activity;sid:84219813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356710)"; flow:established,from_client; content:"GET"; http_method; content:"/local.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.241.217.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356710/; classtype:trojan-activity;sid:84219810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356711)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"189.241.217.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356711/; classtype:trojan-activity;sid:84219811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356712)"; flow:established,from_client; content:"GET"; http_method; content:"/client-builtlocal.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"189.241.217.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356712/; classtype:trojan-activity;sid:84219812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356709)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"suport24.ddns.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356709/; classtype:trojan-activity;sid:84219809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356708)"; flow:established,from_client; content:"GET"; http_method; content:"/client-builtlocal.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"suport24.ddns.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356708/; classtype:trojan-activity;sid:84219808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356707/; classtype:trojan-activity;sid:84219807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.57.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356706/; classtype:trojan-activity;sid:84219806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356705)"; flow:established,from_client; content:"GET"; http_method; content:"/mariolalo/myrec/refs/heads/main/notallowedtocrypt.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356705/; classtype:trojan-activity;sid:84219805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.227.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356704/; classtype:trojan-activity;sid:84219804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356703)"; flow:established,from_client; content:"GET"; http_method; content:"/pele.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pub-26ee9be236b54d0cb1b570a203543b93.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356703/; classtype:trojan-activity;sid:84219803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.38.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356702/; classtype:trojan-activity;sid:84219802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356700)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sordellina.js"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"158.69.36.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356700/; classtype:trojan-activity;sid:84219800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356701)"; flow:established,from_client; content:"GET"; http_method; content:"/bojwsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"raw.cardiacpure.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356701/; classtype:trojan-activity;sid:84219801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356699)"; flow:established,from_client; content:"GET"; http_method; content:"/host2024/document/downloads/fkgdhea.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356699/; classtype:trojan-activity;sid:84219799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356696)"; flow:established,from_client; content:"GET"; http_method; content:"/kqibeps"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"raw.cardiacpure.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356696/; classtype:trojan-activity;sid:84219796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356697)"; flow:established,from_client; content:"GET"; http_method; content:"/ngwa5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"raw.cardiacpure.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356697/; classtype:trojan-activity;sid:84219797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356698)"; flow:established,from_client; content:"GET"; http_method; content:"/fnkea7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"raw.cardiacpure.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356698/; classtype:trojan-activity;sid:84219798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356695)"; flow:established,from_client; content:"GET"; http_method; content:"/r/9yxna/0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356695/; classtype:trojan-activity;sid:84219795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356694)"; flow:established,from_client; content:"GET"; http_method; content:"/wkb86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"raw.cardiacpure.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356694/; classtype:trojan-activity;sid:84219794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356691)"; flow:established,from_client; content:"GET"; http_method; content:"/gnjqwpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"raw.cardiacpure.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356691/; classtype:trojan-activity;sid:84219791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356692)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356692/; classtype:trojan-activity;sid:84219792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356693)"; flow:established,from_client; content:"GET"; http_method; content:"/woega6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"raw.cardiacpure.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356693/; classtype:trojan-activity;sid:84219793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356688)"; flow:established,from_client; content:"GET"; http_method; content:"/njvwa4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"raw.cardiacpure.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356688/; classtype:trojan-activity;sid:84219788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356689)"; flow:established,from_client; content:"GET"; http_method; content:"/wrjkngh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"raw.cardiacpure.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356689/; classtype:trojan-activity;sid:84219789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356690)"; flow:established,from_client; content:"GET"; http_method; content:"/wlw68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"raw.cardiacpure.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356690/; classtype:trojan-activity;sid:84219790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356687)"; flow:established,from_client; content:"GET"; http_method; content:"/ngwa5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356687/; classtype:trojan-activity;sid:84219787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.83.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356677/; classtype:trojan-activity;sid:84219777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356678)"; flow:established,from_client; content:"GET"; http_method; content:"/bojwsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356678/; classtype:trojan-activity;sid:84219778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356679)"; flow:established,from_client; content:"GET"; http_method; content:"/wlw68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356679/; classtype:trojan-activity;sid:84219779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356680)"; flow:established,from_client; content:"GET"; http_method; content:"/wkb86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356680/; classtype:trojan-activity;sid:84219780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356681)"; flow:established,from_client; content:"GET"; http_method; content:"/gnjqwpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356681/; classtype:trojan-activity;sid:84219781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356682)"; flow:established,from_client; content:"GET"; http_method; content:"/wrjkngh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356682/; classtype:trojan-activity;sid:84219782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356683)"; flow:established,from_client; content:"GET"; http_method; content:"/kqibeps"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356683/; classtype:trojan-activity;sid:84219783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356684)"; flow:established,from_client; content:"GET"; http_method; content:"/woega6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356684/; classtype:trojan-activity;sid:84219784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356685)"; flow:established,from_client; content:"GET"; http_method; content:"/fnkea7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356685/; classtype:trojan-activity;sid:84219785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356686)"; flow:established,from_client; content:"GET"; http_method; content:"/njvwa4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356686/; classtype:trojan-activity;sid:84219786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.89.43.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356676/; classtype:trojan-activity;sid:84219776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.143.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356675/; classtype:trojan-activity;sid:84219775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.195.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356674/; classtype:trojan-activity;sid:84219774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.147.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356673/; classtype:trojan-activity;sid:84219773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.237.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356672/; classtype:trojan-activity;sid:84219772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356671/; classtype:trojan-activity;sid:84219771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.227.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356670/; classtype:trojan-activity;sid:84219770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356669)"; flow:established,from_client; content:"GET"; http_method; content:"/wjew64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356669/; classtype:trojan-activity;sid:84219769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.146.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356668/; classtype:trojan-activity;sid:84219768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.83.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356667/; classtype:trojan-activity;sid:84219767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.90.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356666/; classtype:trojan-activity;sid:84219766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.89.43.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356665/; classtype:trojan-activity;sid:84219765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.38.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356664/; classtype:trojan-activity;sid:84219764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356662)"; flow:established,from_client; content:"GET"; http_method; content:"/most-mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nsomikey.tokyo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356662/; classtype:trojan-activity;sid:84219762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356663)"; flow:established,from_client; content:"GET"; http_method; content:"/most-x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nsomikey.tokyo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356663/; classtype:trojan-activity;sid:84219763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356642)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.211.200.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356642/; classtype:trojan-activity;sid:84219742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356643)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.211.200.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356643/; classtype:trojan-activity;sid:84219743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356644)"; flow:established,from_client; content:"GET"; http_method; content:"/most-m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.211.200.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356644/; classtype:trojan-activity;sid:84219744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356645)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.211.200.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356645/; classtype:trojan-activity;sid:84219745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356646)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.211.200.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356646/; classtype:trojan-activity;sid:84219746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356647)"; flow:established,from_client; content:"GET"; http_method; content:"/most-x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.211.200.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356647/; classtype:trojan-activity;sid:84219747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.146.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356648/; classtype:trojan-activity;sid:84219748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356649)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nsomikey.tokyo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356649/; classtype:trojan-activity;sid:84219749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356650)"; flow:established,from_client; content:"GET"; http_method; content:"/most-sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.211.200.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356650/; classtype:trojan-activity;sid:84219750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356651)"; flow:established,from_client; content:"GET"; http_method; content:"/most-mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.211.200.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356651/; classtype:trojan-activity;sid:84219751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356652)"; flow:established,from_client; content:"GET"; http_method; content:"/most-mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.211.200.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356652/; classtype:trojan-activity;sid:84219752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356653)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nsomikey.tokyo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356653/; classtype:trojan-activity;sid:84219753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356654)"; flow:established,from_client; content:"GET"; http_method; content:"/most-sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nsomikey.tokyo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356654/; classtype:trojan-activity;sid:84219754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356655)"; flow:established,from_client; content:"GET"; http_method; content:"/most-m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nsomikey.tokyo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356655/; classtype:trojan-activity;sid:84219755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356656)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nsomikey.tokyo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356656/; classtype:trojan-activity;sid:84219756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356657)"; flow:established,from_client; content:"GET"; http_method; content:"/most-x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.211.200.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356657/; classtype:trojan-activity;sid:84219757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356658)"; flow:established,from_client; content:"GET"; http_method; content:"/most-x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"nsomikey.tokyo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356658/; classtype:trojan-activity;sid:84219758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356659)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nsomikey.tokyo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356659/; classtype:trojan-activity;sid:84219759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356660)"; flow:established,from_client; content:"GET"; http_method; content:"/most-mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nsomikey.tokyo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356660/; classtype:trojan-activity;sid:84219760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356661)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nsomikey.tokyo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356661/; classtype:trojan-activity;sid:84219761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356640)"; flow:established,from_client; content:"GET"; http_method; content:"/most-ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.211.200.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356640/; classtype:trojan-activity;sid:84219740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356641)"; flow:established,from_client; content:"GET"; http_method; content:"/most-spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.211.200.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356641/; classtype:trojan-activity;sid:84219741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356639/; classtype:trojan-activity;sid:84219739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.194.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356638/; classtype:trojan-activity;sid:84219738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356637/; classtype:trojan-activity;sid:84219737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.201.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356636/; classtype:trojan-activity;sid:84219736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.117.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356635/; classtype:trojan-activity;sid:84219735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.128.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356634/; classtype:trojan-activity;sid:84219734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.143.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356633/; classtype:trojan-activity;sid:84219733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.165.114.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356632/; classtype:trojan-activity;sid:84219732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356631/; classtype:trojan-activity;sid:84219731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.125.215.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356630/; classtype:trojan-activity;sid:84219730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.184.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356629/; classtype:trojan-activity;sid:84219729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.97.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356628/; classtype:trojan-activity;sid:84219728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356626)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"147.45.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356626/; classtype:trojan-activity;sid:84219726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.19.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356627/; classtype:trojan-activity;sid:84219727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356625)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.45.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356625/; classtype:trojan-activity;sid:84219725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356624)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"147.45.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356624/; classtype:trojan-activity;sid:84219724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356621)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.45.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356621/; classtype:trojan-activity;sid:84219721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356622)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.45.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356622/; classtype:trojan-activity;sid:84219722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356623)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"147.45.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356623/; classtype:trojan-activity;sid:84219723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356617)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"147.45.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356617/; classtype:trojan-activity;sid:84219717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356618)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356618/; classtype:trojan-activity;sid:84219718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356619)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"147.45.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356619/; classtype:trojan-activity;sid:84219719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.47.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356620/; classtype:trojan-activity;sid:84219720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356614)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356614/; classtype:trojan-activity;sid:84219714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356615)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356615/; classtype:trojan-activity;sid:84219715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356616)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356616/; classtype:trojan-activity;sid:84219716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356611)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356611/; classtype:trojan-activity;sid:84219711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356612)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356612/; classtype:trojan-activity;sid:84219712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356613)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356613/; classtype:trojan-activity;sid:84219713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356608)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.45.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356608/; classtype:trojan-activity;sid:84219708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356609)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356609/; classtype:trojan-activity;sid:84219709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356610)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356610/; classtype:trojan-activity;sid:84219710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356603)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.45.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356603/; classtype:trojan-activity;sid:84219703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356604)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"147.45.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356604/; classtype:trojan-activity;sid:84219704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356605)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.45.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356605/; classtype:trojan-activity;sid:84219705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356606)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356606/; classtype:trojan-activity;sid:84219706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356607)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356607/; classtype:trojan-activity;sid:84219707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.145.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356602/; classtype:trojan-activity;sid:84219702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356601/; classtype:trojan-activity;sid:84219701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.133.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356600/; classtype:trojan-activity;sid:84219700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.209.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356599/; classtype:trojan-activity;sid:84219699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.125.215.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356598/; classtype:trojan-activity;sid:84219698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.165.114.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356597/; classtype:trojan-activity;sid:84219697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356585)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356585/; classtype:trojan-activity;sid:84219685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356586)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356586/; classtype:trojan-activity;sid:84219686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356587)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356587/; classtype:trojan-activity;sid:84219687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356588)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356588/; classtype:trojan-activity;sid:84219688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356589)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356589/; classtype:trojan-activity;sid:84219689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356590)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356590/; classtype:trojan-activity;sid:84219690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356591)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356591/; classtype:trojan-activity;sid:84219691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356592)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356592/; classtype:trojan-activity;sid:84219692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356593)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356593/; classtype:trojan-activity;sid:84219693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356594)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356594/; classtype:trojan-activity;sid:84219694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356595)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356595/; classtype:trojan-activity;sid:84219695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356596)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356596/; classtype:trojan-activity;sid:84219696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.153.77.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356584/; classtype:trojan-activity;sid:84219684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.124.138.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356583/; classtype:trojan-activity;sid:84219683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.81.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356582/; classtype:trojan-activity;sid:84219682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356581)"; flow:established,from_client; content:"GET"; http_method; content:"/270/audi.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bruplong.oss-accelerate.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356581/; classtype:trojan-activity;sid:84219681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.90.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356580/; classtype:trojan-activity;sid:84219680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356578/; classtype:trojan-activity;sid:84219678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356579/; classtype:trojan-activity;sid:84219679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.192.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356576/; classtype:trojan-activity;sid:84219676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.213.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356577/; classtype:trojan-activity;sid:84219677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.236.244.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356575/; classtype:trojan-activity;sid:84219675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356574/; classtype:trojan-activity;sid:84219674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.241.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356573/; classtype:trojan-activity;sid:84219673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356572)"; flow:established,from_client; content:"GET"; http_method; content:"/sfyklight/vb-kaspersky-undetectedtable-crypter/raw/refs/heads/main/vb.net%20crypter%20v2.exe"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356572/; classtype:trojan-activity;sid:84219672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.146.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356571/; classtype:trojan-activity;sid:84219671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.2.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356570/; classtype:trojan-activity;sid:84219670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.81.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356569/; classtype:trojan-activity;sid:84219669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.128.95.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356567/; classtype:trojan-activity;sid:84219667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.184.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356568/; classtype:trojan-activity;sid:84219668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.244.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356566/; classtype:trojan-activity;sid:84219666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.177.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356564/; classtype:trojan-activity;sid:84219664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.47.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356565/; classtype:trojan-activity;sid:84219665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356558)"; flow:established,from_client; content:"GET"; http_method; content:"/wrr64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356558/; classtype:trojan-activity;sid:84219658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356559/; classtype:trojan-activity;sid:84219659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.227.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356560/; classtype:trojan-activity;sid:84219660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356561/; classtype:trojan-activity;sid:84219661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356562/; classtype:trojan-activity;sid:84219662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.146.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356563/; classtype:trojan-activity;sid:84219663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356557)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.115.162.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356557/; classtype:trojan-activity;sid:84219657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356556)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.33.224.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356556/; classtype:trojan-activity;sid:84219656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356555)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.33.224.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356555/; classtype:trojan-activity;sid:84219655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356554)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.115.162.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356554/; classtype:trojan-activity;sid:84219654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356553)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.33.224.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356553/; classtype:trojan-activity;sid:84219653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356552)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.115.162.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356552/; classtype:trojan-activity;sid:84219652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356551)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.189.17.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356551/; classtype:trojan-activity;sid:84219651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356550)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.189.17.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356550/; classtype:trojan-activity;sid:84219650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356549)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.189.17.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356549/; classtype:trojan-activity;sid:84219649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356548)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.33.224.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356548/; classtype:trojan-activity;sid:84219648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356546)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.115.162.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356546/; classtype:trojan-activity;sid:84219646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356547)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.189.17.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356547/; classtype:trojan-activity;sid:84219647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356544)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.189.17.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356544/; classtype:trojan-activity;sid:84219644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356545)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.115.162.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356545/; classtype:trojan-activity;sid:84219645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356540)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.33.224.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356540/; classtype:trojan-activity;sid:84219640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356541)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.33.224.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356541/; classtype:trojan-activity;sid:84219641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356542)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.189.17.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356542/; classtype:trojan-activity;sid:84219642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356543)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.115.162.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356543/; classtype:trojan-activity;sid:84219643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.2.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356539/; classtype:trojan-activity;sid:84219639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.241.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356538/; classtype:trojan-activity;sid:84219638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.174.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356536/; classtype:trojan-activity;sid:84219636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.115.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356537/; classtype:trojan-activity;sid:84219637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.229.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356535/; classtype:trojan-activity;sid:84219635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.248.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356534/; classtype:trojan-activity;sid:84219634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356533/; classtype:trojan-activity;sid:84219633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.214.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356532/; classtype:trojan-activity;sid:84219632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.67.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356531/; classtype:trojan-activity;sid:84219631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.79.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356530/; classtype:trojan-activity;sid:84219630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.48.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356529/; classtype:trojan-activity;sid:84219629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.96.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356528/; classtype:trojan-activity;sid:84219628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.166.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356527/; classtype:trojan-activity;sid:84219627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.11.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356526/; classtype:trojan-activity;sid:84219626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.252.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356525/; classtype:trojan-activity;sid:84219625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356523)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/dcv/greatindiancompaniesgivenbestgiftforyourhealthgivengoodreturns.hta"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"173.214.167.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356523/; classtype:trojan-activity;sid:84219623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356524)"; flow:established,from_client; content:"GET"; http_method; content:"/444/nicerose.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"173.214.167.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356524/; classtype:trojan-activity;sid:84219624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.248.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356522/; classtype:trojan-activity;sid:84219622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356516)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vmsynthstor.s3.ap-east-1.amazonaws.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356516/; classtype:trojan-activity;sid:84219616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356517)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"autilities.s3.ap-east-1.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356517/; classtype:trojan-activity;sid:84219617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356518)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uiamanager.s3.ap-east-1.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356518/; classtype:trojan-activity;sid:84219618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356519)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"softpuby.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356519/; classtype:trojan-activity;sid:84219619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356520)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"uiamanager.s3.ap-east-1.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356520/; classtype:trojan-activity;sid:84219620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356521)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cryptngc.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356521/; classtype:trojan-activity;sid:84219621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356489)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sscheduler.s3.ap-east-1.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356489/; classtype:trojan-activity;sid:84219589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356490)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aoracleclient.s3.ap-east-1.amazonaws.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356490/; classtype:trojan-activity;sid:84219590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356491)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sscheduler.s3.ap-east-1.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356491/; classtype:trojan-activity;sid:84219591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356492)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"lineapp1.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356492/; classtype:trojan-activity;sid:84219592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356493)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vmsynthstor.s3.ap-east-1.amazonaws.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356493/; classtype:trojan-activity;sid:84219593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356494)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cryptngc.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356494/; classtype:trojan-activity;sid:84219594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356495)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"iassvcs.s3.ap-east-1.amazonaws.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356495/; classtype:trojan-activity;sid:84219595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356496)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"softpuby.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356496/; classtype:trojan-activity;sid:84219596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356497)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eapprovp.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356497/; classtype:trojan-activity;sid:84219597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356498)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"autilities.s3.ap-east-1.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356498/; classtype:trojan-activity;sid:84219598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356499)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"iassvcs.s3.ap-east-1.amazonaws.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356499/; classtype:trojan-activity;sid:84219599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356500)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cryptngc.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356500/; classtype:trojan-activity;sid:84219600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356501)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"softpuby.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356501/; classtype:trojan-activity;sid:84219601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356502)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sscheduler.s3.ap-east-1.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356502/; classtype:trojan-activity;sid:84219602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356503)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"lnteropnew.s3.ap-east-1.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356503/; classtype:trojan-activity;sid:84219603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356504)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vmsynthstor.s3.ap-east-1.amazonaws.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356504/; classtype:trojan-activity;sid:84219604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356505)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aoracleclient.s3.ap-east-1.amazonaws.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356505/; classtype:trojan-activity;sid:84219605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356506)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eapprovp.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356506/; classtype:trojan-activity;sid:84219606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356507)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"roviders.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356507/; classtype:trojan-activity;sid:84219607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356508)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"uiamanager.s3.ap-east-1.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356508/; classtype:trojan-activity;sid:84219608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356509)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lnteropnew.s3.ap-east-1.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356509/; classtype:trojan-activity;sid:84219609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356510)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eapprovp.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356510/; classtype:trojan-activity;sid:84219610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356511)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aoracleclient.s3.ap-east-1.amazonaws.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356511/; classtype:trojan-activity;sid:84219611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356512)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lnteropnew.s3.ap-east-1.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356512/; classtype:trojan-activity;sid:84219612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356513)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"roviders.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356513/; classtype:trojan-activity;sid:84219613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356514)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"iassvcs.s3.ap-east-1.amazonaws.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356514/; classtype:trojan-activity;sid:84219614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356515)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"roviders.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356515/; classtype:trojan-activity;sid:84219615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356486)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lineapp1.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356486/; classtype:trojan-activity;sid:84219586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356487)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"autilities.s3.ap-east-1.amazonaws.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356487/; classtype:trojan-activity;sid:84219587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356488)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lineapp1.s3.ap-east-1.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356488/; classtype:trojan-activity;sid:84219588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.202.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356485/; classtype:trojan-activity;sid:84219585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.2.88.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356484/; classtype:trojan-activity;sid:84219584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356483)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bbbitcoin.oss-cn-hongkong.aliyuncs.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356483/; classtype:trojan-activity;sid:84219583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.48.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356482/; classtype:trojan-activity;sid:84219582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356481/; classtype:trojan-activity;sid:84219581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.67.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356480/; classtype:trojan-activity;sid:84219580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.239.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356479/; classtype:trojan-activity;sid:84219579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.42.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356478/; classtype:trojan-activity;sid:84219578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.214.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356477/; classtype:trojan-activity;sid:84219577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.63.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356476/; classtype:trojan-activity;sid:84219576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356475/; classtype:trojan-activity;sid:84219575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.42.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356474/; classtype:trojan-activity;sid:84219574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356473/; classtype:trojan-activity;sid:84219573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.225.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356472/; classtype:trojan-activity;sid:84219572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356471)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a17rrr1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356471/; classtype:trojan-activity;sid:84219571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356463)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356463/; classtype:trojan-activity;sid:84219563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356464)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356464/; classtype:trojan-activity;sid:84219564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356465)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356465/; classtype:trojan-activity;sid:84219565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356466)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a16eea1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356466/; classtype:trojan-activity;sid:84219566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356467)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356467/; classtype:trojan-activity;sid:84219567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356468)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356468/; classtype:trojan-activity;sid:84219568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356469)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a26bbb1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356469/; classtype:trojan-activity;sid:84219569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356470)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a11xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356470/; classtype:trojan-activity;sid:84219570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356458)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a16eea1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356458/; classtype:trojan-activity;sid:84219558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356459)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356459/; classtype:trojan-activity;sid:84219559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356460)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a16eea1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356460/; classtype:trojan-activity;sid:84219560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356461)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a11xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356461/; classtype:trojan-activity;sid:84219561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356462)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356462/; classtype:trojan-activity;sid:84219562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356457)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a11xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356457/; classtype:trojan-activity;sid:84219557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356455)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a17rrr1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356455/; classtype:trojan-activity;sid:84219555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356456)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a26bbb1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356456/; classtype:trojan-activity;sid:84219556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356453)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a26bbb1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356453/; classtype:trojan-activity;sid:84219553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356454)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356454/; classtype:trojan-activity;sid:84219554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356450)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356450/; classtype:trojan-activity;sid:84219550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356451)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356451/; classtype:trojan-activity;sid:84219551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356452)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a17rrr1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356452/; classtype:trojan-activity;sid:84219552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356449)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a16eea1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356449/; classtype:trojan-activity;sid:84219549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356447)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356447/; classtype:trojan-activity;sid:84219547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356448)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a11xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356448/; classtype:trojan-activity;sid:84219548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356441)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a17rrr1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356441/; classtype:trojan-activity;sid:84219541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356442)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356442/; classtype:trojan-activity;sid:84219542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356443)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356443/; classtype:trojan-activity;sid:84219543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356444)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a26bbb1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356444/; classtype:trojan-activity;sid:84219544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356445)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356445/; classtype:trojan-activity;sid:84219545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356446)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356446/; classtype:trojan-activity;sid:84219546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.5.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356440/; classtype:trojan-activity;sid:84219540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.207.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356439/; classtype:trojan-activity;sid:84219539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.5.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356438/; classtype:trojan-activity;sid:84219538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.245.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356437/; classtype:trojan-activity;sid:84219537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.93.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356436/; classtype:trojan-activity;sid:84219536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.244.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356435/; classtype:trojan-activity;sid:84219535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.254.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356434/; classtype:trojan-activity;sid:84219534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356429)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.224.220.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356429/; classtype:trojan-activity;sid:84219529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356428/; classtype:trojan-activity;sid:84219528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356426/; classtype:trojan-activity;sid:84219526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.255.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356427/; classtype:trojan-activity;sid:84219527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356425)"; flow:established,from_client; content:"GET"; http_method; content:"/fgh8090051/jgh/-/raw/main/fga1812.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356425/; classtype:trojan-activity;sid:84219525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.129.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356424/; classtype:trojan-activity;sid:84219524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356422)"; flow:established,from_client; content:"GET"; http_method; content:"/fgh8090051/jgh/-/raw/main/kjshdgacg18.bat"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356422/; classtype:trojan-activity;sid:84219522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356423)"; flow:established,from_client; content:"GET"; http_method; content:"/fgh8090051/jgh/-/raw/main/hnsjdghf18.bat"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356423/; classtype:trojan-activity;sid:84219523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.82.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356421/; classtype:trojan-activity;sid:84219521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.159.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356420/; classtype:trojan-activity;sid:84219520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.239.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356419/; classtype:trojan-activity;sid:84219519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.54.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356418/; classtype:trojan-activity;sid:84219518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.254.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356417/; classtype:trojan-activity;sid:84219517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.38.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356416/; classtype:trojan-activity;sid:84219516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.46.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356414/; classtype:trojan-activity;sid:84219514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.179.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356415/; classtype:trojan-activity;sid:84219515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356410/; classtype:trojan-activity;sid:84219510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.9.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356411/; classtype:trojan-activity;sid:84219511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.119.100.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356412/; classtype:trojan-activity;sid:84219512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.5.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356413/; classtype:trojan-activity;sid:84219513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.31.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356409/; classtype:trojan-activity;sid:84219509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.127.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356408/; classtype:trojan-activity;sid:84219508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356407/; classtype:trojan-activity;sid:84219507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.67.224"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356406/; classtype:trojan-activity;sid:84219506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.115.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356404/; classtype:trojan-activity;sid:84219504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.141.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356405/; classtype:trojan-activity;sid:84219505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.115.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356403/; classtype:trojan-activity;sid:84219503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.93.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356402/; classtype:trojan-activity;sid:84219502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.94.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356401/; classtype:trojan-activity;sid:84219501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356400/; classtype:trojan-activity;sid:84219500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.22.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356399/; classtype:trojan-activity;sid:84219499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.147.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356398/; classtype:trojan-activity;sid:84219498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.82.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356397/; classtype:trojan-activity;sid:84219497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.65.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356396/; classtype:trojan-activity;sid:84219496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.9.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356395/; classtype:trojan-activity;sid:84219495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356392)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"anydesk17.s3.ap-east-1.amazonaws.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356392/; classtype:trojan-activity;sid:84219492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356393)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"anydesk17.s3.ap-east-1.amazonaws.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356393/; classtype:trojan-activity;sid:84219493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356394)"; flow:established,from_client; content:"GET"; http_method; content:"/aut.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"anydesk17.s3.ap-east-1.amazonaws.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356394/; classtype:trojan-activity;sid:84219494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.237.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356391/; classtype:trojan-activity;sid:84219491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.191.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356390/; classtype:trojan-activity;sid:84219490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.80.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356389/; classtype:trojan-activity;sid:84219489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356388)"; flow:established,from_client; content:"GET"; http_method; content:"/kkg2w2.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"overboardlogist.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356388/; classtype:trojan-activity;sid:84219488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.198.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356387/; classtype:trojan-activity;sid:84219487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.77.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356386/; classtype:trojan-activity;sid:84219486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356385/; classtype:trojan-activity;sid:84219485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.17.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356384/; classtype:trojan-activity;sid:84219484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.82.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356383/; classtype:trojan-activity;sid:84219483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.25.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356382/; classtype:trojan-activity;sid:84219482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.148.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356381/; classtype:trojan-activity;sid:84219481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.107.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356380/; classtype:trojan-activity;sid:84219480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.32.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356379/; classtype:trojan-activity;sid:84219479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.88.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356378/; classtype:trojan-activity;sid:84219478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.193.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356377/; classtype:trojan-activity;sid:84219477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.198.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356376/; classtype:trojan-activity;sid:84219476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.191.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356375/; classtype:trojan-activity;sid:84219475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.234.159.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356374/; classtype:trojan-activity;sid:84219474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.107.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356373/; classtype:trojan-activity;sid:84219473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.5.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356372/; classtype:trojan-activity;sid:84219472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356371/; classtype:trojan-activity;sid:84219471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.165.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356370/; classtype:trojan-activity;sid:84219470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.32.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356369/; classtype:trojan-activity;sid:84219469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.183.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356368/; classtype:trojan-activity;sid:84219468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.91.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356367/; classtype:trojan-activity;sid:84219467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.127.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356363/; classtype:trojan-activity;sid:84219463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.249.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356364/; classtype:trojan-activity;sid:84219464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.238.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356365/; classtype:trojan-activity;sid:84219465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356366/; classtype:trojan-activity;sid:84219466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.152.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356362/; classtype:trojan-activity;sid:84219462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.56.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356361/; classtype:trojan-activity;sid:84219461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.244.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356360/; classtype:trojan-activity;sid:84219460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356359)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"20.221.64.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356359/; classtype:trojan-activity;sid:84219459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356358)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"20.221.64.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356358/; classtype:trojan-activity;sid:84219458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356356)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"20.221.64.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356356/; classtype:trojan-activity;sid:84219456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356357)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"20.221.64.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356357/; classtype:trojan-activity;sid:84219457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.105.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356347/; classtype:trojan-activity;sid:84219447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.203.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356348/; classtype:trojan-activity;sid:84219448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356349)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"20.221.64.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356349/; classtype:trojan-activity;sid:84219449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356350)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"20.221.64.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356350/; classtype:trojan-activity;sid:84219450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356351)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"20.221.64.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356351/; classtype:trojan-activity;sid:84219451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356352)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"20.221.64.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356352/; classtype:trojan-activity;sid:84219452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356353)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"20.221.64.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356353/; classtype:trojan-activity;sid:84219453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356354)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"20.221.64.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356354/; classtype:trojan-activity;sid:84219454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356355)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"20.221.64.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356355/; classtype:trojan-activity;sid:84219455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.35.78.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356346/; classtype:trojan-activity;sid:84219446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356345/; classtype:trojan-activity;sid:84219445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.240.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356344/; classtype:trojan-activity;sid:84219444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356343/; classtype:trojan-activity;sid:84219443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.22.217.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356342/; classtype:trojan-activity;sid:84219442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.29.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356341/; classtype:trojan-activity;sid:84219441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.106.253.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356340/; classtype:trojan-activity;sid:84219440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.244.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356339/; classtype:trojan-activity;sid:84219439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356338/; classtype:trojan-activity;sid:84219438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.245.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356337/; classtype:trojan-activity;sid:84219437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.93.149.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356336/; classtype:trojan-activity;sid:84219436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.107.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356335/; classtype:trojan-activity;sid:84219435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356334/; classtype:trojan-activity;sid:84219434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.203.126.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356333/; classtype:trojan-activity;sid:84219433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.221.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356332/; classtype:trojan-activity;sid:84219432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.70.228.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356331/; classtype:trojan-activity;sid:84219431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.105.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356329/; classtype:trojan-activity;sid:84219429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.127.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356330/; classtype:trojan-activity;sid:84219430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.161.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356328/; classtype:trojan-activity;sid:84219428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.245.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356327/; classtype:trojan-activity;sid:84219427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.22.217.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356326/; classtype:trojan-activity;sid:84219426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356325/; classtype:trojan-activity;sid:84219425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.252.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356324/; classtype:trojan-activity;sid:84219424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.198.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356323/; classtype:trojan-activity;sid:84219423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356322/; classtype:trojan-activity;sid:84219422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.33.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356321/; classtype:trojan-activity;sid:84219421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356320/; classtype:trojan-activity;sid:84219420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.240.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356319/; classtype:trojan-activity;sid:84219419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.80.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356318/; classtype:trojan-activity;sid:84219418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.37.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356317/; classtype:trojan-activity;sid:84219417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.14.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356316/; classtype:trojan-activity;sid:84219416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356315)"; flow:established,from_client; content:"GET"; http_method; content:"/fbuhjxbsfsc116.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"212.162.149.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356315/; classtype:trojan-activity;sid:84219415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356313)"; flow:established,from_client; content:"GET"; http_method; content:"/teorhdggbvssqorybiqpbdk31.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"84.38.133.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356313/; classtype:trojan-activity;sid:84219413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356314)"; flow:established,from_client; content:"GET"; http_method; content:"/lsozhkhtjlarws124.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.38.133.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356314/; classtype:trojan-activity;sid:84219414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.112.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356312/; classtype:trojan-activity;sid:84219412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356311)"; flow:established,from_client; content:"GET"; http_method; content:"/fr_re/facture%20nr90382783983489.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"83.136.209.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356311/; classtype:trojan-activity;sid:84219411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356308)"; flow:established,from_client; content:"GET"; http_method; content:"/fr_re/facture%20nr90382783983489.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"additional-markets-fee-romance.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356308/; classtype:trojan-activity;sid:84219408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356309)"; flow:established,from_client; content:"GET"; http_method; content:"/22txdbb1.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"additional-markets-fee-romance.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356309/; classtype:trojan-activity;sid:84219409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356310)"; flow:established,from_client; content:"GET"; http_method; content:"/22txdbb1.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"makingbmw2skodahossh.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356310/; classtype:trojan-activity;sid:84219410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356307)"; flow:established,from_client; content:"GET"; http_method; content:"/22txdbb1.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"83.136.209.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356307/; classtype:trojan-activity;sid:84219407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356301)"; flow:established,from_client; content:"GET"; http_method; content:"/ge_in/nr_490284_973783_0427.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"83.136.209.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356301/; classtype:trojan-activity;sid:84219401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356302/; classtype:trojan-activity;sid:84219402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356303)"; flow:established,from_client; content:"GET"; http_method; content:"/ge_dh/equittung%20%231216240001.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"makingbmw2skodahossh.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356303/; classtype:trojan-activity;sid:84219403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356304)"; flow:established,from_client; content:"GET"; http_method; content:"/ge_in/nr_490284_973783_0427.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"makingbmw2skodahossh.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356304/; classtype:trojan-activity;sid:84219404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356305)"; flow:established,from_client; content:"GET"; http_method; content:"/ge_in/nr_490284_973783_0427.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"additional-markets-fee-romance.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356305/; classtype:trojan-activity;sid:84219405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356306)"; flow:established,from_client; content:"GET"; http_method; content:"/fr_re/facture%20nr90382783983489.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"makingbmw2skodahossh.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356306/; classtype:trojan-activity;sid:84219406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356300)"; flow:established,from_client; content:"GET"; http_method; content:"/ge_dh/equittung%20%231216240001.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"83.136.209.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356300/; classtype:trojan-activity;sid:84219400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356297)"; flow:established,from_client; content:"GET"; http_method; content:"/okko.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.136.209.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356297/; classtype:trojan-activity;sid:84219397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356298)"; flow:established,from_client; content:"GET"; http_method; content:"/okko.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"makingbmw2skodahossh.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356298/; classtype:trojan-activity;sid:84219398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356299)"; flow:established,from_client; content:"GET"; http_method; content:"/okko.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"additional-markets-fee-romance.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356299/; classtype:trojan-activity;sid:84219399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.70.228.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356295/; classtype:trojan-activity;sid:84219395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356296/; classtype:trojan-activity;sid:84219396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356294)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baobotanh.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356294/; classtype:trojan-activity;sid:84219394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duy002.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356289/; classtype:trojan-activity;sid:84219389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356290)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duyfinal3.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356290/; classtype:trojan-activity;sid:84219390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356291)"; flow:established,from_client; content:"GET"; http_method; content:"/ge_dh/equittung%20%231216240001.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"additional-markets-fee-romance.trycloudflare.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356291/; classtype:trojan-activity;sid:84219391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356292)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/finaldemo.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356292/; classtype:trojan-activity;sid:84219392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356293)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duy001.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356293/; classtype:trojan-activity;sid:84219393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/final2.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356281/; classtype:trojan-activity;sid:84219381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/final2.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356282/; classtype:trojan-activity;sid:84219382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baobotpdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356283/; classtype:trojan-activity;sid:84219383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piteranh.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356284/; classtype:trojan-activity;sid:84219384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356285/; classtype:trojan-activity;sid:84219385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356286)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/botanh.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356286/; classtype:trojan-activity;sid:84219386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356287)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piterpdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356287/; classtype:trojan-activity;sid:84219387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/botpdf.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356288/; classtype:trojan-activity;sid:84219388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.39.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356280/; classtype:trojan-activity;sid:84219380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356279)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duyba.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.23.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356279/; classtype:trojan-activity;sid:84219379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.201.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356278/; classtype:trojan-activity;sid:84219378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.221.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356277/; classtype:trojan-activity;sid:84219377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356276/; classtype:trojan-activity;sid:84219376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356275/; classtype:trojan-activity;sid:84219375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.17.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356274/; classtype:trojan-activity;sid:84219374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.83.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356273/; classtype:trojan-activity;sid:84219373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.44.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356272/; classtype:trojan-activity;sid:84219372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356271/; classtype:trojan-activity;sid:84219371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.39.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356270/; classtype:trojan-activity;sid:84219370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356269/; classtype:trojan-activity;sid:84219369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.22.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356266/; classtype:trojan-activity;sid:84219366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.70.228.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356267/; classtype:trojan-activity;sid:84219367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.13.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356268/; classtype:trojan-activity;sid:84219368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.190.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356265/; classtype:trojan-activity;sid:84219365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.74.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356263/; classtype:trojan-activity;sid:84219363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356264)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.27.28.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356264/; classtype:trojan-activity;sid:84219364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.151.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356262/; classtype:trojan-activity;sid:84219362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.80.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356261/; classtype:trojan-activity;sid:84219361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.46.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356260/; classtype:trojan-activity;sid:84219360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356259/; classtype:trojan-activity;sid:84219359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.201.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356258/; classtype:trojan-activity;sid:84219358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.95.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356257/; classtype:trojan-activity;sid:84219357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356256/; classtype:trojan-activity;sid:84219356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.22.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356255/; classtype:trojan-activity;sid:84219355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.74.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356253/; classtype:trojan-activity;sid:84219353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356254)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.173.71.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356254/; classtype:trojan-activity;sid:84219354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.120.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356252/; classtype:trojan-activity;sid:84219352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.0.0.111"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356250/; classtype:trojan-activity;sid:84219350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356251/; classtype:trojan-activity;sid:84219351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356248/; classtype:trojan-activity;sid:84219348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356249/; classtype:trojan-activity;sid:84219349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.220.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356247/; classtype:trojan-activity;sid:84219347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.226.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356245/; classtype:trojan-activity;sid:84219345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.203.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356246/; classtype:trojan-activity;sid:84219346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.175.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356244/; classtype:trojan-activity;sid:84219344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.8.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356243/; classtype:trojan-activity;sid:84219343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356239/; classtype:trojan-activity;sid:84219339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.163.241.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356240/; classtype:trojan-activity;sid:84219340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.10.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356241/; classtype:trojan-activity;sid:84219341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.111.75.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356242/; classtype:trojan-activity;sid:84219342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356238/; classtype:trojan-activity;sid:84219338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.216.24.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356237/; classtype:trojan-activity;sid:84219337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.151.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356236/; classtype:trojan-activity;sid:84219336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.39.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356234/; classtype:trojan-activity;sid:84219334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.111.131.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356235/; classtype:trojan-activity;sid:84219335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.95.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356233/; classtype:trojan-activity;sid:84219333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.254.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356232/; classtype:trojan-activity;sid:84219332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.77.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356231/; classtype:trojan-activity;sid:84219331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.226.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356230/; classtype:trojan-activity;sid:84219330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.157.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356229/; classtype:trojan-activity;sid:84219329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356228/; classtype:trojan-activity;sid:84219328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356227/; classtype:trojan-activity;sid:84219327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.11.132.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356226/; classtype:trojan-activity;sid:84219326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.120.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356225/; classtype:trojan-activity;sid:84219325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.31.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356224/; classtype:trojan-activity;sid:84219324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.248.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356223/; classtype:trojan-activity;sid:84219323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356222)"; flow:established,from_client; content:"GET"; http_method; content:"/ralphcvs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"polovoiinspektor.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356222/; classtype:trojan-activity;sid:84219322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.77.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356221/; classtype:trojan-activity;sid:84219321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.39.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356220/; classtype:trojan-activity;sid:84219320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.148.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356219/; classtype:trojan-activity;sid:84219319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.179.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356218/; classtype:trojan-activity;sid:84219318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.82.50.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356217/; classtype:trojan-activity;sid:84219317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356216/; classtype:trojan-activity;sid:84219316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356215/; classtype:trojan-activity;sid:84219315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.93.149.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356214/; classtype:trojan-activity;sid:84219314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.89.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356212/; classtype:trojan-activity;sid:84219312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.157.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356213/; classtype:trojan-activity;sid:84219313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.136.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356210/; classtype:trojan-activity;sid:84219310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356211/; classtype:trojan-activity;sid:84219311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.132.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356209/; classtype:trojan-activity;sid:84219309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.102.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356208/; classtype:trojan-activity;sid:84219308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.249.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356207/; classtype:trojan-activity;sid:84219307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.253.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356206/; classtype:trojan-activity;sid:84219306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.50.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356205/; classtype:trojan-activity;sid:84219305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.198.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356204/; classtype:trojan-activity;sid:84219304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.37.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356203/; classtype:trojan-activity;sid:84219303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356202/; classtype:trojan-activity;sid:84219302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.130.191.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356201/; classtype:trojan-activity;sid:84219301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.249.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356200/; classtype:trojan-activity;sid:84219300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.89.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356199/; classtype:trojan-activity;sid:84219299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.104.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356198/; classtype:trojan-activity;sid:84219298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356196/; classtype:trojan-activity;sid:84219296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.163.244.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356197/; classtype:trojan-activity;sid:84219297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.77.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356195/; classtype:trojan-activity;sid:84219295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.240.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356194/; classtype:trojan-activity;sid:84219294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.67.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356193/; classtype:trojan-activity;sid:84219293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.200.168.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356192/; classtype:trojan-activity;sid:84219292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.109.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356191/; classtype:trojan-activity;sid:84219291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.115.171.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356190/; classtype:trojan-activity;sid:84219290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356189/; classtype:trojan-activity;sid:84219289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.194.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356188/; classtype:trojan-activity;sid:84219288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.111.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356187/; classtype:trojan-activity;sid:84219287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.198.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356186/; classtype:trojan-activity;sid:84219286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.27.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356185/; classtype:trojan-activity;sid:84219285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.37.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356184/; classtype:trojan-activity;sid:84219284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356183/; classtype:trojan-activity;sid:84219283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.130.191.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356182/; classtype:trojan-activity;sid:84219282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356181)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356181/; classtype:trojan-activity;sid:84219281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356174)"; flow:established,from_client; content:"GET"; http_method; content:"/zls2024/not-download/refs/heads/main/discord.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356174/; classtype:trojan-activity;sid:84219274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356175)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidisigmer/fncleanerv2/refs/heads/main/cleanerv2.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356175/; classtype:trojan-activity;sid:84219275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356176)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356176/; classtype:trojan-activity;sid:84219276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356177)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356177/; classtype:trojan-activity;sid:84219277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356178)"; flow:established,from_client; content:"GET"; http_method; content:"/bormasina/test/refs/heads/main/defender64.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356178/; classtype:trojan-activity;sid:84219278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356179)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/1434orz.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356179/; classtype:trojan-activity;sid:84219279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356180)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/refs/heads/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356180/; classtype:trojan-activity;sid:84219280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356165)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/refs/heads/main/amogus.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356165/; classtype:trojan-activity;sid:84219265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356166)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/discord/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356166/; classtype:trojan-activity;sid:84219266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356167)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/refs/heads/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356167/; classtype:trojan-activity;sid:84219267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356168)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/refs/heads/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356168/; classtype:trojan-activity;sid:84219268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356169)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/refs/heads/main/client-built.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356169/; classtype:trojan-activity;sid:84219269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356170)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/refs/heads/main/registry.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356170/; classtype:trojan-activity;sid:84219270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356171)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/refs/heads/main/java.exe"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356171/; classtype:trojan-activity;sid:84219271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356172)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/sgvp%20client%20program.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356172/; classtype:trojan-activity;sid:84219272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356173)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/refs/heads/main/kys.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356173/; classtype:trojan-activity;sid:84219273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356162)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/refs/heads/main/critscript.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356162/; classtype:trojan-activity;sid:84219262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356163)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/refs/heads/main/example_win32_dx11.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356163/; classtype:trojan-activity;sid:84219263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356164)"; flow:established,from_client; content:"GET"; http_method; content:"/cmaster324-cell/su/refs/heads/main/client.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356164/; classtype:trojan-activity;sid:84219264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356160)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/refs/heads/main/runtime%20broker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356160/; classtype:trojan-activity;sid:84219260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356161)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356161/; classtype:trojan-activity;sid:84219261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356158)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/executablelol.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356158/; classtype:trojan-activity;sid:84219258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356159)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/spectrum/refs/heads/main/spectrum.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356159/; classtype:trojan-activity;sid:84219259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356157)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/erth/refs/heads/main/wenzcord.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356157/; classtype:trojan-activity;sid:84219257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356156)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/refs/heads/main/svhost.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356156/; classtype:trojan-activity;sid:84219256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356154)"; flow:established,from_client; content:"GET"; http_method; content:"/r/9yxna/0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356154/; classtype:trojan-activity;sid:84219254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356155/; classtype:trojan-activity;sid:84219255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356144)"; flow:established,from_client; content:"GET"; http_method; content:"/jordinateur99/am/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356144/; classtype:trojan-activity;sid:84219244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356145)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/refs/heads/main/fast%20download.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356145/; classtype:trojan-activity;sid:84219245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356146)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/refs/heads/main/sentil.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356146/; classtype:trojan-activity;sid:84219246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356147)"; flow:established,from_client; content:"GET"; http_method; content:"/raz233/rgdgdrg/refs/heads/main/client.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356147/; classtype:trojan-activity;sid:84219247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356148)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedk97/xwqd21waddqwdv/refs/heads/main/server.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356148/; classtype:trojan-activity;sid:84219248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356149)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/refs/heads/main/newest.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356149/; classtype:trojan-activity;sid:84219249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356150)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/refs/heads/main/cnct.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356150/; classtype:trojan-activity;sid:84219250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356151)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/skibidi.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356151/; classtype:trojan-activity;sid:84219251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356152)"; flow:established,from_client; content:"GET"; http_method; content:"/files/remcos.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"158.69.36.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356152/; classtype:trojan-activity;sid:84219252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356153)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/vanilla.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356153/; classtype:trojan-activity;sid:84219253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356137)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356137/; classtype:trojan-activity;sid:84219237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356138)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/refs/heads/main/installer.exe.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356138/; classtype:trojan-activity;sid:84219238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356139)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/lmao.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356139/; classtype:trojan-activity;sid:84219239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356140)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/refs/heads/main/testme.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356140/; classtype:trojan-activity;sid:84219240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356141)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/refs/heads/main/negarque.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356141/; classtype:trojan-activity;sid:84219241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356142)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/refs/heads/main/installer.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356142/; classtype:trojan-activity;sid:84219242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356143)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/main/client-built.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356143/; classtype:trojan-activity;sid:84219243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356135)"; flow:established,from_client; content:"GET"; http_method; content:"/monkey958/sdasd/refs/heads/main/856.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356135/; classtype:trojan-activity;sid:84219235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356136)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/refs/heads/main/runtimebroker.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356136/; classtype:trojan-activity;sid:84219236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356134)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356134/; classtype:trojan-activity;sid:84219234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356133)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/refs/heads/main/444.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356133/; classtype:trojan-activity;sid:84219233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356132)"; flow:established,from_client; content:"GET"; http_method; content:"/impar0/tryyy/refs/heads/main/client.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356132/; classtype:trojan-activity;sid:84219232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356126)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/refs/heads/main/joiner.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356126/; classtype:trojan-activity;sid:84219226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356127)"; flow:established,from_client; content:"GET"; http_method; content:"/krevedko3221/porno/refs/heads/main/mos%20ssssttttt.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356127/; classtype:trojan-activity;sid:84219227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356128)"; flow:established,from_client; content:"GET"; http_method; content:"/h4ck3dv0d4/terminal-test/refs/heads/main/terminal_9235.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356128/; classtype:trojan-activity;sid:84219228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356129)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/refs/heads/main/server1.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356129/; classtype:trojan-activity;sid:84219229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356130)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/refs/heads/main/startup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356130/; classtype:trojan-activity;sid:84219230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356131)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/refs/heads/main/microsoft_hardware_launch.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356131/; classtype:trojan-activity;sid:84219231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356120)"; flow:established,from_client; content:"GET"; http_method; content:"/alnyak/test/refs/heads/main/testingg.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356120/; classtype:trojan-activity;sid:84219220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356121)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356121/; classtype:trojan-activity;sid:84219221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356122)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrecxxil/syndicate/refs/heads/main/main.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356122/; classtype:trojan-activity;sid:84219222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356123)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatsan/fcuk/refs/heads/main/client.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356123/; classtype:trojan-activity;sid:84219223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356124)"; flow:established,from_client; content:"GET"; http_method; content:"/paketpk/trojan/refs/heads/main/njsilent.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356124/; classtype:trojan-activity;sid:84219224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356125)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/refs/heads/main/aaa%20(3).exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356125/; classtype:trojan-activity;sid:84219225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356117)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicxz/fnaf-1/refs/heads/main/fusca%20game.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356117/; classtype:trojan-activity;sid:84219217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356118)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/refs/heads/main/powerrat.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356118/; classtype:trojan-activity;sid:84219218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356119)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/refs/heads/main/lastest.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356119/; classtype:trojan-activity;sid:84219219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356116)"; flow:established,from_client; content:"GET"; http_method; content:"/bytrosyt/xuy/refs/heads/main/minet.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356116/; classtype:trojan-activity;sid:84219216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356112)"; flow:established,from_client; content:"GET"; http_method; content:"/krishnatherock9673/krishna22/refs/heads/main/krishna33.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356112/; classtype:trojan-activity;sid:84219212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356113)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/refs/heads/main/system.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356113/; classtype:trojan-activity;sid:84219213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356114)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/refs/heads/main/enai2.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356114/; classtype:trojan-activity;sid:84219214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356115)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/refs/heads/main/discord2.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356115/; classtype:trojan-activity;sid:84219215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356111)"; flow:established,from_client; content:"GET"; http_method; content:"/45/wcc/nicetrickingthingsgoodforentirethingsbetweenhershortthingsgoodforeveryone.hta"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"74.208.80.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356111/; classtype:trojan-activity;sid:84219211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356109)"; flow:established,from_client; content:"GET"; http_method; content:"/450/vbc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.95.122.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356109/; classtype:trojan-activity;sid:84219209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356110)"; flow:established,from_client; content:"GET"; http_method; content:"/333/12.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.23.96.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356110/; classtype:trojan-activity;sid:84219210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356108)"; flow:established,from_client; content:"GET"; http_method; content:"/artdonjon/loader.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"kaboum.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356108/; classtype:trojan-activity;sid:84219208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356106)"; flow:established,from_client; content:"GET"; http_method; content:"/jordinateur99/am/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356106/; classtype:trojan-activity;sid:84219206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356107)"; flow:established,from_client; content:"GET"; http_method; content:"/punchyypvp/amig-op/releases/download/1/directx.dll"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356107/; classtype:trojan-activity;sid:84219207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356102)"; flow:established,from_client; content:"GET"; http_method; content:"/americasssss.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.3.243.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356102/; classtype:trojan-activity;sid:84219202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356103)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/ds8.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356103/; classtype:trojan-activity;sid:84219203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356104)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/clip64.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vitantgroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356104/; classtype:trojan-activity;sid:84219204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356105)"; flow:established,from_client; content:"GET"; http_method; content:"/cl.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"laughing-kowalevski.66-63-187-84.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356105/; classtype:trojan-activity;sid:84219205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356101)"; flow:established,from_client; content:"GET"; http_method; content:"/42.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dl.updatepush.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356101/; classtype:trojan-activity;sid:84219201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356096)"; flow:established,from_client; content:"GET"; http_method; content:"/6da61cc9df0e0899/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"95.215.204.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356096/; classtype:trojan-activity;sid:84219196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356097)"; flow:established,from_client; content:"GET"; http_method; content:"/6da61cc9df0e0899/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"95.215.204.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356097/; classtype:trojan-activity;sid:84219197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356098)"; flow:established,from_client; content:"GET"; http_method; content:"/6da61cc9df0e0899/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"95.215.204.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356098/; classtype:trojan-activity;sid:84219198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356099)"; flow:established,from_client; content:"GET"; http_method; content:"/6da61cc9df0e0899/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"95.215.204.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356099/; classtype:trojan-activity;sid:84219199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356100)"; flow:established,from_client; content:"GET"; http_method; content:"/6da61cc9df0e0899/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"95.215.204.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356100/; classtype:trojan-activity;sid:84219200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.161.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356095/; classtype:trojan-activity;sid:84219195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356094)"; flow:established,from_client; content:"GET"; http_method; content:"/fx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.49.14.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356094/; classtype:trojan-activity;sid:84219194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.240.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356092/; classtype:trojan-activity;sid:84219192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.66.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356093/; classtype:trojan-activity;sid:84219193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.200.168.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356091/; classtype:trojan-activity;sid:84219191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.221.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356090/; classtype:trojan-activity;sid:84219190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.104.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356089/; classtype:trojan-activity;sid:84219189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.71.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356088/; classtype:trojan-activity;sid:84219188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.68.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356087/; classtype:trojan-activity;sid:84219187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.238.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356086/; classtype:trojan-activity;sid:84219186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.162.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356085/; classtype:trojan-activity;sid:84219185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.222.96.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356084/; classtype:trojan-activity;sid:84219184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.66.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356083/; classtype:trojan-activity;sid:84219183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.92.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356082/; classtype:trojan-activity;sid:84219182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356081/; classtype:trojan-activity;sid:84219181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.150.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356080/; classtype:trojan-activity;sid:84219180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.164.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356079/; classtype:trojan-activity;sid:84219179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.108.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356078/; classtype:trojan-activity;sid:84219178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.150.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356077/; classtype:trojan-activity;sid:84219177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.240.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356076/; classtype:trojan-activity;sid:84219176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356075/; classtype:trojan-activity;sid:84219175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.71.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356074/; classtype:trojan-activity;sid:84219174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356073/; classtype:trojan-activity;sid:84219173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.189.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356072/; classtype:trojan-activity;sid:84219172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.198.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356070/; classtype:trojan-activity;sid:84219170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.208.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356071/; classtype:trojan-activity;sid:84219171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.190.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356069/; classtype:trojan-activity;sid:84219169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.191.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356068/; classtype:trojan-activity;sid:84219168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.92.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356067/; classtype:trojan-activity;sid:84219167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.151.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356066/; classtype:trojan-activity;sid:84219166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.102.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356065/; classtype:trojan-activity;sid:84219165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.208.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356064/; classtype:trojan-activity;sid:84219164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.66.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356063/; classtype:trojan-activity;sid:84219163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.167.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356061/; classtype:trojan-activity;sid:84219161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.233.33.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356062/; classtype:trojan-activity;sid:84219162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.169.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356060/; classtype:trojan-activity;sid:84219160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.147.66.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356058/; classtype:trojan-activity;sid:84219158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.62.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356059/; classtype:trojan-activity;sid:84219159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.112.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356057/; classtype:trojan-activity;sid:84219157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.81.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356056/; classtype:trojan-activity;sid:84219156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.197.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356055/; classtype:trojan-activity;sid:84219155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356053/; classtype:trojan-activity;sid:84219153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.93.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356054/; classtype:trojan-activity;sid:84219154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356052/; classtype:trojan-activity;sid:84219152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.77.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356051/; classtype:trojan-activity;sid:84219151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.88.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356050/; classtype:trojan-activity;sid:84219150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356049/; classtype:trojan-activity;sid:84219149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.158.158.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356048/; classtype:trojan-activity;sid:84219148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.99.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356047/; classtype:trojan-activity;sid:84219147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.114.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356046/; classtype:trojan-activity;sid:84219146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356045/; classtype:trojan-activity;sid:84219145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356044/; classtype:trojan-activity;sid:84219144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.150.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356043/; classtype:trojan-activity;sid:84219143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.160.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356042/; classtype:trojan-activity;sid:84219142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.52.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356041/; classtype:trojan-activity;sid:84219141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.198.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356040/; classtype:trojan-activity;sid:84219140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.240.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356039/; classtype:trojan-activity;sid:84219139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356038/; classtype:trojan-activity;sid:84219138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.191.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356037/; classtype:trojan-activity;sid:84219137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.62.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356036/; classtype:trojan-activity;sid:84219136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.112.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356035/; classtype:trojan-activity;sid:84219135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356034/; classtype:trojan-activity;sid:84219134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.197.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356033/; classtype:trojan-activity;sid:84219133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.63.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356032/; classtype:trojan-activity;sid:84219132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356031/; classtype:trojan-activity;sid:84219131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.97.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356030/; classtype:trojan-activity;sid:84219130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.230.227.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356029/; classtype:trojan-activity;sid:84219129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.197.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356028/; classtype:trojan-activity;sid:84219128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.212.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356027/; classtype:trojan-activity;sid:84219127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.198.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356026/; classtype:trojan-activity;sid:84219126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.197.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356025/; classtype:trojan-activity;sid:84219125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.186.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356023/; classtype:trojan-activity;sid:84219123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.236.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356024/; classtype:trojan-activity;sid:84219124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356022/; classtype:trojan-activity;sid:84219122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356021/; classtype:trojan-activity;sid:84219121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.21.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356020/; classtype:trojan-activity;sid:84219120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.107.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356019/; classtype:trojan-activity;sid:84219119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356018/; classtype:trojan-activity;sid:84219118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.167.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356017/; classtype:trojan-activity;sid:84219117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.233.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356016/; classtype:trojan-activity;sid:84219116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.224.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356014/; classtype:trojan-activity;sid:84219114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.62.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356015/; classtype:trojan-activity;sid:84219115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.212.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356013/; classtype:trojan-activity;sid:84219113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.201.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356012/; classtype:trojan-activity;sid:84219112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356011/; classtype:trojan-activity;sid:84219111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.162.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356010/; classtype:trojan-activity;sid:84219110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356009/; classtype:trojan-activity;sid:84219109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.236.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356008/; classtype:trojan-activity;sid:84219108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.125.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356007/; classtype:trojan-activity;sid:84219107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.21.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356006/; classtype:trojan-activity;sid:84219106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.224.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356005/; classtype:trojan-activity;sid:84219105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356004/; classtype:trojan-activity;sid:84219104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.175.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356001/; classtype:trojan-activity;sid:84219101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.167.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356002/; classtype:trojan-activity;sid:84219102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.254.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356003/; classtype:trojan-activity;sid:84219103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.170.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356000/; classtype:trojan-activity;sid:84219100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.87.177.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355999/; classtype:trojan-activity;sid:84219099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.119.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355998/; classtype:trojan-activity;sid:84219098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.158.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355997/; classtype:trojan-activity;sid:84219097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.17.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355996/; classtype:trojan-activity;sid:84219096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355995/; classtype:trojan-activity;sid:84219095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.227.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355994/; classtype:trojan-activity;sid:84219094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.41.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355993/; classtype:trojan-activity;sid:84219093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.170.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355992/; classtype:trojan-activity;sid:84219092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.236.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355991/; classtype:trojan-activity;sid:84219091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355990/; classtype:trojan-activity;sid:84219090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.186.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355989/; classtype:trojan-activity;sid:84219089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.175.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355988/; classtype:trojan-activity;sid:84219088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.170.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355986/; classtype:trojan-activity;sid:84219086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.81.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355987/; classtype:trojan-activity;sid:84219087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.82.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355985/; classtype:trojan-activity;sid:84219085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.202.243.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355984/; classtype:trojan-activity;sid:84219084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.168.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355983/; classtype:trojan-activity;sid:84219083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.86.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355981/; classtype:trojan-activity;sid:84219081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.104.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355982/; classtype:trojan-activity;sid:84219082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.201.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355980/; classtype:trojan-activity;sid:84219080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355979/; classtype:trojan-activity;sid:84219079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.227.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355978/; classtype:trojan-activity;sid:84219078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.216.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355975/; classtype:trojan-activity;sid:84219075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.108.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355976/; classtype:trojan-activity;sid:84219076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355977)"; flow:established,from_client; content:"GET"; http_method; content:"/sdii64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355977/; classtype:trojan-activity;sid:84219077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.186.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355974/; classtype:trojan-activity;sid:84219074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355973/; classtype:trojan-activity;sid:84219073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.162.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355972/; classtype:trojan-activity;sid:84219072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.78.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355971/; classtype:trojan-activity;sid:84219071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.247.128.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355970/; classtype:trojan-activity;sid:84219070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.167.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355968/; classtype:trojan-activity;sid:84219068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.211.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355969/; classtype:trojan-activity;sid:84219069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.216.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355965/; classtype:trojan-activity;sid:84219065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.81.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355966/; classtype:trojan-activity;sid:84219066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355967/; classtype:trojan-activity;sid:84219067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.53.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355964/; classtype:trojan-activity;sid:84219064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.8.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355963/; classtype:trojan-activity;sid:84219063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.234.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355962/; classtype:trojan-activity;sid:84219062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.130.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355961/; classtype:trojan-activity;sid:84219061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.39.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355960/; classtype:trojan-activity;sid:84219060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.104.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355959/; classtype:trojan-activity;sid:84219059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.120.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355958/; classtype:trojan-activity;sid:84219058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355957/; classtype:trojan-activity;sid:84219057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.207.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355956/; classtype:trojan-activity;sid:84219056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355955/; classtype:trojan-activity;sid:84219055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.243.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355954/; classtype:trojan-activity;sid:84219054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.167.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355953/; classtype:trojan-activity;sid:84219053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.11.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355952/; classtype:trojan-activity;sid:84219052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.147.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355947/; classtype:trojan-activity;sid:84219047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.17.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355948/; classtype:trojan-activity;sid:84219048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.242.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355949/; classtype:trojan-activity;sid:84219049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355950/; classtype:trojan-activity;sid:84219050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.70.80.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355951/; classtype:trojan-activity;sid:84219051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.201.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355946/; classtype:trojan-activity;sid:84219046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.78.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355945/; classtype:trojan-activity;sid:84219045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.101.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355944/; classtype:trojan-activity;sid:84219044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.130.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355941/; classtype:trojan-activity;sid:84219041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.48.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355942/; classtype:trojan-activity;sid:84219042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.17.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355943/; classtype:trojan-activity;sid:84219043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355940)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.242.81.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355940/; classtype:trojan-activity;sid:84219040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355939/; classtype:trojan-activity;sid:84219039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.234.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355936/; classtype:trojan-activity;sid:84219036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.179.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355937/; classtype:trojan-activity;sid:84219037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.211"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355938/; classtype:trojan-activity;sid:84219038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.234.43.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355935/; classtype:trojan-activity;sid:84219035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.239.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355931/; classtype:trojan-activity;sid:84219031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355932/; classtype:trojan-activity;sid:84219032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.121.2.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355933/; classtype:trojan-activity;sid:84219033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355934/; classtype:trojan-activity;sid:84219034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.205.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355930/; classtype:trojan-activity;sid:84219030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.32.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355929/; classtype:trojan-activity;sid:84219029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.196.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355928/; classtype:trojan-activity;sid:84219028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355927/; classtype:trojan-activity;sid:84219027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.70.80.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355926/; classtype:trojan-activity;sid:84219026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.211.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355925/; classtype:trojan-activity;sid:84219025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.29.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355923/; classtype:trojan-activity;sid:84219023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.101.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355924/; classtype:trojan-activity;sid:84219024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.173.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355922/; classtype:trojan-activity;sid:84219022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355921/; classtype:trojan-activity;sid:84219021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.53.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355920/; classtype:trojan-activity;sid:84219020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.207.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355919/; classtype:trojan-activity;sid:84219019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355916/; classtype:trojan-activity;sid:84219016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.73.217.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355917/; classtype:trojan-activity;sid:84219017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.147.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355918/; classtype:trojan-activity;sid:84219018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.9.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355915/; classtype:trojan-activity;sid:84219015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.107.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355914/; classtype:trojan-activity;sid:84219014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.142.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355913/; classtype:trojan-activity;sid:84219013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.148.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355912/; classtype:trojan-activity;sid:84219012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.78.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355910/; classtype:trojan-activity;sid:84219010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.252.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355911/; classtype:trojan-activity;sid:84219011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.88.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355909/; classtype:trojan-activity;sid:84219009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355907/; classtype:trojan-activity;sid:84219007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.242.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355908/; classtype:trojan-activity;sid:84219008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355906/; classtype:trojan-activity;sid:84219006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.48.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355905/; classtype:trojan-activity;sid:84219005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.234.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355904/; classtype:trojan-activity;sid:84219004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355903/; classtype:trojan-activity;sid:84219003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.193.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355902/; classtype:trojan-activity;sid:84219002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.3.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355901/; classtype:trojan-activity;sid:84219001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355900/; classtype:trojan-activity;sid:84219000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355899/; classtype:trojan-activity;sid:84218999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.12.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355898/; classtype:trojan-activity;sid:84218998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.66.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355897/; classtype:trojan-activity;sid:84218997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.172.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355896/; classtype:trojan-activity;sid:84218996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355895/; classtype:trojan-activity;sid:84218995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.110.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355893/; classtype:trojan-activity;sid:84218993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.29.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355894/; classtype:trojan-activity;sid:84218994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.73.217.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355892/; classtype:trojan-activity;sid:84218992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.142.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355891/; classtype:trojan-activity;sid:84218991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.66.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355890/; classtype:trojan-activity;sid:84218990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.25.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355889/; classtype:trojan-activity;sid:84218989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355888/; classtype:trojan-activity;sid:84218988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.200.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355887/; classtype:trojan-activity;sid:84218987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.128.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355885/; classtype:trojan-activity;sid:84218985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.147.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355886/; classtype:trojan-activity;sid:84218986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.4.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355884/; classtype:trojan-activity;sid:84218984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.252.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355883/; classtype:trojan-activity;sid:84218983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.192.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355882/; classtype:trojan-activity;sid:84218982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.88.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355881/; classtype:trojan-activity;sid:84218981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.21.108.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355880/; classtype:trojan-activity;sid:84218980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355879/; classtype:trojan-activity;sid:84218979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.234.168.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355878/; classtype:trojan-activity;sid:84218978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.125.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355877/; classtype:trojan-activity;sid:84218977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355876/; classtype:trojan-activity;sid:84218976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.207.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355874/; classtype:trojan-activity;sid:84218974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.84.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355875/; classtype:trojan-activity;sid:84218975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.74.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355873/; classtype:trojan-activity;sid:84218973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.9.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355872/; classtype:trojan-activity;sid:84218972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.183.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355871/; classtype:trojan-activity;sid:84218971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.20.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355870/; classtype:trojan-activity;sid:84218970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.46.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355868/; classtype:trojan-activity;sid:84218968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.193.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355869/; classtype:trojan-activity;sid:84218969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355867/; classtype:trojan-activity;sid:84218967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.101.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355866/; classtype:trojan-activity;sid:84218966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.207.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355865/; classtype:trojan-activity;sid:84218965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.4.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355863/; classtype:trojan-activity;sid:84218963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.128.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355864/; classtype:trojan-activity;sid:84218964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.197.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355861/; classtype:trojan-activity;sid:84218961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.166.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355862/; classtype:trojan-activity;sid:84218962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.25.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355860/; classtype:trojan-activity;sid:84218960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.26.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355858/; classtype:trojan-activity;sid:84218958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355859/; classtype:trojan-activity;sid:84218959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.13.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355857/; classtype:trojan-activity;sid:84218957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.25.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355856/; classtype:trojan-activity;sid:84218956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.61.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355855/; classtype:trojan-activity;sid:84218955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355854/; classtype:trojan-activity;sid:84218954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.229.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355853/; classtype:trojan-activity;sid:84218953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355851/; classtype:trojan-activity;sid:84218951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355852/; classtype:trojan-activity;sid:84218952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.111.16.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355850/; classtype:trojan-activity;sid:84218950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355849/; classtype:trojan-activity;sid:84218949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355848/; classtype:trojan-activity;sid:84218948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.146.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355846/; classtype:trojan-activity;sid:84218946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.134.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355847/; classtype:trojan-activity;sid:84218947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.163.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355845/; classtype:trojan-activity;sid:84218945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.146.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355844/; classtype:trojan-activity;sid:84218944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355842/; classtype:trojan-activity;sid:84218942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.7.178"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355843/; classtype:trojan-activity;sid:84218943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.192.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355841/; classtype:trojan-activity;sid:84218941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.218.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355840/; classtype:trojan-activity;sid:84218940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355839/; classtype:trojan-activity;sid:84218939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.134.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355838/; classtype:trojan-activity;sid:84218938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.190.232.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355837/; classtype:trojan-activity;sid:84218937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355836/; classtype:trojan-activity;sid:84218936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.207.138.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355835/; classtype:trojan-activity;sid:84218935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.219.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355834/; classtype:trojan-activity;sid:84218934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355833/; classtype:trojan-activity;sid:84218933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.101.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355832/; classtype:trojan-activity;sid:84218932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.19.252"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355831/; classtype:trojan-activity;sid:84218931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.95.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355830/; classtype:trojan-activity;sid:84218930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355829/; classtype:trojan-activity;sid:84218929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.163.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355828/; classtype:trojan-activity;sid:84218928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.135.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355825/; classtype:trojan-activity;sid:84218925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.28.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355826/; classtype:trojan-activity;sid:84218926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.146.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355827/; classtype:trojan-activity;sid:84218927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.38.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355824/; classtype:trojan-activity;sid:84218924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.8.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355823/; classtype:trojan-activity;sid:84218923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.146.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355822/; classtype:trojan-activity;sid:84218922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.10.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355821/; classtype:trojan-activity;sid:84218921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.41.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355820/; classtype:trojan-activity;sid:84218920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.225.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355819/; classtype:trojan-activity;sid:84218919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355818)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"qyf.sectors.bowentaxlaw.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355818/; classtype:trojan-activity;sid:84218918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.250.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355817/; classtype:trojan-activity;sid:84218917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.82.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355816/; classtype:trojan-activity;sid:84218916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355815/; classtype:trojan-activity;sid:84218915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.108.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355813/; classtype:trojan-activity;sid:84218913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.229.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355814/; classtype:trojan-activity;sid:84218914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.243.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355812/; classtype:trojan-activity;sid:84218912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.36.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355811/; classtype:trojan-activity;sid:84218911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355810/; classtype:trojan-activity;sid:84218910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.69.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355809/; classtype:trojan-activity;sid:84218909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.10.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355807/; classtype:trojan-activity;sid:84218907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.99.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355808/; classtype:trojan-activity;sid:84218908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.82.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355806/; classtype:trojan-activity;sid:84218906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.237.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355805/; classtype:trojan-activity;sid:84218905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.46.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355804/; classtype:trojan-activity;sid:84218904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.250.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355803/; classtype:trojan-activity;sid:84218903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.15.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355802/; classtype:trojan-activity;sid:84218902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.104.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355801/; classtype:trojan-activity;sid:84218901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.108.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355800/; classtype:trojan-activity;sid:84218900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.56.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355799/; classtype:trojan-activity;sid:84218899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355798)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.182.47.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355798/; classtype:trojan-activity;sid:84218898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.26.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355797/; classtype:trojan-activity;sid:84218897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.110.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355796/; classtype:trojan-activity;sid:84218896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.69.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355795/; classtype:trojan-activity;sid:84218895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.36.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355794/; classtype:trojan-activity;sid:84218894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.26.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355793/; classtype:trojan-activity;sid:84218893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355792/; classtype:trojan-activity;sid:84218892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.99.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355787/; classtype:trojan-activity;sid:84218887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.10.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355788/; classtype:trojan-activity;sid:84218888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355789/; classtype:trojan-activity;sid:84218889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.157.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355790/; classtype:trojan-activity;sid:84218890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3355791/; classtype:trojan-activity;sid:84218891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355786/; classtype:trojan-activity;sid:84218886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.93.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355785/; classtype:trojan-activity;sid:84218885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.131.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355784/; classtype:trojan-activity;sid:84218884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.31.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355783/; classtype:trojan-activity;sid:84218883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355782/; classtype:trojan-activity;sid:84218882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.21.81"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355781/; classtype:trojan-activity;sid:84218881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355780/; classtype:trojan-activity;sid:84218880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.10.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355779/; classtype:trojan-activity;sid:84218879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.211.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355777/; classtype:trojan-activity;sid:84218877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.205.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355778/; classtype:trojan-activity;sid:84218878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.3.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355776/; classtype:trojan-activity;sid:84218876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.215.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355775/; classtype:trojan-activity;sid:84218875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.85.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355774/; classtype:trojan-activity;sid:84218874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.251.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355773/; classtype:trojan-activity;sid:84218873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.110.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355772/; classtype:trojan-activity;sid:84218872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.153.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355771/; classtype:trojan-activity;sid:84218871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.31.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355770/; classtype:trojan-activity;sid:84218870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.143.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355769/; classtype:trojan-activity;sid:84218869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.198.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355768/; classtype:trojan-activity;sid:84218868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355767/; classtype:trojan-activity;sid:84218867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.45.56.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355766/; classtype:trojan-activity;sid:84218866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.191.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355764/; classtype:trojan-activity;sid:84218864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.41.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355765/; classtype:trojan-activity;sid:84218865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.109.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355763/; classtype:trojan-activity;sid:84218863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.62.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355762/; classtype:trojan-activity;sid:84218862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.158.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355761/; classtype:trojan-activity;sid:84218861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.63.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355760/; classtype:trojan-activity;sid:84218860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.31.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355758/; classtype:trojan-activity;sid:84218858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.252.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355759/; classtype:trojan-activity;sid:84218859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.3.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355757/; classtype:trojan-activity;sid:84218857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.85.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355756/; classtype:trojan-activity;sid:84218856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.4.108"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355755/; classtype:trojan-activity;sid:84218855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.251.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355754/; classtype:trojan-activity;sid:84218854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.252.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355753/; classtype:trojan-activity;sid:84218853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.191.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355750/; classtype:trojan-activity;sid:84218850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355751/; classtype:trojan-activity;sid:84218851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.135.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355752/; classtype:trojan-activity;sid:84218852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.198.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355749/; classtype:trojan-activity;sid:84218849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.41.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355748/; classtype:trojan-activity;sid:84218848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.125.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355747/; classtype:trojan-activity;sid:84218847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.234.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355746/; classtype:trojan-activity;sid:84218846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.243.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355745/; classtype:trojan-activity;sid:84218845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.28.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355744/; classtype:trojan-activity;sid:84218844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.211.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355743/; classtype:trojan-activity;sid:84218843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.4.108"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355742/; classtype:trojan-activity;sid:84218842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.91.105.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355741/; classtype:trojan-activity;sid:84218841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355740/; classtype:trojan-activity;sid:84218840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.195.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355739/; classtype:trojan-activity;sid:84218839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.253.80.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355738/; classtype:trojan-activity;sid:84218838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.26.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355737/; classtype:trojan-activity;sid:84218837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.192.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355736/; classtype:trojan-activity;sid:84218836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.94.154.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355735/; classtype:trojan-activity;sid:84218835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355734/; classtype:trojan-activity;sid:84218834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355733)"; flow:established,from_client; content:"GET"; http_method; content:"/ksj64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"stop.eye-network.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355733/; classtype:trojan-activity;sid:84218833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.234.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355732/; classtype:trojan-activity;sid:84218832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.178.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355731/; classtype:trojan-activity;sid:84218831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.79.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355730/; classtype:trojan-activity;sid:84218830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.69.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355729/; classtype:trojan-activity;sid:84218829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.2.36.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355727/; classtype:trojan-activity;sid:84218827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.231.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355728/; classtype:trojan-activity;sid:84218828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355726/; classtype:trojan-activity;sid:84218826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.166.43.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355725/; classtype:trojan-activity;sid:84218825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.97.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355724/; classtype:trojan-activity;sid:84218824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.22.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355722/; classtype:trojan-activity;sid:84218822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.73.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355723/; classtype:trojan-activity;sid:84218823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.40.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355721/; classtype:trojan-activity;sid:84218821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.51.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355718/; classtype:trojan-activity;sid:84218818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.86.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355719/; classtype:trojan-activity;sid:84218819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.174.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355720/; classtype:trojan-activity;sid:84218820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.169.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355717/; classtype:trojan-activity;sid:84218817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.231.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355716/; classtype:trojan-activity;sid:84218816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.36.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355715/; classtype:trojan-activity;sid:84218815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.27.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355714/; classtype:trojan-activity;sid:84218814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355713/; classtype:trojan-activity;sid:84218813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355712/; classtype:trojan-activity;sid:84218812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.39.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355711/; classtype:trojan-activity;sid:84218811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.2.36.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355710/; classtype:trojan-activity;sid:84218810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.218.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355709/; classtype:trojan-activity;sid:84218809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.46.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355708/; classtype:trojan-activity;sid:84218808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.97.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355707/; classtype:trojan-activity;sid:84218807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.166.43.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355706/; classtype:trojan-activity;sid:84218806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.181.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355705/; classtype:trojan-activity;sid:84218805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.70.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355704/; classtype:trojan-activity;sid:84218804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.60.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355703/; classtype:trojan-activity;sid:84218803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.88.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355701/; classtype:trojan-activity;sid:84218801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.40.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355702/; classtype:trojan-activity;sid:84218802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.51.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355700/; classtype:trojan-activity;sid:84218800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.136.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355699/; classtype:trojan-activity;sid:84218799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.36.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355698/; classtype:trojan-activity;sid:84218798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.159.247.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355697/; classtype:trojan-activity;sid:84218797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.105.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355696/; classtype:trojan-activity;sid:84218796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.60.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355695/; classtype:trojan-activity;sid:84218795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.46.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355694/; classtype:trojan-activity;sid:84218794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.181.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355693/; classtype:trojan-activity;sid:84218793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.20.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355692/; classtype:trojan-activity;sid:84218792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355691/; classtype:trojan-activity;sid:84218791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.6.1"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355690/; classtype:trojan-activity;sid:84218790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.169.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355688/; classtype:trojan-activity;sid:84218788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.146.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355689/; classtype:trojan-activity;sid:84218789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355686/; classtype:trojan-activity;sid:84218786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355687/; classtype:trojan-activity;sid:84218787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.36.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355685/; classtype:trojan-activity;sid:84218785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355683/; classtype:trojan-activity;sid:84218783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.55.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355684/; classtype:trojan-activity;sid:84218784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.147.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355682/; classtype:trojan-activity;sid:84218782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.158.158.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355681/; classtype:trojan-activity;sid:84218781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.255.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355680/; classtype:trojan-activity;sid:84218780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355679/; classtype:trojan-activity;sid:84218779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.170.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355678/; classtype:trojan-activity;sid:84218778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.42.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355677/; classtype:trojan-activity;sid:84218777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.73.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355676/; classtype:trojan-activity;sid:84218776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.118.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355675/; classtype:trojan-activity;sid:84218775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355674)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zmreb.patent.international-med.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355674/; classtype:trojan-activity;sid:84218774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355673/; classtype:trojan-activity;sid:84218773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.94.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355672/; classtype:trojan-activity;sid:84218772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.161.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355671/; classtype:trojan-activity;sid:84218771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.170.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355670/; classtype:trojan-activity;sid:84218770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.253.126.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355669/; classtype:trojan-activity;sid:84218769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.20.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355668/; classtype:trojan-activity;sid:84218768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.2.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355667/; classtype:trojan-activity;sid:84218767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.106.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355666/; classtype:trojan-activity;sid:84218766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.205.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355665/; classtype:trojan-activity;sid:84218765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355664/; classtype:trojan-activity;sid:84218764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.234.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355663/; classtype:trojan-activity;sid:84218763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.106.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355662/; classtype:trojan-activity;sid:84218762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.70.180.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355661/; classtype:trojan-activity;sid:84218761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.23.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355660/; classtype:trojan-activity;sid:84218760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.98.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355659/; classtype:trojan-activity;sid:84218759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.145.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355658/; classtype:trojan-activity;sid:84218758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.211.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355655/; classtype:trojan-activity;sid:84218755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.59.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355656/; classtype:trojan-activity;sid:84218756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.203.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355657/; classtype:trojan-activity;sid:84218757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.159.247.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355654/; classtype:trojan-activity;sid:84218754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.118.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355653/; classtype:trojan-activity;sid:84218753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.124.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355652/; classtype:trojan-activity;sid:84218752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.184.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355651/; classtype:trojan-activity;sid:84218751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.150.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355650/; classtype:trojan-activity;sid:84218750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.238.67.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355649/; classtype:trojan-activity;sid:84218749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.234.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355648/; classtype:trojan-activity;sid:84218748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.203.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355647/; classtype:trojan-activity;sid:84218747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.209.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355645/; classtype:trojan-activity;sid:84218745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355646/; classtype:trojan-activity;sid:84218746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.214.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355644/; classtype:trojan-activity;sid:84218744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.31.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355643/; classtype:trojan-activity;sid:84218743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355642/; classtype:trojan-activity;sid:84218742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.123.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355641/; classtype:trojan-activity;sid:84218741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.155.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355640/; classtype:trojan-activity;sid:84218740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.31.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355639/; classtype:trojan-activity;sid:84218739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.16.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355638/; classtype:trojan-activity;sid:84218738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.114.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355636/; classtype:trojan-activity;sid:84218736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355637)"; flow:established,from_client; content:"GET"; http_method; content:"/cmc.elf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"124.158.5.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355637/; classtype:trojan-activity;sid:84218737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.166.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355634/; classtype:trojan-activity;sid:84218734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.0.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355635/; classtype:trojan-activity;sid:84218735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.122.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355633/; classtype:trojan-activity;sid:84218733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.167.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355632/; classtype:trojan-activity;sid:84218732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.171.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355631/; classtype:trojan-activity;sid:84218731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.16.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355630/; classtype:trojan-activity;sid:84218730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.123.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355629/; classtype:trojan-activity;sid:84218729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.215.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355628/; classtype:trojan-activity;sid:84218728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.200.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355627/; classtype:trojan-activity;sid:84218727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.10.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355625/; classtype:trojan-activity;sid:84218725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.122.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355626/; classtype:trojan-activity;sid:84218726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.70.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355622/; classtype:trojan-activity;sid:84218722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.60.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355623/; classtype:trojan-activity;sid:84218723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.211.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355624/; classtype:trojan-activity;sid:84218724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.114.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355620/; classtype:trojan-activity;sid:84218720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.155.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355621/; classtype:trojan-activity;sid:84218721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.167.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355619/; classtype:trojan-activity;sid:84218719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.144.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355618/; classtype:trojan-activity;sid:84218718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.167.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355617/; classtype:trojan-activity;sid:84218717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.142.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355616/; classtype:trojan-activity;sid:84218716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355613)"; flow:established,from_client; content:"GET"; http_method; content:"/xxx.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"66.225.254.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355613/; classtype:trojan-activity;sid:84218713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355614)"; flow:established,from_client; content:"GET"; http_method; content:"/x.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.225.254.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355614/; classtype:trojan-activity;sid:84218714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.215.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355615/; classtype:trojan-activity;sid:84218715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355611)"; flow:established,from_client; content:"GET"; http_method; content:"/update.woff"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.234.22.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355611/; classtype:trojan-activity;sid:84218711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355610)"; flow:established,from_client; content:"GET"; http_method; content:"/beax.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.87.10.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355610/; classtype:trojan-activity;sid:84218710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355609)"; flow:established,from_client; content:"GET"; http_method; content:"/master"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.87.10.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355609/; classtype:trojan-activity;sid:84218709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355607)"; flow:established,from_client; content:"GET"; http_method; content:"/test.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.174.247.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355607/; classtype:trojan-activity;sid:84218707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355608)"; flow:established,from_client; content:"GET"; http_method; content:"/mk.png"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.174.247.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355608/; classtype:trojan-activity;sid:84218708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.122.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355606/; classtype:trojan-activity;sid:84218706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355605)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.174.247.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355605/; classtype:trojan-activity;sid:84218705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355604)"; flow:established,from_client; content:"GET"; http_method; content:"/fontawesome.woff"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"secure.cloudtechnologiesusa.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355604/; classtype:trojan-activity;sid:84218704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355602)"; flow:established,from_client; content:"GET"; http_method; content:"/java3.5.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"165.227.47.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355602/; classtype:trojan-activity;sid:84218702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355603)"; flow:established,from_client; content:"GET"; http_method; content:"/penguin.tar.gz"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.227.47.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355603/; classtype:trojan-activity;sid:84218703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.176.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355601/; classtype:trojan-activity;sid:84218701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.103.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355600/; classtype:trojan-activity;sid:84218700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355599)"; flow:established,from_client; content:"GET"; http_method; content:"/fgsd1/gg/-/raw/main/fga1312.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355599/; classtype:trojan-activity;sid:84218699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355595)"; flow:established,from_client; content:"GET"; http_method; content:"/fgsd1/gg/-/raw/main/garsdgwqa13de.bat"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355595/; classtype:trojan-activity;sid:84218695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355596)"; flow:established,from_client; content:"GET"; http_method; content:"/fgsd1/gg/-/raw/main/jhsdfggga13.bat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355596/; classtype:trojan-activity;sid:84218696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355597)"; flow:established,from_client; content:"GET"; http_method; content:"/fgsd1/gg/-/raw/main/hngarm13de02.bat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355597/; classtype:trojan-activity;sid:84218697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355598)"; flow:established,from_client; content:"GET"; http_method; content:"/fgsd1/gg/-/raw/main/sldkjgsdgarde3.bat"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355598/; classtype:trojan-activity;sid:84218698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355594)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.12.5.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355594/; classtype:trojan-activity;sid:84218694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.24.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355593/; classtype:trojan-activity;sid:84218693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.171.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355592/; classtype:trojan-activity;sid:84218692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355591/; classtype:trojan-activity;sid:84218691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.142.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355590/; classtype:trojan-activity;sid:84218690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.2.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355589/; classtype:trojan-activity;sid:84218689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.167.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355588/; classtype:trojan-activity;sid:84218688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.179.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355587/; classtype:trojan-activity;sid:84218687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.18.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355586/; classtype:trojan-activity;sid:84218686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.197.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355585/; classtype:trojan-activity;sid:84218685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.162.36.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355583/; classtype:trojan-activity;sid:84218683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.54.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355584/; classtype:trojan-activity;sid:84218684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355582/; classtype:trojan-activity;sid:84218682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.137.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355581/; classtype:trojan-activity;sid:84218681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.111.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355579/; classtype:trojan-activity;sid:84218679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.152.3.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355580/; classtype:trojan-activity;sid:84218680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.144.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355578/; classtype:trojan-activity;sid:84218678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.60.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355577/; classtype:trojan-activity;sid:84218677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.218.192.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355576/; classtype:trojan-activity;sid:84218676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.179.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355575/; classtype:trojan-activity;sid:84218675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355574/; classtype:trojan-activity;sid:84218674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.0.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355573/; classtype:trojan-activity;sid:84218673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.197.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355572/; classtype:trojan-activity;sid:84218672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.222.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355571/; classtype:trojan-activity;sid:84218671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.112.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355570/; classtype:trojan-activity;sid:84218670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355569/; classtype:trojan-activity;sid:84218669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.130.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355568/; classtype:trojan-activity;sid:84218668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.162.36.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355567/; classtype:trojan-activity;sid:84218667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.218.192.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355566/; classtype:trojan-activity;sid:84218666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.212.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355565/; classtype:trojan-activity;sid:84218665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.54.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355564/; classtype:trojan-activity;sid:84218664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.42.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355563/; classtype:trojan-activity;sid:84218663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.241.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355562/; classtype:trojan-activity;sid:84218662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.184.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355561/; classtype:trojan-activity;sid:84218661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355560/; classtype:trojan-activity;sid:84218660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.200.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355559/; classtype:trojan-activity;sid:84218659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355558/; classtype:trojan-activity;sid:84218658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.96.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355557/; classtype:trojan-activity;sid:84218657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.42.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355556/; classtype:trojan-activity;sid:84218656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.46.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355555/; classtype:trojan-activity;sid:84218655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.77.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355554/; classtype:trojan-activity;sid:84218654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.16.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355553/; classtype:trojan-activity;sid:84218653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.184.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355552/; classtype:trojan-activity;sid:84218652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.254.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355551/; classtype:trojan-activity;sid:84218651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.222.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355550/; classtype:trojan-activity;sid:84218650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.130.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355549/; classtype:trojan-activity;sid:84218649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355543)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rqshzg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355543/; classtype:trojan-activity;sid:84218643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355544)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbjhce.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355544/; classtype:trojan-activity;sid:84218644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355545)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zsnceq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355545/; classtype:trojan-activity;sid:84218645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355546)"; flow:established,from_client; content:"GET"; http_method; content:"/js/acvixr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355546/; classtype:trojan-activity;sid:84218646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355547)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gursxj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355547/; classtype:trojan-activity;sid:84218647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355548)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nwuapj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355548/; classtype:trojan-activity;sid:84218648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355538)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ylxgbf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355538/; classtype:trojan-activity;sid:84218638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355539)"; flow:established,from_client; content:"GET"; http_method; content:"/js/htgmbl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355539/; classtype:trojan-activity;sid:84218639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355540)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iuoavk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355540/; classtype:trojan-activity;sid:84218640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355541)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbjhce.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355541/; classtype:trojan-activity;sid:84218641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355542)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dnujfr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355542/; classtype:trojan-activity;sid:84218642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355530)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cjdams.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355530/; classtype:trojan-activity;sid:84218630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355531)"; flow:established,from_client; content:"GET"; http_method; content:"/js/knrhej.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355531/; classtype:trojan-activity;sid:84218631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355532)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pucqej.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355532/; classtype:trojan-activity;sid:84218632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355533)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfbjax.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355533/; classtype:trojan-activity;sid:84218633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355534)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jmhwni.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355534/; classtype:trojan-activity;sid:84218634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355535)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djugez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355535/; classtype:trojan-activity;sid:84218635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355536)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvdkzp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355536/; classtype:trojan-activity;sid:84218636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355537)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gltihe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355537/; classtype:trojan-activity;sid:84218637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355521)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fideyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355521/; classtype:trojan-activity;sid:84218621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355522)"; flow:established,from_client; content:"GET"; http_method; content:"/js/heimgs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355522/; classtype:trojan-activity;sid:84218622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355523)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wrhpzg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355523/; classtype:trojan-activity;sid:84218623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355524)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmxdhq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355524/; classtype:trojan-activity;sid:84218624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355525)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dpygbo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355525/; classtype:trojan-activity;sid:84218625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355526)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sejdtf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355526/; classtype:trojan-activity;sid:84218626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355527)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cmhniy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355527/; classtype:trojan-activity;sid:84218627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355528)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yobkea.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355528/; classtype:trojan-activity;sid:84218628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355529)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iauyko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355529/; classtype:trojan-activity;sid:84218629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355514)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cwalbf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355514/; classtype:trojan-activity;sid:84218614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355515)"; flow:established,from_client; content:"GET"; http_method; content:"/js/urvxpw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355515/; classtype:trojan-activity;sid:84218615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355516)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kwbgoa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355516/; classtype:trojan-activity;sid:84218616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355517)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bjenhx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355517/; classtype:trojan-activity;sid:84218617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355518)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nwumxg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355518/; classtype:trojan-activity;sid:84218618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355519)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wrsytn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355519/; classtype:trojan-activity;sid:84218619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355520)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zkwlug.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355520/; classtype:trojan-activity;sid:84218620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355509)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yhilkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355509/; classtype:trojan-activity;sid:84218609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355510)"; flow:established,from_client; content:"GET"; http_method; content:"/js/urvtzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355510/; classtype:trojan-activity;sid:84218610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355511)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhcjmq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355511/; classtype:trojan-activity;sid:84218611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355512)"; flow:established,from_client; content:"GET"; http_method; content:"/js/alzcqd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355512/; classtype:trojan-activity;sid:84218612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355513)"; flow:established,from_client; content:"GET"; http_method; content:"/js/etbxhs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355513/; classtype:trojan-activity;sid:84218613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355504)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qyzfwx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355504/; classtype:trojan-activity;sid:84218604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355505)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ekfmtr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355505/; classtype:trojan-activity;sid:84218605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355506)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdcbli.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355506/; classtype:trojan-activity;sid:84218606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355507)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xwolzf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355507/; classtype:trojan-activity;sid:84218607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355508)"; flow:established,from_client; content:"GET"; http_method; content:"/js/brmcuo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355508/; classtype:trojan-activity;sid:84218608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355502)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qynjiu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355502/; classtype:trojan-activity;sid:84218602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355503)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cgemlk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355503/; classtype:trojan-activity;sid:84218603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355501)"; flow:established,from_client; content:"GET"; http_method; content:"/js/urewih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355501/; classtype:trojan-activity;sid:84218601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355499)"; flow:established,from_client; content:"GET"; http_method; content:"/js/urvxpw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355499/; classtype:trojan-activity;sid:84218599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355500)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpsgaq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355500/; classtype:trojan-activity;sid:84218600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355496)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fqknxe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355496/; classtype:trojan-activity;sid:84218596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355497)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sobque.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355497/; classtype:trojan-activity;sid:84218597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355498)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qdaszh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355498/; classtype:trojan-activity;sid:84218598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355488)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gpcqwm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355488/; classtype:trojan-activity;sid:84218588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355489)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qxnjci.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355489/; classtype:trojan-activity;sid:84218589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355490)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rqkvhn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355490/; classtype:trojan-activity;sid:84218590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355491)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iuoavk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355491/; classtype:trojan-activity;sid:84218591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355492)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mzxpbv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355492/; classtype:trojan-activity;sid:84218592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355493)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucbsfr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355493/; classtype:trojan-activity;sid:84218593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355494)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rtkdwb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355494/; classtype:trojan-activity;sid:84218594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355495)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixufoz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355495/; classtype:trojan-activity;sid:84218595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355481)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hijwpt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355481/; classtype:trojan-activity;sid:84218581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355482)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkbzrh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355482/; classtype:trojan-activity;sid:84218582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355483)"; flow:established,from_client; content:"GET"; http_method; content:"/js/otcqfm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355483/; classtype:trojan-activity;sid:84218583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355484)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uaobrk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355484/; classtype:trojan-activity;sid:84218584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355485)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mndkue.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355485/; classtype:trojan-activity;sid:84218585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355486)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yhilkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355486/; classtype:trojan-activity;sid:84218586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355487)"; flow:established,from_client; content:"GET"; http_method; content:"/js/acosvb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355487/; classtype:trojan-activity;sid:84218587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355473)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wsgoml.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355473/; classtype:trojan-activity;sid:84218573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355474)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gwthjv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355474/; classtype:trojan-activity;sid:84218574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355475)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftrkab.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355475/; classtype:trojan-activity;sid:84218575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355476)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fwsovh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355476/; classtype:trojan-activity;sid:84218576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355477)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eumhxy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355477/; classtype:trojan-activity;sid:84218577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355478)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iecrax.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355478/; classtype:trojan-activity;sid:84218578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355479)"; flow:established,from_client; content:"GET"; http_method; content:"/js/einfto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355479/; classtype:trojan-activity;sid:84218579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355480)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dnyaje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355480/; classtype:trojan-activity;sid:84218580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355467)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cjdams.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355467/; classtype:trojan-activity;sid:84218567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355468)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vlconi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355468/; classtype:trojan-activity;sid:84218568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355469)"; flow:established,from_client; content:"GET"; http_method; content:"/js/islqym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355469/; classtype:trojan-activity;sid:84218569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355470)"; flow:established,from_client; content:"GET"; http_method; content:"/js/olmdcw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355470/; classtype:trojan-activity;sid:84218570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355471)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qdymkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355471/; classtype:trojan-activity;sid:84218571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355472)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dzlgtx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355472/; classtype:trojan-activity;sid:84218572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355465)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhxjmt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355465/; classtype:trojan-activity;sid:84218565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355466)"; flow:established,from_client; content:"GET"; http_method; content:"/js/misjhz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355466/; classtype:trojan-activity;sid:84218566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355463)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvfuyt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355463/; classtype:trojan-activity;sid:84218563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355464)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ugkcma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355464/; classtype:trojan-activity;sid:84218564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355462)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tmzyks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355462/; classtype:trojan-activity;sid:84218562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355461)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aehois.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355461/; classtype:trojan-activity;sid:84218561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355452)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjpqax.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355452/; classtype:trojan-activity;sid:84218552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355453)"; flow:established,from_client; content:"GET"; http_method; content:"/js/puysej.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355453/; classtype:trojan-activity;sid:84218553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355454)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nzoyfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355454/; classtype:trojan-activity;sid:84218554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355455)"; flow:established,from_client; content:"GET"; http_method; content:"/js/drawbz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355455/; classtype:trojan-activity;sid:84218555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355456)"; flow:established,from_client; content:"GET"; http_method; content:"/js/olafpy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355456/; classtype:trojan-activity;sid:84218556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355457)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zhijyx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355457/; classtype:trojan-activity;sid:84218557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355458)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gpcqwm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355458/; classtype:trojan-activity;sid:84218558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355459)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qysdje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355459/; classtype:trojan-activity;sid:84218559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355460)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjetif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355460/; classtype:trojan-activity;sid:84218560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355441)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bsyhel.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355441/; classtype:trojan-activity;sid:84218541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355442)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbhrfa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355442/; classtype:trojan-activity;sid:84218542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355443)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yzdrmq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355443/; classtype:trojan-activity;sid:84218543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355444)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bmntfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355444/; classtype:trojan-activity;sid:84218544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355445)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hibsjo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355445/; classtype:trojan-activity;sid:84218545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355446)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zwoiju.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355446/; classtype:trojan-activity;sid:84218546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355447)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jdvxrl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355447/; classtype:trojan-activity;sid:84218547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355448)"; flow:established,from_client; content:"GET"; http_method; content:"/js/czoahi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355448/; classtype:trojan-activity;sid:84218548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355449)"; flow:established,from_client; content:"GET"; http_method; content:"/js/phgsfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355449/; classtype:trojan-activity;sid:84218549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355450)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sldvou.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355450/; classtype:trojan-activity;sid:84218550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355451)"; flow:established,from_client; content:"GET"; http_method; content:"/js/advkwe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355451/; classtype:trojan-activity;sid:84218551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355427)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ckjhao.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355427/; classtype:trojan-activity;sid:84218527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355428)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hibsjo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355428/; classtype:trojan-activity;sid:84218528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355429)"; flow:established,from_client; content:"GET"; http_method; content:"/js/umacjk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355429/; classtype:trojan-activity;sid:84218529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355430)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jykaos.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355430/; classtype:trojan-activity;sid:84218530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355431)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nwuapj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355431/; classtype:trojan-activity;sid:84218531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355432)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdcbli.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355432/; classtype:trojan-activity;sid:84218532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355433)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pfvcmo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355433/; classtype:trojan-activity;sid:84218533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355434)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kezaoy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355434/; classtype:trojan-activity;sid:84218534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355435)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kepxut.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355435/; classtype:trojan-activity;sid:84218535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355436)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kgpeij.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355436/; classtype:trojan-activity;sid:84218536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355437)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wduqre.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355437/; classtype:trojan-activity;sid:84218537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355438)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kehfow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355438/; classtype:trojan-activity;sid:84218538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355439)"; flow:established,from_client; content:"GET"; http_method; content:"/js/guclef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355439/; classtype:trojan-activity;sid:84218539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355440)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eynpaf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355440/; classtype:trojan-activity;sid:84218540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355425)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhpiem.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355425/; classtype:trojan-activity;sid:84218525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355426)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yzdrmq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355426/; classtype:trojan-activity;sid:84218526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355422)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fjcdei.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355422/; classtype:trojan-activity;sid:84218522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355423)"; flow:established,from_client; content:"GET"; http_method; content:"/js/axtfwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355423/; classtype:trojan-activity;sid:84218523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355424)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gzuktd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355424/; classtype:trojan-activity;sid:84218524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355420)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oukrae.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355420/; classtype:trojan-activity;sid:84218520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355421)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pauzmd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355421/; classtype:trojan-activity;sid:84218521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355415)"; flow:established,from_client; content:"GET"; http_method; content:"/js/libtoj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355415/; classtype:trojan-activity;sid:84218515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355416)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvfuyt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355416/; classtype:trojan-activity;sid:84218516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355417)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skbvxr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355417/; classtype:trojan-activity;sid:84218517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355418)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zowbnf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355418/; classtype:trojan-activity;sid:84218518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.77.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355419/; classtype:trojan-activity;sid:84218519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355402)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzmdlk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355402/; classtype:trojan-activity;sid:84218502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355403)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sfgmwc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355403/; classtype:trojan-activity;sid:84218503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355404)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bynwiz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355404/; classtype:trojan-activity;sid:84218504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355405)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cuzyrn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355405/; classtype:trojan-activity;sid:84218505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355406)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ylcoep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355406/; classtype:trojan-activity;sid:84218506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355407)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lgjyfs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355407/; classtype:trojan-activity;sid:84218507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355408)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ahtkco.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355408/; classtype:trojan-activity;sid:84218508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355409)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eynpaf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355409/; classtype:trojan-activity;sid:84218509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355410)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kegiqp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355410/; classtype:trojan-activity;sid:84218510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355411)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ihmwqr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355411/; classtype:trojan-activity;sid:84218511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355412)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wmzudk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355412/; classtype:trojan-activity;sid:84218512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355413)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fqknxe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355413/; classtype:trojan-activity;sid:84218513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355414)"; flow:established,from_client; content:"GET"; http_method; content:"/js/brvcon.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355414/; classtype:trojan-activity;sid:84218514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355387)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kbmfje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355387/; classtype:trojan-activity;sid:84218487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355388)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzmdlk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355388/; classtype:trojan-activity;sid:84218488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355389)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dlerac.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355389/; classtype:trojan-activity;sid:84218489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355390)"; flow:established,from_client; content:"GET"; http_method; content:"/js/urvtzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355390/; classtype:trojan-activity;sid:84218490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355391)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nxuslb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355391/; classtype:trojan-activity;sid:84218491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355392)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtdkap.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355392/; classtype:trojan-activity;sid:84218492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355393)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tasxbp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355393/; classtype:trojan-activity;sid:84218493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355394)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ymduqh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355394/; classtype:trojan-activity;sid:84218494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355395)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fwckyt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355395/; classtype:trojan-activity;sid:84218495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355396)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kvjida.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355396/; classtype:trojan-activity;sid:84218496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355397)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tcugad.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355397/; classtype:trojan-activity;sid:84218497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355398)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bckimf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355398/; classtype:trojan-activity;sid:84218498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355399)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aviloh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355399/; classtype:trojan-activity;sid:84218499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355400)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zciruy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355400/; classtype:trojan-activity;sid:84218500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355401)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jzkcvs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355401/; classtype:trojan-activity;sid:84218501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355383)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qxnjci.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355383/; classtype:trojan-activity;sid:84218483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355384)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qotmlf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355384/; classtype:trojan-activity;sid:84218484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355385)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltiqpf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355385/; classtype:trojan-activity;sid:84218485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355386)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyenkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355386/; classtype:trojan-activity;sid:84218486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355382)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dqetif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355382/; classtype:trojan-activity;sid:84218482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355381)"; flow:established,from_client; content:"GET"; http_method; content:"/js/srfhnu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355381/; classtype:trojan-activity;sid:84218481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355374)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chzwis.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355374/; classtype:trojan-activity;sid:84218474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355375)"; flow:established,from_client; content:"GET"; http_method; content:"/js/axyohf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355375/; classtype:trojan-activity;sid:84218475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355376)"; flow:established,from_client; content:"GET"; http_method; content:"/js/raylkw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355376/; classtype:trojan-activity;sid:84218476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355377)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vbjzsq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355377/; classtype:trojan-activity;sid:84218477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355378)"; flow:established,from_client; content:"GET"; http_method; content:"/js/maoqud.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355378/; classtype:trojan-activity;sid:84218478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355379)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cwuspz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355379/; classtype:trojan-activity;sid:84218479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355380)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nsujfq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355380/; classtype:trojan-activity;sid:84218480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355364)"; flow:established,from_client; content:"GET"; http_method; content:"/js/poalxr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355364/; classtype:trojan-activity;sid:84218464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355365)"; flow:established,from_client; content:"GET"; http_method; content:"/js/spvbid.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355365/; classtype:trojan-activity;sid:84218465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355366)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbxril.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355366/; classtype:trojan-activity;sid:84218466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355367)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbgkrq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355367/; classtype:trojan-activity;sid:84218467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355368)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zmugrb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355368/; classtype:trojan-activity;sid:84218468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355369)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qnscho.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355369/; classtype:trojan-activity;sid:84218469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355370)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmyhfa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355370/; classtype:trojan-activity;sid:84218470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355371)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dzlgtx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355371/; classtype:trojan-activity;sid:84218471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355372)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkgytd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355372/; classtype:trojan-activity;sid:84218472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355373)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kgpeij.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355373/; classtype:trojan-activity;sid:84218473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355359)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wguzsb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355359/; classtype:trojan-activity;sid:84218459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355360)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gpxfac.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355360/; classtype:trojan-activity;sid:84218460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355361)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vejaul.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355361/; classtype:trojan-activity;sid:84218461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355362)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ojnzqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355362/; classtype:trojan-activity;sid:84218462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355363)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qatnpf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355363/; classtype:trojan-activity;sid:84218463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355345)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bnsqhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355345/; classtype:trojan-activity;sid:84218445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355346)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmyhfa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355346/; classtype:trojan-activity;sid:84218446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355347)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ocdngb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355347/; classtype:trojan-activity;sid:84218447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355348)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rlzpin.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355348/; classtype:trojan-activity;sid:84218448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355349)"; flow:established,from_client; content:"GET"; http_method; content:"/js/plmrui.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355349/; classtype:trojan-activity;sid:84218449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355350)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xymdwu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355350/; classtype:trojan-activity;sid:84218450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355351)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zkwlug.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355351/; classtype:trojan-activity;sid:84218451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355352)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zlumay.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355352/; classtype:trojan-activity;sid:84218452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355353)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vakynh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355353/; classtype:trojan-activity;sid:84218453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355354)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jmhwni.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355354/; classtype:trojan-activity;sid:84218454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355355)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hzbaco.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355355/; classtype:trojan-activity;sid:84218455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355356)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gihkob.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355356/; classtype:trojan-activity;sid:84218456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355357)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mndbuf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355357/; classtype:trojan-activity;sid:84218457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355358)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucbsfr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355358/; classtype:trojan-activity;sid:84218458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355343)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bwqztc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355343/; classtype:trojan-activity;sid:84218443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355344)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zfvjkg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355344/; classtype:trojan-activity;sid:84218444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355342)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mtrisk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355342/; classtype:trojan-activity;sid:84218442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355341)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnxbgi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355341/; classtype:trojan-activity;sid:84218441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355339)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vlconi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355339/; classtype:trojan-activity;sid:84218439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355340)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jybhov.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355340/; classtype:trojan-activity;sid:84218440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355333)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cdsrne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355333/; classtype:trojan-activity;sid:84218433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355334)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lrbjnm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355334/; classtype:trojan-activity;sid:84218434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355335)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bqagtw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355335/; classtype:trojan-activity;sid:84218435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355336)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvnskj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355336/; classtype:trojan-activity;sid:84218436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355337)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vuasyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355337/; classtype:trojan-activity;sid:84218437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355338)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idfstq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355338/; classtype:trojan-activity;sid:84218438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355327)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tkrgos.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355327/; classtype:trojan-activity;sid:84218427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355328)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xmckhv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355328/; classtype:trojan-activity;sid:84218428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355329)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ghkpnb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355329/; classtype:trojan-activity;sid:84218429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355330)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhtxjl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355330/; classtype:trojan-activity;sid:84218430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355331)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pxejzw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355331/; classtype:trojan-activity;sid:84218431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355332)"; flow:established,from_client; content:"GET"; http_method; content:"/js/awrgeb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355332/; classtype:trojan-activity;sid:84218432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355320)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kxsuoa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355320/; classtype:trojan-activity;sid:84218420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355321)"; flow:established,from_client; content:"GET"; http_method; content:"/js/krndeb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355321/; classtype:trojan-activity;sid:84218421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355322)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ghkpnb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355322/; classtype:trojan-activity;sid:84218422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355323)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mboxlq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355323/; classtype:trojan-activity;sid:84218423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355324)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rtwceu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355324/; classtype:trojan-activity;sid:84218424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355325)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pxejzw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355325/; classtype:trojan-activity;sid:84218425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355326)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yoseda.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355326/; classtype:trojan-activity;sid:84218426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355309)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dqetif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355309/; classtype:trojan-activity;sid:84218409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355310)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mnqtfd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355310/; classtype:trojan-activity;sid:84218410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355311)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jzkcvs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355311/; classtype:trojan-activity;sid:84218411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355312)"; flow:established,from_client; content:"GET"; http_method; content:"/js/niycgr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355312/; classtype:trojan-activity;sid:84218412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355313)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oipakb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355313/; classtype:trojan-activity;sid:84218413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355314)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bqagtw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355314/; classtype:trojan-activity;sid:84218414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355315)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvgnwu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355315/; classtype:trojan-activity;sid:84218415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355316)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fjcdei.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355316/; classtype:trojan-activity;sid:84218416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355317)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pucqej.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355317/; classtype:trojan-activity;sid:84218417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355318)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tuyfsr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355318/; classtype:trojan-activity;sid:84218418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355319)"; flow:established,from_client; content:"GET"; http_method; content:"/js/axyohf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355319/; classtype:trojan-activity;sid:84218419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355303)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xwbofs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355303/; classtype:trojan-activity;sid:84218403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355304)"; flow:established,from_client; content:"GET"; http_method; content:"/js/einfto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355304/; classtype:trojan-activity;sid:84218404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355305)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuftwg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355305/; classtype:trojan-activity;sid:84218405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355306)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxlfph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355306/; classtype:trojan-activity;sid:84218406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355307)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifkoly.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355307/; classtype:trojan-activity;sid:84218407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355308)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nshfcx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355308/; classtype:trojan-activity;sid:84218408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355302)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aolwzh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355302/; classtype:trojan-activity;sid:84218402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355301)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cnowez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355301/; classtype:trojan-activity;sid:84218401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355298)"; flow:established,from_client; content:"GET"; http_method; content:"/js/brmcuo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355298/; classtype:trojan-activity;sid:84218398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355299)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyuwxm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355299/; classtype:trojan-activity;sid:84218399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355300)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cdfoxq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355300/; classtype:trojan-activity;sid:84218400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355290)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eykdsz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355290/; classtype:trojan-activity;sid:84218390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355291)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oukrae.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355291/; classtype:trojan-activity;sid:84218391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355292)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taedsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355292/; classtype:trojan-activity;sid:84218392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355293)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zphnbt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355293/; classtype:trojan-activity;sid:84218393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355294)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xpqlzd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355294/; classtype:trojan-activity;sid:84218394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355295)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tmzyks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355295/; classtype:trojan-activity;sid:84218395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355296)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lospxq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355296/; classtype:trojan-activity;sid:84218396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355297)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fanigm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355297/; classtype:trojan-activity;sid:84218397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355284)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zeugbi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355284/; classtype:trojan-activity;sid:84218384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355285)"; flow:established,from_client; content:"GET"; http_method; content:"/js/seavld.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355285/; classtype:trojan-activity;sid:84218385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355286)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqnygk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355286/; classtype:trojan-activity;sid:84218386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355287)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vakynh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355287/; classtype:trojan-activity;sid:84218387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355288)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ktdvgm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355288/; classtype:trojan-activity;sid:84218388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355289)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftrkab.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355289/; classtype:trojan-activity;sid:84218389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355272)"; flow:established,from_client; content:"GET"; http_method; content:"/js/etuvzw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355272/; classtype:trojan-activity;sid:84218372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355273)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkbazn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355273/; classtype:trojan-activity;sid:84218373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355274)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yiphwg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355274/; classtype:trojan-activity;sid:84218374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355275)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjyaom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355275/; classtype:trojan-activity;sid:84218375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355276)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dlerac.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355276/; classtype:trojan-activity;sid:84218376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355277)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ymrxfg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355277/; classtype:trojan-activity;sid:84218377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355278)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gyunzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355278/; classtype:trojan-activity;sid:84218378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355279)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wfcoen.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355279/; classtype:trojan-activity;sid:84218379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355280)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xkhduz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355280/; classtype:trojan-activity;sid:84218380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355281)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wviojy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355281/; classtype:trojan-activity;sid:84218381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355282)"; flow:established,from_client; content:"GET"; http_method; content:"/js/haminl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355282/; classtype:trojan-activity;sid:84218382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355283)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fmxdzc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355283/; classtype:trojan-activity;sid:84218383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355266)"; flow:established,from_client; content:"GET"; http_method; content:"/js/awrgeb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355266/; classtype:trojan-activity;sid:84218366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355267)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qpcnir.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355267/; classtype:trojan-activity;sid:84218367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355268)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gumaod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355268/; classtype:trojan-activity;sid:84218368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355269)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mcpjkt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355269/; classtype:trojan-activity;sid:84218369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355270)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dkauol.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355270/; classtype:trojan-activity;sid:84218370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355271)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fmqawp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355271/; classtype:trojan-activity;sid:84218371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355262)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kifdpx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355262/; classtype:trojan-activity;sid:84218362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355263)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qpcnir.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355263/; classtype:trojan-activity;sid:84218363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355264)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkbzrh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355264/; classtype:trojan-activity;sid:84218364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355265)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mnytgr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355265/; classtype:trojan-activity;sid:84218365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355260)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cdsrne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355260/; classtype:trojan-activity;sid:84218360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355261)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vpgsbt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355261/; classtype:trojan-activity;sid:84218361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355258)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qxtcbz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355258/; classtype:trojan-activity;sid:84218358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355259)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rpljdi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355259/; classtype:trojan-activity;sid:84218359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355251)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yrfcjd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355251/; classtype:trojan-activity;sid:84218351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355252)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aucjpi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355252/; classtype:trojan-activity;sid:84218352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355253)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mwyreq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355253/; classtype:trojan-activity;sid:84218353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355254)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uyvize.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355254/; classtype:trojan-activity;sid:84218354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355255)"; flow:established,from_client; content:"GET"; http_method; content:"/js/spywol.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355255/; classtype:trojan-activity;sid:84218355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355256)"; flow:established,from_client; content:"GET"; http_method; content:"/js/brvcon.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355256/; classtype:trojan-activity;sid:84218356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355257)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbhrfa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355257/; classtype:trojan-activity;sid:84218357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355241)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvgnwu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355241/; classtype:trojan-activity;sid:84218341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355242)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gkuqxy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355242/; classtype:trojan-activity;sid:84218342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355243)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vbjzsq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355243/; classtype:trojan-activity;sid:84218343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355244)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bgkluf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355244/; classtype:trojan-activity;sid:84218344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355245)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mbradq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355245/; classtype:trojan-activity;sid:84218345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355246)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dcswua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355246/; classtype:trojan-activity;sid:84218346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355247)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mcpjkt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355247/; classtype:trojan-activity;sid:84218347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355248)"; flow:established,from_client; content:"GET"; http_method; content:"/js/axgkvf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355248/; classtype:trojan-activity;sid:84218348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355249)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gzuktd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355249/; classtype:trojan-activity;sid:84218349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355250)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bsuxni.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355250/; classtype:trojan-activity;sid:84218350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355230)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mlidbc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355230/; classtype:trojan-activity;sid:84218330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355231)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xmckhv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355231/; classtype:trojan-activity;sid:84218331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355232)"; flow:established,from_client; content:"GET"; http_method; content:"/js/umbvwh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355232/; classtype:trojan-activity;sid:84218332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355233)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ymduqh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355233/; classtype:trojan-activity;sid:84218333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355234)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wzpbls.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355234/; classtype:trojan-activity;sid:84218334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355235)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xhorwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355235/; classtype:trojan-activity;sid:84218335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355236)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ejorqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355236/; classtype:trojan-activity;sid:84218336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355237)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vcsfoe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355237/; classtype:trojan-activity;sid:84218337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355238)"; flow:established,from_client; content:"GET"; http_method; content:"/js/usdfba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355238/; classtype:trojan-activity;sid:84218338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355239)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cnowez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355239/; classtype:trojan-activity;sid:84218339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355240)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fazydx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355240/; classtype:trojan-activity;sid:84218340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355226)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vpgsbt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355226/; classtype:trojan-activity;sid:84218326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355227)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zlyrgt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355227/; classtype:trojan-activity;sid:84218327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355228)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qgoskl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355228/; classtype:trojan-activity;sid:84218328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355229)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ubhnre.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355229/; classtype:trojan-activity;sid:84218329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355224)"; flow:established,from_client; content:"GET"; http_method; content:"/js/orqgih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355224/; classtype:trojan-activity;sid:84218324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355225)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ebqkmv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355225/; classtype:trojan-activity;sid:84218325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355223)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ymrxfg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355223/; classtype:trojan-activity;sid:84218323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355221)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vkuxga.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355221/; classtype:trojan-activity;sid:84218321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355222)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kgzues.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355222/; classtype:trojan-activity;sid:84218322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355220)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mxtczf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355220/; classtype:trojan-activity;sid:84218320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355218)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tvcsep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355218/; classtype:trojan-activity;sid:84218318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355219)"; flow:established,from_client; content:"GET"; http_method; content:"/js/haminl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355219/; classtype:trojan-activity;sid:84218319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355214)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhxjmt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355214/; classtype:trojan-activity;sid:84218314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355215)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lospxq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355215/; classtype:trojan-activity;sid:84218315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355216)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkuhcj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355216/; classtype:trojan-activity;sid:84218316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355217)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tgqmjd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355217/; classtype:trojan-activity;sid:84218317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355205)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ghaesk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355205/; classtype:trojan-activity;sid:84218305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355206)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dcswua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355206/; classtype:trojan-activity;sid:84218306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355207)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jgutyw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355207/; classtype:trojan-activity;sid:84218307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355208)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yrfcjd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355208/; classtype:trojan-activity;sid:84218308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355209)"; flow:established,from_client; content:"GET"; http_method; content:"/js/niqpef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355209/; classtype:trojan-activity;sid:84218309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355210)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tabfsk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355210/; classtype:trojan-activity;sid:84218310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355211)"; flow:established,from_client; content:"GET"; http_method; content:"/js/advkwe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355211/; classtype:trojan-activity;sid:84218311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355212)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taedsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355212/; classtype:trojan-activity;sid:84218312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355213)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mndkue.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355213/; classtype:trojan-activity;sid:84218313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355201)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wjlhyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355201/; classtype:trojan-activity;sid:84218301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355202)"; flow:established,from_client; content:"GET"; http_method; content:"/js/otcqfm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355202/; classtype:trojan-activity;sid:84218302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355203)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ozbput.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355203/; classtype:trojan-activity;sid:84218303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355204)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xwolzf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355204/; classtype:trojan-activity;sid:84218304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355197)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpsgaq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355197/; classtype:trojan-activity;sid:84218297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355198)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ckjhao.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355198/; classtype:trojan-activity;sid:84218298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355199)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jlpenv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355199/; classtype:trojan-activity;sid:84218299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355200)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcfjdb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355200/; classtype:trojan-activity;sid:84218300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355195)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zciruy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355195/; classtype:trojan-activity;sid:84218295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355196)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ozbput.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355196/; classtype:trojan-activity;sid:84218296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355194)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmhoyx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355194/; classtype:trojan-activity;sid:84218294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355191)"; flow:established,from_client; content:"GET"; http_method; content:"/js/epivoc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355191/; classtype:trojan-activity;sid:84218291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355192)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apybvd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355192/; classtype:trojan-activity;sid:84218292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355193)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nzxcby.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355193/; classtype:trojan-activity;sid:84218293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355184)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jmcsqd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355184/; classtype:trojan-activity;sid:84218284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355185)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xhorwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355185/; classtype:trojan-activity;sid:84218285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355186)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vcsfoe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355186/; classtype:trojan-activity;sid:84218286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355187)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lipzek.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355187/; classtype:trojan-activity;sid:84218287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355188)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxowyn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355188/; classtype:trojan-activity;sid:84218288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355189)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rqshzg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355189/; classtype:trojan-activity;sid:84218289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355190)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hvzlgj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355190/; classtype:trojan-activity;sid:84218290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355173)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbsaod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355173/; classtype:trojan-activity;sid:84218273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355174)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrkbud.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355174/; classtype:trojan-activity;sid:84218274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355175)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eurtbp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355175/; classtype:trojan-activity;sid:84218275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355176)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kegiqp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355176/; classtype:trojan-activity;sid:84218276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355177)"; flow:established,from_client; content:"GET"; http_method; content:"/js/seavld.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355177/; classtype:trojan-activity;sid:84218277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355178)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qwnruo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355178/; classtype:trojan-activity;sid:84218278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355179)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkbazn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355179/; classtype:trojan-activity;sid:84218279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355180)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vmiwjs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355180/; classtype:trojan-activity;sid:84218280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355181)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yoifqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355181/; classtype:trojan-activity;sid:84218281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355182)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tasxbp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355182/; classtype:trojan-activity;sid:84218282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355183)"; flow:established,from_client; content:"GET"; http_method; content:"/js/boctsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355183/; classtype:trojan-activity;sid:84218283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355170)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lxpqmy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355170/; classtype:trojan-activity;sid:84218270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355171)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yuzolj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355171/; classtype:trojan-activity;sid:84218271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355172)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kymzfw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355172/; classtype:trojan-activity;sid:84218272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355166)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mlidbc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355166/; classtype:trojan-activity;sid:84218266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355167)"; flow:established,from_client; content:"GET"; http_method; content:"/js/niqpef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355167/; classtype:trojan-activity;sid:84218267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355168)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dkauol.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355168/; classtype:trojan-activity;sid:84218268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355169)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixfkgs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355169/; classtype:trojan-activity;sid:84218269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355163)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dnujfr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355163/; classtype:trojan-activity;sid:84218263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355164)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cfvedw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355164/; classtype:trojan-activity;sid:84218264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355165)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fanigm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355165/; classtype:trojan-activity;sid:84218265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355161)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lwusrz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355161/; classtype:trojan-activity;sid:84218261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355162)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sobque.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355162/; classtype:trojan-activity;sid:84218262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355155)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wfcoen.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355155/; classtype:trojan-activity;sid:84218255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355156)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnitks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355156/; classtype:trojan-activity;sid:84218256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355157)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buersl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355157/; classtype:trojan-activity;sid:84218257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355158)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmvyfu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355158/; classtype:trojan-activity;sid:84218258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355159)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gihkob.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355159/; classtype:trojan-activity;sid:84218259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355160)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nftlqa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355160/; classtype:trojan-activity;sid:84218260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355154)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chzwis.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355154/; classtype:trojan-activity;sid:84218254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355151)"; flow:established,from_client; content:"GET"; http_method; content:"/js/enscpd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355151/; classtype:trojan-activity;sid:84218251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355152)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bfmstk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355152/; classtype:trojan-activity;sid:84218252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355153)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gdplov.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355153/; classtype:trojan-activity;sid:84218253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355144)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mnldgk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355144/; classtype:trojan-activity;sid:84218244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355145)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mnqtfd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355145/; classtype:trojan-activity;sid:84218245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355146)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gdplov.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355146/; classtype:trojan-activity;sid:84218246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355147)"; flow:established,from_client; content:"GET"; http_method; content:"/js/maoqud.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355147/; classtype:trojan-activity;sid:84218247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355148)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bwqztc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355148/; classtype:trojan-activity;sid:84218248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355149)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cenzsh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355149/; classtype:trojan-activity;sid:84218249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355150)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltiqpf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355150/; classtype:trojan-activity;sid:84218250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355143)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ktjixm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355143/; classtype:trojan-activity;sid:84218243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355137)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hvzlgj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355137/; classtype:trojan-activity;sid:84218237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355138)"; flow:established,from_client; content:"GET"; http_method; content:"/js/umacjk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355138/; classtype:trojan-activity;sid:84218238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355139)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qhcvtm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355139/; classtype:trojan-activity;sid:84218239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355140)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apinhw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355140/; classtype:trojan-activity;sid:84218240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355141)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wrhpzg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355141/; classtype:trojan-activity;sid:84218241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355142)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zfvjkg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355142/; classtype:trojan-activity;sid:84218242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355132)"; flow:established,from_client; content:"GET"; http_method; content:"/js/joywkb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355132/; classtype:trojan-activity;sid:84218232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355133)"; flow:established,from_client; content:"GET"; http_method; content:"/js/flxcrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355133/; classtype:trojan-activity;sid:84218233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355134)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zhrlvj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355134/; classtype:trojan-activity;sid:84218234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355135)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eakigy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355135/; classtype:trojan-activity;sid:84218235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355136)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ywolir.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355136/; classtype:trojan-activity;sid:84218236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355125)"; flow:established,from_client; content:"GET"; http_method; content:"/js/flxcrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355125/; classtype:trojan-activity;sid:84218225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355126)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhtxjl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355126/; classtype:trojan-activity;sid:84218226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355127)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xgaojl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355127/; classtype:trojan-activity;sid:84218227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355128)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gjzows.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355128/; classtype:trojan-activity;sid:84218228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355129)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bckimf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355129/; classtype:trojan-activity;sid:84218229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355130)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qynjiu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355130/; classtype:trojan-activity;sid:84218230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355131)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ljixfv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355131/; classtype:trojan-activity;sid:84218231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355122)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gkuqxy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355122/; classtype:trojan-activity;sid:84218222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355123)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zeugbi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355123/; classtype:trojan-activity;sid:84218223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355124)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qpzucl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355124/; classtype:trojan-activity;sid:84218224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355118)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyenkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355118/; classtype:trojan-activity;sid:84218218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355119)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lrasxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355119/; classtype:trojan-activity;sid:84218219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355120)"; flow:established,from_client; content:"GET"; http_method; content:"/js/svdqij.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355120/; classtype:trojan-activity;sid:84218220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355121)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djcuar.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355121/; classtype:trojan-activity;sid:84218221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355117)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sqkxat.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355117/; classtype:trojan-activity;sid:84218217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355114)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gursxj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355114/; classtype:trojan-activity;sid:84218214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355115)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtdkap.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355115/; classtype:trojan-activity;sid:84218215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355116)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dyvnzc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355116/; classtype:trojan-activity;sid:84218216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355111)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nzoyfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355111/; classtype:trojan-activity;sid:84218211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355112)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uyvldz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355112/; classtype:trojan-activity;sid:84218212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355113)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zapktx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355113/; classtype:trojan-activity;sid:84218213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355110)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iecrax.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355110/; classtype:trojan-activity;sid:84218210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355105)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zpxrwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355105/; classtype:trojan-activity;sid:84218205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355106)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wjlhyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355106/; classtype:trojan-activity;sid:84218206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355107)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vzdkcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355107/; classtype:trojan-activity;sid:84218207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355108)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eajylz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355108/; classtype:trojan-activity;sid:84218208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355109)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uqyrmj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355109/; classtype:trojan-activity;sid:84218209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355101)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mhjdoq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355101/; classtype:trojan-activity;sid:84218201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355102)"; flow:established,from_client; content:"GET"; http_method; content:"/js/acvixr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355102/; classtype:trojan-activity;sid:84218202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355103)"; flow:established,from_client; content:"GET"; http_method; content:"/js/evwmfk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355103/; classtype:trojan-activity;sid:84218203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355104)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jqtsyz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355104/; classtype:trojan-activity;sid:84218204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355097)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ejorqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355097/; classtype:trojan-activity;sid:84218197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355098)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ylcoep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355098/; classtype:trojan-activity;sid:84218198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355099)"; flow:established,from_client; content:"GET"; http_method; content:"/js/guclef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355099/; classtype:trojan-activity;sid:84218199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355100)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbxril.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355100/; classtype:trojan-activity;sid:84218200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355092)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skdgza.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355092/; classtype:trojan-activity;sid:84218192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355093)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jurkep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355093/; classtype:trojan-activity;sid:84218193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355094)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bedskm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355094/; classtype:trojan-activity;sid:84218194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355095)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ohkjbx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355095/; classtype:trojan-activity;sid:84218195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355096)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vmiwjs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355096/; classtype:trojan-activity;sid:84218196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355088)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vajdwl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355088/; classtype:trojan-activity;sid:84218188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355089)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nqspxm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355089/; classtype:trojan-activity;sid:84218189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355090)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbgkrq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355090/; classtype:trojan-activity;sid:84218190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355091)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkveiz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355091/; classtype:trojan-activity;sid:84218191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355079)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pkgntu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355079/; classtype:trojan-activity;sid:84218179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355080)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wduqre.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355080/; classtype:trojan-activity;sid:84218180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355081)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pkgntu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355081/; classtype:trojan-activity;sid:84218181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355082)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zapktx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355082/; classtype:trojan-activity;sid:84218182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355083)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qzwkpl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355083/; classtype:trojan-activity;sid:84218183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355084)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cvbrkt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355084/; classtype:trojan-activity;sid:84218184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355085)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bsyhel.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355085/; classtype:trojan-activity;sid:84218185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355086)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jvwilr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355086/; classtype:trojan-activity;sid:84218186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355087)"; flow:established,from_client; content:"GET"; http_method; content:"/js/facwzd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355087/; classtype:trojan-activity;sid:84218187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355077)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wxohba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355077/; classtype:trojan-activity;sid:84218177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355078)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtpfgb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355078/; classtype:trojan-activity;sid:84218178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355074)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qdymkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355074/; classtype:trojan-activity;sid:84218174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355075)"; flow:established,from_client; content:"GET"; http_method; content:"/js/leghpn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355075/; classtype:trojan-activity;sid:84218175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355076)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yoseda.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355076/; classtype:trojan-activity;sid:84218176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355071)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fjlepi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355071/; classtype:trojan-activity;sid:84218171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355072)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qyxofk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355072/; classtype:trojan-activity;sid:84218172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355073)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jrbqam.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355073/; classtype:trojan-activity;sid:84218173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355070)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fvmsou.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355070/; classtype:trojan-activity;sid:84218170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355063)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eumhxy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355063/; classtype:trojan-activity;sid:84218163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355064)"; flow:established,from_client; content:"GET"; http_method; content:"/js/larniw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355064/; classtype:trojan-activity;sid:84218164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355065)"; flow:established,from_client; content:"GET"; http_method; content:"/js/krbvhd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355065/; classtype:trojan-activity;sid:84218165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355066)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mdryul.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355066/; classtype:trojan-activity;sid:84218166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355067)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yzcxiw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355067/; classtype:trojan-activity;sid:84218167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355068)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mhztey.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355068/; classtype:trojan-activity;sid:84218168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355069)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uflomw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355069/; classtype:trojan-activity;sid:84218169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355058)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yuzolj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355058/; classtype:trojan-activity;sid:84218158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355059)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iumeyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355059/; classtype:trojan-activity;sid:84218159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355060)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zmugrb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355060/; classtype:trojan-activity;sid:84218160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355061)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yrimah.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355061/; classtype:trojan-activity;sid:84218161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355062)"; flow:established,from_client; content:"GET"; http_method; content:"/js/knrhej.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355062/; classtype:trojan-activity;sid:84218162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355051)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zhijyx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355051/; classtype:trojan-activity;sid:84218151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355052)"; flow:established,from_client; content:"GET"; http_method; content:"/js/raylkw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355052/; classtype:trojan-activity;sid:84218152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355053)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ncwgsz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355053/; classtype:trojan-activity;sid:84218153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355054)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cgemlk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355054/; classtype:trojan-activity;sid:84218154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355055)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gpxfac.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355055/; classtype:trojan-activity;sid:84218155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355056)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvaxpe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355056/; classtype:trojan-activity;sid:84218156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355057)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ejycbr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355057/; classtype:trojan-activity;sid:84218157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355045)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mvdtux.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355045/; classtype:trojan-activity;sid:84218145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355046)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eajylz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355046/; classtype:trojan-activity;sid:84218146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355047)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eopqhu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355047/; classtype:trojan-activity;sid:84218147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355048)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qotmlf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355048/; classtype:trojan-activity;sid:84218148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355049)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qzwkpl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355049/; classtype:trojan-activity;sid:84218149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355050)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lgjyfs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355050/; classtype:trojan-activity;sid:84218150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355042)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ywolir.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355042/; classtype:trojan-activity;sid:84218142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355043)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bwjsde.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355043/; classtype:trojan-activity;sid:84218143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355044)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qecdsa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355044/; classtype:trojan-activity;sid:84218144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355041)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nchzqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355041/; classtype:trojan-activity;sid:84218141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355035)"; flow:established,from_client; content:"GET"; http_method; content:"/js/icstgl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355035/; classtype:trojan-activity;sid:84218135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355036)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tcugad.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355036/; classtype:trojan-activity;sid:84218136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355037)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ylmczb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355037/; classtype:trojan-activity;sid:84218137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355038)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lxpqmy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355038/; classtype:trojan-activity;sid:84218138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355039)"; flow:established,from_client; content:"GET"; http_method; content:"/js/umbvwh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355039/; classtype:trojan-activity;sid:84218139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355040)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zhrlvj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355040/; classtype:trojan-activity;sid:84218140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355034)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lncsvk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355034/; classtype:trojan-activity;sid:84218134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355032)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lgmcnk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355032/; classtype:trojan-activity;sid:84218132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355033)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kepxut.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355033/; classtype:trojan-activity;sid:84218133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355027)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zjprmi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355027/; classtype:trojan-activity;sid:84218127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355028)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rpgutn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355028/; classtype:trojan-activity;sid:84218128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355029)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hztyge.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355029/; classtype:trojan-activity;sid:84218129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355030)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lijgxa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355030/; classtype:trojan-activity;sid:84218130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355031)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nwumxg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355031/; classtype:trojan-activity;sid:84218131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355026)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dimxvb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355026/; classtype:trojan-activity;sid:84218126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355019)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cenzsh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355019/; classtype:trojan-activity;sid:84218119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355020)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gtrsea.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355020/; classtype:trojan-activity;sid:84218120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355021)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ypfkmw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355021/; classtype:trojan-activity;sid:84218121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355022)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxowyn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355022/; classtype:trojan-activity;sid:84218122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355023)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aviloh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355023/; classtype:trojan-activity;sid:84218123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355024)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yaksvd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355024/; classtype:trojan-activity;sid:84218124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355025)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oxuhpl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355025/; classtype:trojan-activity;sid:84218125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355012)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ibdymt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355012/; classtype:trojan-activity;sid:84218112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355013)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jwzuea.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355013/; classtype:trojan-activity;sid:84218113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355014)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lwusrz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355014/; classtype:trojan-activity;sid:84218114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355015)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ybvrko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355015/; classtype:trojan-activity;sid:84218115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355016)"; flow:established,from_client; content:"GET"; http_method; content:"/js/efznhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355016/; classtype:trojan-activity;sid:84218116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355017)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xaqgyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355017/; classtype:trojan-activity;sid:84218117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355018)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mxtczf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355018/; classtype:trojan-activity;sid:84218118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355006)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rkcvse.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355006/; classtype:trojan-activity;sid:84218106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355007)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifnqtj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355007/; classtype:trojan-activity;sid:84218107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355008)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zcyfux.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355008/; classtype:trojan-activity;sid:84218108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355009)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pagoqr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355009/; classtype:trojan-activity;sid:84218109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355010)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jmcsqd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355010/; classtype:trojan-activity;sid:84218110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355011)"; flow:established,from_client; content:"GET"; http_method; content:"/js/epivoc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355011/; classtype:trojan-activity;sid:84218111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355004)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nzxcby.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355004/; classtype:trojan-activity;sid:84218104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355005)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vzdkcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355005/; classtype:trojan-activity;sid:84218105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354999)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eykdsz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354999/; classtype:trojan-activity;sid:84218099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355000)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aucjpi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355000/; classtype:trojan-activity;sid:84218100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355001)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whraun.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355001/; classtype:trojan-activity;sid:84218101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355002)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhsayl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355002/; classtype:trojan-activity;sid:84218102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3355003)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmyint.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3355003/; classtype:trojan-activity;sid:84218103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354993)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lrbjnm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354993/; classtype:trojan-activity;sid:84218093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354994)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qajlzu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354994/; classtype:trojan-activity;sid:84218094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354995)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cmhniy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354995/; classtype:trojan-activity;sid:84218095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354996)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxvzfu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354996/; classtype:trojan-activity;sid:84218096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354997)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vhrpsb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354997/; classtype:trojan-activity;sid:84218097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354998)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ctyhds.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354998/; classtype:trojan-activity;sid:84218098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354991)"; flow:established,from_client; content:"GET"; http_method; content:"/js/icstgl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354991/; classtype:trojan-activity;sid:84218091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354992)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zseihm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354992/; classtype:trojan-activity;sid:84218092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354986)"; flow:established,from_client; content:"GET"; http_method; content:"/js/alzcqd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354986/; classtype:trojan-activity;sid:84218086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354987)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qajlzu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354987/; classtype:trojan-activity;sid:84218087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354988)"; flow:established,from_client; content:"GET"; http_method; content:"/js/heovgu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354988/; classtype:trojan-activity;sid:84218088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354989)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aolwzh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354989/; classtype:trojan-activity;sid:84218089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354990)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tkrgos.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354990/; classtype:trojan-activity;sid:84218090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354982)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eaojfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354982/; classtype:trojan-activity;sid:84218082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354983)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmxdhq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354983/; classtype:trojan-activity;sid:84218083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354984)"; flow:established,from_client; content:"GET"; http_method; content:"/js/upkqfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354984/; classtype:trojan-activity;sid:84218084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354985)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qwnruo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354985/; classtype:trojan-activity;sid:84218085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354979)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apinhw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354979/; classtype:trojan-activity;sid:84218079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354980)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uflomw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354980/; classtype:trojan-activity;sid:84218080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354981)"; flow:established,from_client; content:"GET"; http_method; content:"/js/facwzd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354981/; classtype:trojan-activity;sid:84218081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354972)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xkhduz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354972/; classtype:trojan-activity;sid:84218072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354973)"; flow:established,from_client; content:"GET"; http_method; content:"/js/spywol.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354973/; classtype:trojan-activity;sid:84218073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354974)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ejycbr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354974/; classtype:trojan-activity;sid:84218074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354975)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ylmczb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354975/; classtype:trojan-activity;sid:84218075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354976)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ubhnre.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354976/; classtype:trojan-activity;sid:84218076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354977)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cwalbf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354977/; classtype:trojan-activity;sid:84218077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354978)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkveiz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354978/; classtype:trojan-activity;sid:84218078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354965)"; flow:established,from_client; content:"GET"; http_method; content:"/js/leghpn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354965/; classtype:trojan-activity;sid:84218065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354966)"; flow:established,from_client; content:"GET"; http_method; content:"/js/heovgu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354966/; classtype:trojan-activity;sid:84218066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354967)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbsaod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354967/; classtype:trojan-activity;sid:84218067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354968)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cmkovg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354968/; classtype:trojan-activity;sid:84218068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354969)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wzpbls.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354969/; classtype:trojan-activity;sid:84218069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354970)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mnytgr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354970/; classtype:trojan-activity;sid:84218070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354971)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wxohba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354971/; classtype:trojan-activity;sid:84218071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354963)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ojnzqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354963/; classtype:trojan-activity;sid:84218063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354964)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iauyko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354964/; classtype:trojan-activity;sid:84218064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354961)"; flow:established,from_client; content:"GET"; http_method; content:"/js/srfhnu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354961/; classtype:trojan-activity;sid:84218061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354962)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pkvzdr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354962/; classtype:trojan-activity;sid:84218062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354957)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mbyqhr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354957/; classtype:trojan-activity;sid:84218057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354958)"; flow:established,from_client; content:"GET"; http_method; content:"/js/adimqh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354958/; classtype:trojan-activity;sid:84218058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354959)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnrpjk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354959/; classtype:trojan-activity;sid:84218059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354960)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hylkeo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354960/; classtype:trojan-activity;sid:84218060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354953)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ctyhds.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354953/; classtype:trojan-activity;sid:84218053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354954)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnrpjk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354954/; classtype:trojan-activity;sid:84218054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354955)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lncsvk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354955/; classtype:trojan-activity;sid:84218055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354956)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mdkvnt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354956/; classtype:trojan-activity;sid:84218056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354946)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zcgxyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354946/; classtype:trojan-activity;sid:84218046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354947)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zcgxyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354947/; classtype:trojan-activity;sid:84218047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354948)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cdfoxq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354948/; classtype:trojan-activity;sid:84218048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354949)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ojrkzc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354949/; classtype:trojan-activity;sid:84218049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354950)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gtrsea.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354950/; classtype:trojan-activity;sid:84218050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354951)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uqyrmj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354951/; classtype:trojan-activity;sid:84218051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354952)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uaobrk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354952/; classtype:trojan-activity;sid:84218052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354942)"; flow:established,from_client; content:"GET"; http_method; content:"/js/adimqh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354942/; classtype:trojan-activity;sid:84218042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354943)"; flow:established,from_client; content:"GET"; http_method; content:"/js/epmykf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354943/; classtype:trojan-activity;sid:84218043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354944)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ocdngb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354944/; classtype:trojan-activity;sid:84218044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354945)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xaqgyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354945/; classtype:trojan-activity;sid:84218045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354939)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhsayl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354939/; classtype:trojan-activity;sid:84218039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354940)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jdvxrl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354940/; classtype:trojan-activity;sid:84218040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354941)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rkcvse.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354941/; classtype:trojan-activity;sid:84218041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354935)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gwthjv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354935/; classtype:trojan-activity;sid:84218035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354936)"; flow:established,from_client; content:"GET"; http_method; content:"/js/codneq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354936/; classtype:trojan-activity;sid:84218036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354937)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jrbqam.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354937/; classtype:trojan-activity;sid:84218037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354938)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mnldgk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354938/; classtype:trojan-activity;sid:84218038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354930)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ktjixm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354930/; classtype:trojan-activity;sid:84218030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354931)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uwqgzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354931/; classtype:trojan-activity;sid:84218031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354932)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jopsxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354932/; classtype:trojan-activity;sid:84218032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354933)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qyxofk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354933/; classtype:trojan-activity;sid:84218033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354934)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wviojy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354934/; classtype:trojan-activity;sid:84218034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354925)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qysdje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354925/; classtype:trojan-activity;sid:84218025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354926)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kxsuoa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354926/; classtype:trojan-activity;sid:84218026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354927)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gltihe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354927/; classtype:trojan-activity;sid:84218027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354928)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dnyaje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354928/; classtype:trojan-activity;sid:84218028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354929)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykhpws.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354929/; classtype:trojan-activity;sid:84218029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354922)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dfzirc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354922/; classtype:trojan-activity;sid:84218022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354923)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cihlkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354923/; classtype:trojan-activity;sid:84218023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354924)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bsuxni.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354924/; classtype:trojan-activity;sid:84218024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354920)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixadqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354920/; classtype:trojan-activity;sid:84218020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354921)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tgocyq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354921/; classtype:trojan-activity;sid:84218021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354915)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wtfaex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354915/; classtype:trojan-activity;sid:84218015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354916)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sfgmwc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354916/; classtype:trojan-activity;sid:84218016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354917)"; flow:established,from_client; content:"GET"; http_method; content:"/js/spvbid.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354917/; classtype:trojan-activity;sid:84218017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354918)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bmntfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354918/; classtype:trojan-activity;sid:84218018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354919)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hnsqxf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354919/; classtype:trojan-activity;sid:84218019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354910)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixufoz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354910/; classtype:trojan-activity;sid:84218010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354911)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rpljdi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354911/; classtype:trojan-activity;sid:84218011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354912)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mwyreq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354912/; classtype:trojan-activity;sid:84218012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354913)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kvitgy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354913/; classtype:trojan-activity;sid:84218013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354914)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yoifqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354914/; classtype:trojan-activity;sid:84218014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354905)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvaxpe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354905/; classtype:trojan-activity;sid:84218005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354906)"; flow:established,from_client; content:"GET"; http_method; content:"/js/krbvhd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354906/; classtype:trojan-activity;sid:84218006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354907)"; flow:established,from_client; content:"GET"; http_method; content:"/js/riodfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354907/; classtype:trojan-activity;sid:84218007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354908)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zsnceq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354908/; classtype:trojan-activity;sid:84218008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354909)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rlzpin.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354909/; classtype:trojan-activity;sid:84218009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354902)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xpqlzd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354902/; classtype:trojan-activity;sid:84218002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354903)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fvmsou.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354903/; classtype:trojan-activity;sid:84218003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354904)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cuzyrn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354904/; classtype:trojan-activity;sid:84218004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354899)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hnsqxf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354899/; classtype:trojan-activity;sid:84217999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354900)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jgutyw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354900/; classtype:trojan-activity;sid:84218000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354901)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eakigy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354901/; classtype:trojan-activity;sid:84218001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354892)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ayojtr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354892/; classtype:trojan-activity;sid:84217992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354893)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mwvxjr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354893/; classtype:trojan-activity;sid:84217993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354894)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hztyge.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354894/; classtype:trojan-activity;sid:84217994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354895)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ugkcma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354895/; classtype:trojan-activity;sid:84217995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354896)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lzexci.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354896/; classtype:trojan-activity;sid:84217996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354897)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifkoly.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354897/; classtype:trojan-activity;sid:84217997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354898)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jurkep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354898/; classtype:trojan-activity;sid:84217998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354891)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vpbqrh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354891/; classtype:trojan-activity;sid:84217991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354886)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lijgxa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354886/; classtype:trojan-activity;sid:84217986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354887)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lcbqxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354887/; classtype:trojan-activity;sid:84217987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354888)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vgdzuy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354888/; classtype:trojan-activity;sid:84217988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354889)"; flow:established,from_client; content:"GET"; http_method; content:"/js/axgkvf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354889/; classtype:trojan-activity;sid:84217989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354890)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykhpws.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354890/; classtype:trojan-activity;sid:84217990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354883)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jkarym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354883/; classtype:trojan-activity;sid:84217983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354884)"; flow:established,from_client; content:"GET"; http_method; content:"/js/numesr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354884/; classtype:trojan-activity;sid:84217984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354885)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yrimah.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354885/; classtype:trojan-activity;sid:84217985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354878)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbnpgy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354878/; classtype:trojan-activity;sid:84217978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354879)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xrnmah.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354879/; classtype:trojan-activity;sid:84217979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354880)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wguzsb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354880/; classtype:trojan-activity;sid:84217980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354881)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tobwal.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354881/; classtype:trojan-activity;sid:84217981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354882)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dyvnzc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354882/; classtype:trojan-activity;sid:84217982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354874)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nxuslb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354874/; classtype:trojan-activity;sid:84217974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354875)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aowqks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354875/; classtype:trojan-activity;sid:84217975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354876)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buersl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354876/; classtype:trojan-activity;sid:84217976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354877)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sldvou.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354877/; classtype:trojan-activity;sid:84217977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354871)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cmkovg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354871/; classtype:trojan-activity;sid:84217971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354872)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wtfaex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354872/; classtype:trojan-activity;sid:84217972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354873)"; flow:established,from_client; content:"GET"; http_method; content:"/js/numesr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354873/; classtype:trojan-activity;sid:84217973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354866)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gkuwsh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354866/; classtype:trojan-activity;sid:84217966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354867)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fmxdzc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354867/; classtype:trojan-activity;sid:84217967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354868)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tgocyq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354868/; classtype:trojan-activity;sid:84217968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354869)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zemkpl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354869/; classtype:trojan-activity;sid:84217969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354870)"; flow:established,from_client; content:"GET"; http_method; content:"/js/phgsfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354870/; classtype:trojan-activity;sid:84217970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354862)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jopsxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354862/; classtype:trojan-activity;sid:84217962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354863)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mboxlq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354863/; classtype:trojan-activity;sid:84217963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354864)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjpzcl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354864/; classtype:trojan-activity;sid:84217964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354865)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sygxrq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354865/; classtype:trojan-activity;sid:84217965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354859)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vfgqoz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354859/; classtype:trojan-activity;sid:84217959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354860)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ahtkco.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354860/; classtype:trojan-activity;sid:84217960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354861)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ovqgkw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354861/; classtype:trojan-activity;sid:84217961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354856)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lcmpeb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354856/; classtype:trojan-activity;sid:84217956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354857)"; flow:established,from_client; content:"GET"; http_method; content:"/js/usdfba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354857/; classtype:trojan-activity;sid:84217957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354858)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cwrqlj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354858/; classtype:trojan-activity;sid:84217958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354854)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kymzfw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354854/; classtype:trojan-activity;sid:84217954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354855)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dfzirc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354855/; classtype:trojan-activity;sid:84217955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354851)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vcboik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354851/; classtype:trojan-activity;sid:84217951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354852)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gjzows.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354852/; classtype:trojan-activity;sid:84217952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354853)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wsgoml.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354853/; classtype:trojan-activity;sid:84217953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354839)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mndbuf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354839/; classtype:trojan-activity;sid:84217939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354840)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vkuxga.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354840/; classtype:trojan-activity;sid:84217940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354841)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pauzmd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354841/; classtype:trojan-activity;sid:84217941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354842)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ijghlm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354842/; classtype:trojan-activity;sid:84217942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354843)"; flow:established,from_client; content:"GET"; http_method; content:"/js/esnqmp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354843/; classtype:trojan-activity;sid:84217943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354844)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pfvcmo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354844/; classtype:trojan-activity;sid:84217944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354845)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qxtcbz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354845/; classtype:trojan-activity;sid:84217945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354846)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xnhazm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354846/; classtype:trojan-activity;sid:84217946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354847)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nsujfq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354847/; classtype:trojan-activity;sid:84217947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354848)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrkbud.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354848/; classtype:trojan-activity;sid:84217948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354849)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cfvedw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354849/; classtype:trojan-activity;sid:84217949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354850)"; flow:established,from_client; content:"GET"; http_method; content:"/js/krndeb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354850/; classtype:trojan-activity;sid:84217950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354837)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cwmist.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354837/; classtype:trojan-activity;sid:84217937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354838)"; flow:established,from_client; content:"GET"; http_method; content:"/js/urewih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354838/; classtype:trojan-activity;sid:84217938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354830)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jybhov.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354830/; classtype:trojan-activity;sid:84217930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354831)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ihmwqr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354831/; classtype:trojan-activity;sid:84217931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354832)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkgytd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354832/; classtype:trojan-activity;sid:84217932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354833)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mgqaes.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354833/; classtype:trojan-activity;sid:84217933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354834)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ljixfv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354834/; classtype:trojan-activity;sid:84217934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354835)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gyunzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354835/; classtype:trojan-activity;sid:84217935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354836)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhcjmq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354836/; classtype:trojan-activity;sid:84217936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354828)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mbdnef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354828/; classtype:trojan-activity;sid:84217928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354829)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nqspxm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354829/; classtype:trojan-activity;sid:84217929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354824)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pouxyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354824/; classtype:trojan-activity;sid:84217924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354825)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hzbaco.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354825/; classtype:trojan-activity;sid:84217925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354826)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ouzgnx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354826/; classtype:trojan-activity;sid:84217926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354827)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bmkvfo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354827/; classtype:trojan-activity;sid:84217927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354819)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ktdvgm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354819/; classtype:trojan-activity;sid:84217919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354820)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dimxvb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354820/; classtype:trojan-activity;sid:84217920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354821)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tvcsep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354821/; classtype:trojan-activity;sid:84217921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354822)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lzexci.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354822/; classtype:trojan-activity;sid:84217922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354823)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apybvd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354823/; classtype:trojan-activity;sid:84217923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354815)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vjcsgp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354815/; classtype:trojan-activity;sid:84217915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354816)"; flow:established,from_client; content:"GET"; http_method; content:"/js/brivej.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354816/; classtype:trojan-activity;sid:84217916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354817)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zwoiju.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354817/; classtype:trojan-activity;sid:84217917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354818)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hzrlpg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354818/; classtype:trojan-activity;sid:84217918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354807)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jodbih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354807/; classtype:trojan-activity;sid:84217907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354808)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idfstq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354808/; classtype:trojan-activity;sid:84217908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354809)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ajykuv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354809/; classtype:trojan-activity;sid:84217909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354810)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yhbids.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354810/; classtype:trojan-activity;sid:84217910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354811)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbtoij.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354811/; classtype:trojan-activity;sid:84217911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354812)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qhcvtm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354812/; classtype:trojan-activity;sid:84217912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354813)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pkvzdr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354813/; classtype:trojan-activity;sid:84217913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354814)"; flow:established,from_client; content:"GET"; http_method; content:"/js/niycgr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354814/; classtype:trojan-activity;sid:84217914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354803)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mdkvnt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354803/; classtype:trojan-activity;sid:84217903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354804)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ybvrko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354804/; classtype:trojan-activity;sid:84217904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354805)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hoykgf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354805/; classtype:trojan-activity;sid:84217905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354806)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wrsytn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354806/; classtype:trojan-activity;sid:84217906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354800)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pouxyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354800/; classtype:trojan-activity;sid:84217900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354801)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vnfawj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354801/; classtype:trojan-activity;sid:84217901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354802)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yjsetx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354802/; classtype:trojan-activity;sid:84217902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354798)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xnhazm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354798/; classtype:trojan-activity;sid:84217898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354799)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xroaql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354799/; classtype:trojan-activity;sid:84217899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354792)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jykaos.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354792/; classtype:trojan-activity;sid:84217892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354793)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tgqmjd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354793/; classtype:trojan-activity;sid:84217893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354794)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vjzrmc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354794/; classtype:trojan-activity;sid:84217894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354795)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tuyfsr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354795/; classtype:trojan-activity;sid:84217895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354796)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uwqgzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354796/; classtype:trojan-activity;sid:84217896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354797)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vuasyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354797/; classtype:trojan-activity;sid:84217897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354787)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ovdxtn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354787/; classtype:trojan-activity;sid:84217887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354788)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qatnpf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354788/; classtype:trojan-activity;sid:84217888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354789)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jkarym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354789/; classtype:trojan-activity;sid:84217889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354790)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ajykuv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354790/; classtype:trojan-activity;sid:84217890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354791)"; flow:established,from_client; content:"GET"; http_method; content:"/js/etbxhs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354791/; classtype:trojan-activity;sid:84217891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354783)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnvemu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354783/; classtype:trojan-activity;sid:84217883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354784)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yzcxiw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354784/; classtype:trojan-activity;sid:84217884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354785)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vajdwl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354785/; classtype:trojan-activity;sid:84217885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354786)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fmqawp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354786/; classtype:trojan-activity;sid:84217886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354780)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yhbids.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354780/; classtype:trojan-activity;sid:84217880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354781)"; flow:established,from_client; content:"GET"; http_method; content:"/js/upkqfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354781/; classtype:trojan-activity;sid:84217881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354782)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jvwilr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354782/; classtype:trojan-activity;sid:84217882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354778)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lcmpeb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354778/; classtype:trojan-activity;sid:84217878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354779)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qgoskl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354779/; classtype:trojan-activity;sid:84217879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354774)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kezaoy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354774/; classtype:trojan-activity;sid:84217874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354775)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rpgutn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354775/; classtype:trojan-activity;sid:84217875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354776)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixfkgs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354776/; classtype:trojan-activity;sid:84217876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354777)"; flow:established,from_client; content:"GET"; http_method; content:"/js/agnprl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354777/; classtype:trojan-activity;sid:84217877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354769)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mdryul.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354769/; classtype:trojan-activity;sid:84217869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354770)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vjzrmc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354770/; classtype:trojan-activity;sid:84217870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354771)"; flow:established,from_client; content:"GET"; http_method; content:"/js/liacxs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354771/; classtype:trojan-activity;sid:84217871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354772)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aowqks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354772/; classtype:trojan-activity;sid:84217872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354773)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bmkvfo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354773/; classtype:trojan-activity;sid:84217873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354763)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uehmsp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354763/; classtype:trojan-activity;sid:84217863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354764)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fwckyt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354764/; classtype:trojan-activity;sid:84217864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354765)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zemkpl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354765/; classtype:trojan-activity;sid:84217865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354766)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifnqtj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354766/; classtype:trojan-activity;sid:84217866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354767)"; flow:established,from_client; content:"GET"; http_method; content:"/js/boctsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354767/; classtype:trojan-activity;sid:84217867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354768)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kbmfje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354768/; classtype:trojan-activity;sid:84217868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354760)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xwbofs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354760/; classtype:trojan-activity;sid:84217860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354761)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yobkea.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354761/; classtype:trojan-activity;sid:84217861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354762)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bnfpjq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354762/; classtype:trojan-activity;sid:84217862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354756)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aehois.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354756/; classtype:trojan-activity;sid:84217856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354757)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tobwal.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354757/; classtype:trojan-activity;sid:84217857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354758)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yoxtsd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354758/; classtype:trojan-activity;sid:84217858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354759)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zseihm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354759/; classtype:trojan-activity;sid:84217859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354751)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nchzqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354751/; classtype:trojan-activity;sid:84217851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354752)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rjhivf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354752/; classtype:trojan-activity;sid:84217852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354753)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jqtsyz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354753/; classtype:trojan-activity;sid:84217853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354754)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bhrsok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354754/; classtype:trojan-activity;sid:84217854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354755)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nxuslb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354755/; classtype:trojan-activity;sid:84217855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354748)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yiphwg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354748/; classtype:trojan-activity;sid:84217848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354749)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bvtnxg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354749/; classtype:trojan-activity;sid:84217849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354750)"; flow:established,from_client; content:"GET"; http_method; content:"/js/codneq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354750/; classtype:trojan-activity;sid:84217850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354745)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vjcsgp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354745/; classtype:trojan-activity;sid:84217845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354746)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glbawu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354746/; classtype:trojan-activity;sid:84217846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354747)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ibdymt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354747/; classtype:trojan-activity;sid:84217847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354744)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkuhcj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354744/; classtype:trojan-activity;sid:84217844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354740)"; flow:established,from_client; content:"GET"; http_method; content:"/js/etuvzw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354740/; classtype:trojan-activity;sid:84217840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354741)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cwuspz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354741/; classtype:trojan-activity;sid:84217841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354742)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kwbgoa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354742/; classtype:trojan-activity;sid:84217842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354743)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fwsovh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354743/; classtype:trojan-activity;sid:84217843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354735)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vpbqrh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354735/; classtype:trojan-activity;sid:84217835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354736)"; flow:established,from_client; content:"GET"; http_method; content:"/js/enscpd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354736/; classtype:trojan-activity;sid:84217836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354737)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zpxrwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354737/; classtype:trojan-activity;sid:84217837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354738)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixadqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354738/; classtype:trojan-activity;sid:84217838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354739)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gkuwsh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354739/; classtype:trojan-activity;sid:84217839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354731)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbnpgy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354731/; classtype:trojan-activity;sid:84217831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354732)"; flow:established,from_client; content:"GET"; http_method; content:"/js/joywkb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354732/; classtype:trojan-activity;sid:84217832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354733)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mbdnef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354733/; classtype:trojan-activity;sid:84217833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354734)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xhufal.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354734/; classtype:trojan-activity;sid:84217834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354726)"; flow:established,from_client; content:"GET"; http_method; content:"/js/heimgs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354726/; classtype:trojan-activity;sid:84217826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354727)"; flow:established,from_client; content:"GET"; http_method; content:"/js/czoahi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354727/; classtype:trojan-activity;sid:84217827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354728)"; flow:established,from_client; content:"GET"; http_method; content:"/js/epmykf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354728/; classtype:trojan-activity;sid:84217828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354729)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bhrsok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354729/; classtype:trojan-activity;sid:84217829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354730)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mwenpg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354730/; classtype:trojan-activity;sid:84217830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354718)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skdgza.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354718/; classtype:trojan-activity;sid:84217818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354719)"; flow:established,from_client; content:"GET"; http_method; content:"/js/olafpy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354719/; classtype:trojan-activity;sid:84217819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354720)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mgqaes.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354720/; classtype:trojan-activity;sid:84217820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354721)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yoxtsd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354721/; classtype:trojan-activity;sid:84217821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354722)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mtrisk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354722/; classtype:trojan-activity;sid:84217822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354723)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bgkluf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354723/; classtype:trojan-activity;sid:84217823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354724)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jodbih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354724/; classtype:trojan-activity;sid:84217824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354725)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skbvxr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354725/; classtype:trojan-activity;sid:84217825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354717)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mvdtux.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354717/; classtype:trojan-activity;sid:84217817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354712)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qdaszh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354712/; classtype:trojan-activity;sid:84217812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354713)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qecdsa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354713/; classtype:trojan-activity;sid:84217813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354714)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cihlkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354714/; classtype:trojan-activity;sid:84217814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354715)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gumaod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354715/; classtype:trojan-activity;sid:84217815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354716)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ejorqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354716/; classtype:trojan-activity;sid:84217816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354710)"; flow:established,from_client; content:"GET"; http_method; content:"/js/plmrui.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354710/; classtype:trojan-activity;sid:84217810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354711)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xymdwu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354711/; classtype:trojan-activity;sid:84217811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354705)"; flow:established,from_client; content:"GET"; http_method; content:"/js/esnqmp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354705/; classtype:trojan-activity;sid:84217805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354706)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjyaom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354706/; classtype:trojan-activity;sid:84217806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354707)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ohkjbx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354707/; classtype:trojan-activity;sid:84217807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354708)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmhoyx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354708/; classtype:trojan-activity;sid:84217808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354709)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcfjdb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354709/; classtype:trojan-activity;sid:84217809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354702)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xrnmah.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354702/; classtype:trojan-activity;sid:84217802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354703)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mbradq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354703/; classtype:trojan-activity;sid:84217803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354704)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yvjacr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354704/; classtype:trojan-activity;sid:84217804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354700)"; flow:established,from_client; content:"GET"; http_method; content:"/js/evwmfk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354700/; classtype:trojan-activity;sid:84217800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354701)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyuwxm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354701/; classtype:trojan-activity;sid:84217801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354695)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zpqows.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354695/; classtype:trojan-activity;sid:84217795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354696)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xroaql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354696/; classtype:trojan-activity;sid:84217796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354697)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sygxrq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354697/; classtype:trojan-activity;sid:84217797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354698)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djcuar.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354698/; classtype:trojan-activity;sid:84217798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354699)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zpqows.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354699/; classtype:trojan-activity;sid:84217799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354688)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rqkvhn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354688/; classtype:trojan-activity;sid:84217788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354689)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bvayux.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354689/; classtype:trojan-activity;sid:84217789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354690)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tabfsk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354690/; classtype:trojan-activity;sid:84217790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354691)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kgzues.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354691/; classtype:trojan-activity;sid:84217791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354692)"; flow:established,from_client; content:"GET"; http_method; content:"/js/larniw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354692/; classtype:trojan-activity;sid:84217792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354693)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zcyfux.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354693/; classtype:trojan-activity;sid:84217793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354694)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ensdwm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354694/; classtype:trojan-activity;sid:84217794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354681)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmvyfu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354681/; classtype:trojan-activity;sid:84217781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354682)"; flow:established,from_client; content:"GET"; http_method; content:"/js/axtfwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354682/; classtype:trojan-activity;sid:84217782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354683)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ajmdxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354683/; classtype:trojan-activity;sid:84217783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354684)"; flow:established,from_client; content:"GET"; http_method; content:"/js/islqym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354684/; classtype:trojan-activity;sid:84217784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354685)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kvitgy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354685/; classtype:trojan-activity;sid:84217785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354686)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjpqax.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354686/; classtype:trojan-activity;sid:84217786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354687)"; flow:established,from_client; content:"GET"; http_method; content:"/js/efznhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354687/; classtype:trojan-activity;sid:84217787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354678)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxlfph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354678/; classtype:trojan-activity;sid:84217778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354679)"; flow:established,from_client; content:"GET"; http_method; content:"/js/liacxs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354679/; classtype:trojan-activity;sid:84217779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354680)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ypfkmw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354680/; classtype:trojan-activity;sid:84217780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354675)"; flow:established,from_client; content:"GET"; http_method; content:"/js/orqgih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354675/; classtype:trojan-activity;sid:84217775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354676)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mhztey.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354676/; classtype:trojan-activity;sid:84217776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354677)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kifdpx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354677/; classtype:trojan-activity;sid:84217777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354673)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xgaojl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354673/; classtype:trojan-activity;sid:84217773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354674)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnvemu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354674/; classtype:trojan-activity;sid:84217774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354667)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cwmist.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354667/; classtype:trojan-activity;sid:84217767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354668)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bedskm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354668/; classtype:trojan-activity;sid:84217768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354669)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rtwceu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354669/; classtype:trojan-activity;sid:84217769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354670)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zlyrgt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354670/; classtype:trojan-activity;sid:84217770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354671)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mwvxjr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354671/; classtype:trojan-activity;sid:84217771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354672)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ayojtr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354672/; classtype:trojan-activity;sid:84217772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354661)"; flow:established,from_client; content:"GET"; http_method; content:"/js/olmdcw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354661/; classtype:trojan-activity;sid:84217761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354662)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lgmcnk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354662/; classtype:trojan-activity;sid:84217762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354663)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qpzucl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354663/; classtype:trojan-activity;sid:84217763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354664)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vnfawj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354664/; classtype:trojan-activity;sid:84217764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354665)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uyvldz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354665/; classtype:trojan-activity;sid:84217765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354666)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wlosbm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354666/; classtype:trojan-activity;sid:84217766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354660)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ovdxtn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354660/; classtype:trojan-activity;sid:84217760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354651)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rjhivf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354651/; classtype:trojan-activity;sid:84217751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354652)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fideyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354652/; classtype:trojan-activity;sid:84217752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354653)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kehfow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354653/; classtype:trojan-activity;sid:84217753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354654)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whraun.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354654/; classtype:trojan-activity;sid:84217754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354655)"; flow:established,from_client; content:"GET"; http_method; content:"/js/avjbmt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354655/; classtype:trojan-activity;sid:84217755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354656)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hylkeo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354656/; classtype:trojan-activity;sid:84217756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354657)"; flow:established,from_client; content:"GET"; http_method; content:"/js/svdqij.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354657/; classtype:trojan-activity;sid:84217757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354658)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hqdsvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354658/; classtype:trojan-activity;sid:84217758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354659)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnxbgi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354659/; classtype:trojan-activity;sid:84217759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354648)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yvjacr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354648/; classtype:trojan-activity;sid:84217748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354649)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lipzek.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354649/; classtype:trojan-activity;sid:84217749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354650)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjetif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354650/; classtype:trojan-activity;sid:84217750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354644)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zphnbt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354644/; classtype:trojan-activity;sid:84217744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354645)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mbyqhr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354645/; classtype:trojan-activity;sid:84217745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354646)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ghaesk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354646/; classtype:trojan-activity;sid:84217746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354647)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zabyop.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354647/; classtype:trojan-activity;sid:84217747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354640)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuftwg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354640/; classtype:trojan-activity;sid:84217740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354641)"; flow:established,from_client; content:"GET"; http_method; content:"/js/acosvb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354641/; classtype:trojan-activity;sid:84217741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354642)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wmzudk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354642/; classtype:trojan-activity;sid:84217742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354643)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tynogi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354643/; classtype:trojan-activity;sid:84217743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354634)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bfmstk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354634/; classtype:trojan-activity;sid:84217734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354635)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eurtbp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354635/; classtype:trojan-activity;sid:84217735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354636)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ekfmtr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354636/; classtype:trojan-activity;sid:84217736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354637)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lrasxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354637/; classtype:trojan-activity;sid:84217737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354638)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zabyop.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354638/; classtype:trojan-activity;sid:84217738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354639)"; flow:established,from_client; content:"GET"; http_method; content:"/js/drawbz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354639/; classtype:trojan-activity;sid:84217739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354629)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hoykgf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354629/; classtype:trojan-activity;sid:84217729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354630)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hqdsvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354630/; classtype:trojan-activity;sid:84217730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354631)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hijwpt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354631/; classtype:trojan-activity;sid:84217731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354632)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jlpenv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354632/; classtype:trojan-activity;sid:84217732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354633)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqnygk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354633/; classtype:trojan-activity;sid:84217733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354625)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djugez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354625/; classtype:trojan-activity;sid:84217725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354626)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnitks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354626/; classtype:trojan-activity;sid:84217726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354627)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iumeyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354627/; classtype:trojan-activity;sid:84217727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354628)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxvzfu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354628/; classtype:trojan-activity;sid:84217728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354623)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uehmsp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354623/; classtype:trojan-activity;sid:84217723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354624)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mwenpg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354624/; classtype:trojan-activity;sid:84217724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354622)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bynwiz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354622/; classtype:trojan-activity;sid:84217722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354617)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glbawu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354617/; classtype:trojan-activity;sid:84217717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354618)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbtoij.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354618/; classtype:trojan-activity;sid:84217718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354619)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bvayux.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354619/; classtype:trojan-activity;sid:84217719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354620)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nshfcx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354620/; classtype:trojan-activity;sid:84217720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354621)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ajmdxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354621/; classtype:trojan-activity;sid:84217721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354606)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvdkzp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354606/; classtype:trojan-activity;sid:84217706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354607)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zoutmk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354607/; classtype:trojan-activity;sid:84217707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354608)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kvjida.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354608/; classtype:trojan-activity;sid:84217708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354609)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjpzcl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354609/; classtype:trojan-activity;sid:84217709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354610)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ouzgnx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354610/; classtype:trojan-activity;sid:84217710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354611)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sejdtf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354611/; classtype:trojan-activity;sid:84217711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354612)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hzrlpg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354612/; classtype:trojan-activity;sid:84217712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354613)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gvzykl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354613/; classtype:trojan-activity;sid:84217713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354614)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oxuhpl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354614/; classtype:trojan-activity;sid:84217714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354615)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yjsetx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354615/; classtype:trojan-activity;sid:84217715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354616)"; flow:established,from_client; content:"GET"; http_method; content:"/js/brivej.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354616/; classtype:trojan-activity;sid:84217716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354605)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mhjdoq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354605/; classtype:trojan-activity;sid:84217705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354600)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jwzuea.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354600/; classtype:trojan-activity;sid:84217700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354601)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zlumay.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354601/; classtype:trojan-activity;sid:84217701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354602)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uyvize.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354602/; classtype:trojan-activity;sid:84217702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354603)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dpygbo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354603/; classtype:trojan-activity;sid:84217703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354604)"; flow:established,from_client; content:"GET"; http_method; content:"/js/agnprl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354604/; classtype:trojan-activity;sid:84217704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354596)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfbjax.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354596/; classtype:trojan-activity;sid:84217696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354597)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vfgqoz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354597/; classtype:trojan-activity;sid:84217697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354598)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vgdzuy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354598/; classtype:trojan-activity;sid:84217698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354599)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zowbnf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354599/; classtype:trojan-activity;sid:84217699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354587)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ojrkzc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354587/; classtype:trojan-activity;sid:84217687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354588)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lcbqxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354588/; classtype:trojan-activity;sid:84217688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354589)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yaksvd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354589/; classtype:trojan-activity;sid:84217689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354590)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ylxgbf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354590/; classtype:trojan-activity;sid:84217690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354591)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fjlepi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354591/; classtype:trojan-activity;sid:84217691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354592)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tadsko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354592/; classtype:trojan-activity;sid:84217692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354593)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ijghlm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354593/; classtype:trojan-activity;sid:84217693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354594)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qyzfwx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354594/; classtype:trojan-activity;sid:84217694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354595)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nftlqa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354595/; classtype:trojan-activity;sid:84217695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354585)"; flow:established,from_client; content:"GET"; http_method; content:"/js/libtoj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354585/; classtype:trojan-activity;sid:84217685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354586)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xhufal.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354586/; classtype:trojan-activity;sid:84217686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354583)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bwjsde.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354583/; classtype:trojan-activity;sid:84217683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354584)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iethuj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354584/; classtype:trojan-activity;sid:84217684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354582)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qnscho.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354582/; classtype:trojan-activity;sid:84217682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354573)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ncwgsz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354573/; classtype:trojan-activity;sid:84217673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354574)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fazydx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354574/; classtype:trojan-activity;sid:84217674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354575)"; flow:established,from_client; content:"GET"; http_method; content:"/js/riodfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354575/; classtype:trojan-activity;sid:84217675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354576)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pagoqr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354576/; classtype:trojan-activity;sid:84217676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354577)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cvbrkt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354577/; classtype:trojan-activity;sid:84217677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354578)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtpfgb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354578/; classtype:trojan-activity;sid:84217678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354579)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cwrqlj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354579/; classtype:trojan-activity;sid:84217679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354580)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rtkdwb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354580/; classtype:trojan-activity;sid:84217680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354581)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tadsko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354581/; classtype:trojan-activity;sid:84217681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354566)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vcboik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354566/; classtype:trojan-activity;sid:84217666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354567)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ebqkmv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354567/; classtype:trojan-activity;sid:84217667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354568)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vhrpsb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354568/; classtype:trojan-activity;sid:84217668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354569)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iethuj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354569/; classtype:trojan-activity;sid:84217669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354570)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tynogi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354570/; classtype:trojan-activity;sid:84217670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354571)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bjenhx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354571/; classtype:trojan-activity;sid:84217671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354572)"; flow:established,from_client; content:"GET"; http_method; content:"/js/avjbmt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354572/; classtype:trojan-activity;sid:84217672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354560)"; flow:established,from_client; content:"GET"; http_method; content:"/js/htgmbl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354560/; classtype:trojan-activity;sid:84217660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354561)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eaojfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354561/; classtype:trojan-activity;sid:84217661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354562)"; flow:established,from_client; content:"GET"; http_method; content:"/js/puysej.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354562/; classtype:trojan-activity;sid:84217662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354563)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mzxpbv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354563/; classtype:trojan-activity;sid:84217663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354564)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvnskj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354564/; classtype:trojan-activity;sid:84217664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354565)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhpiem.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354565/; classtype:trojan-activity;sid:84217665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354558)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cdsrne.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354558/; classtype:trojan-activity;sid:84217658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354559)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bnfpjq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354559/; classtype:trojan-activity;sid:84217659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354556)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eopqhu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354556/; classtype:trojan-activity;sid:84217656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354557)"; flow:established,from_client; content:"GET"; http_method; content:"/js/poalxr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354557/; classtype:trojan-activity;sid:84217657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354544)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wlosbm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354544/; classtype:trojan-activity;sid:84217644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354545)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmyint.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354545/; classtype:trojan-activity;sid:84217645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354546)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sqkxat.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354546/; classtype:trojan-activity;sid:84217646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354547)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gvzykl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354547/; classtype:trojan-activity;sid:84217647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354548)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bvtnxg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354548/; classtype:trojan-activity;sid:84217648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354549)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oipakb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354549/; classtype:trojan-activity;sid:84217649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354550)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ovqgkw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354550/; classtype:trojan-activity;sid:84217650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354551)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bnsqhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354551/; classtype:trojan-activity;sid:84217651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354552)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zjprmi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354552/; classtype:trojan-activity;sid:84217652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354553)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ensdwm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354553/; classtype:trojan-activity;sid:84217653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354554)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vejaul.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354554/; classtype:trojan-activity;sid:84217654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354555)"; flow:established,from_client; content:"GET"; http_method; content:"/js/misjhz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354555/; classtype:trojan-activity;sid:84217655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354543)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zoutmk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354543/; classtype:trojan-activity;sid:84217643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354525)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wxohba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354525/; classtype:trojan-activity;sid:84217625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354526)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mndkue.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354526/; classtype:trojan-activity;sid:84217626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354527)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aucjpi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354527/; classtype:trojan-activity;sid:84217627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354528)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hvzlgj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354528/; classtype:trojan-activity;sid:84217628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354529)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ywolir.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354529/; classtype:trojan-activity;sid:84217629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354530)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lrasxc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354530/; classtype:trojan-activity;sid:84217630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354531)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lrbjnm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354531/; classtype:trojan-activity;sid:84217631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354532)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lncsvk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354532/; classtype:trojan-activity;sid:84217632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354533)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yoxtsd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354533/; classtype:trojan-activity;sid:84217633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354534)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ghkpnb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354534/; classtype:trojan-activity;sid:84217634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354535)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vfgqoz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354535/; classtype:trojan-activity;sid:84217635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354536)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tgqmjd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354536/; classtype:trojan-activity;sid:84217636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354537)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uyvize.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354537/; classtype:trojan-activity;sid:84217637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354538)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ebqkmv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354538/; classtype:trojan-activity;sid:84217638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354539)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ucbsfr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354539/; classtype:trojan-activity;sid:84217639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354540)"; flow:established,from_client; content:"GET"; http_method; content:"/js/agnprl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354540/; classtype:trojan-activity;sid:84217640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354541)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xmckhv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354541/; classtype:trojan-activity;sid:84217641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354542)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cgemlk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354542/; classtype:trojan-activity;sid:84217642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354520)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fqknxe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354520/; classtype:trojan-activity;sid:84217620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354521)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hoykgf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354521/; classtype:trojan-activity;sid:84217621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354522)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kehfow.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354522/; classtype:trojan-activity;sid:84217622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354523)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nchzqk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354523/; classtype:trojan-activity;sid:84217623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354524)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkbazn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354524/; classtype:trojan-activity;sid:84217624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354519)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aehois.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354519/; classtype:trojan-activity;sid:84217619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354515)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wsgoml.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354515/; classtype:trojan-activity;sid:84217615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354516)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yiphwg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354516/; classtype:trojan-activity;sid:84217616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354517)"; flow:established,from_client; content:"GET"; http_method; content:"/js/urvtzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354517/; classtype:trojan-activity;sid:84217617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354518)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ibdymt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354518/; classtype:trojan-activity;sid:84217618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354513)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qajlzu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354513/; classtype:trojan-activity;sid:84217613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354514)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xhorwa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354514/; classtype:trojan-activity;sid:84217614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354512)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vzdkcb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354512/; classtype:trojan-activity;sid:84217612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354508)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kymzfw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354508/; classtype:trojan-activity;sid:84217608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354509)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkbzrh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354509/; classtype:trojan-activity;sid:84217609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354510)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lospxq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354510/; classtype:trojan-activity;sid:84217610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354511)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lnxbgi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354511/; classtype:trojan-activity;sid:84217611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354503)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mwenpg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354503/; classtype:trojan-activity;sid:84217603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354504)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vkuxga.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354504/; classtype:trojan-activity;sid:84217604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354505)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vmiwjs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354505/; classtype:trojan-activity;sid:84217605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354506)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lmyhfa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354506/; classtype:trojan-activity;sid:84217606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354507)"; flow:established,from_client; content:"GET"; http_method; content:"/js/axyohf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354507/; classtype:trojan-activity;sid:84217607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354497)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xpqlzd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354497/; classtype:trojan-activity;sid:84217597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354498)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lwusrz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354498/; classtype:trojan-activity;sid:84217598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354499)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbhrfa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354499/; classtype:trojan-activity;sid:84217599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354500)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kepxut.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354500/; classtype:trojan-activity;sid:84217600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354501)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cwalbf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354501/; classtype:trojan-activity;sid:84217601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354502)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvnskj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354502/; classtype:trojan-activity;sid:84217602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354494)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bfmstk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354494/; classtype:trojan-activity;sid:84217594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354495)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ozbput.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354495/; classtype:trojan-activity;sid:84217595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354496)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fideyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354496/; classtype:trojan-activity;sid:84217596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354487)"; flow:established,from_client; content:"GET"; http_method; content:"/js/liacxs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354487/; classtype:trojan-activity;sid:84217587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354488)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dcswua.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354488/; classtype:trojan-activity;sid:84217588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354489)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kgzues.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354489/; classtype:trojan-activity;sid:84217589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354490)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hzbaco.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354490/; classtype:trojan-activity;sid:84217590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354491/; classtype:trojan-activity;sid:84217591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354492)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zwoiju.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354492/; classtype:trojan-activity;sid:84217592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354493)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kwbgoa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354493/; classtype:trojan-activity;sid:84217593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354485)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zsnceq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354485/; classtype:trojan-activity;sid:84217585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354486)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mvdtux.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354486/; classtype:trojan-activity;sid:84217586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354483)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jlpenv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354483/; classtype:trojan-activity;sid:84217583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354484)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xaqgyh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354484/; classtype:trojan-activity;sid:84217584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354481)"; flow:established,from_client; content:"GET"; http_method; content:"/js/epivoc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354481/; classtype:trojan-activity;sid:84217581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354482)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxlfph.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354482/; classtype:trojan-activity;sid:84217582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354480)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bnfpjq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354480/; classtype:trojan-activity;sid:84217580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354479)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ohkjbx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354479/; classtype:trojan-activity;sid:84217579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354474)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bhrsok.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354474/; classtype:trojan-activity;sid:84217574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354475)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yjsetx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354475/; classtype:trojan-activity;sid:84217575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354476)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wpsgaq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354476/; classtype:trojan-activity;sid:84217576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354477)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zfvjkg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354477/; classtype:trojan-activity;sid:84217577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354478)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qgoskl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354478/; classtype:trojan-activity;sid:84217578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354470)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wlosbm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354470/; classtype:trojan-activity;sid:84217570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354471)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cwrqlj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354471/; classtype:trojan-activity;sid:84217571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354472)"; flow:established,from_client; content:"GET"; http_method; content:"/js/orqgih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354472/; classtype:trojan-activity;sid:84217572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354473)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tzmdlk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354473/; classtype:trojan-activity;sid:84217573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354468)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cjdams.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354468/; classtype:trojan-activity;sid:84217568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354469)"; flow:established,from_client; content:"GET"; http_method; content:"/js/evwmfk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354469/; classtype:trojan-activity;sid:84217569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354457)"; flow:established,from_client; content:"GET"; http_method; content:"/js/advkwe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354457/; classtype:trojan-activity;sid:84217557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354458)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjetif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354458/; classtype:trojan-activity;sid:84217558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354459)"; flow:established,from_client; content:"GET"; http_method; content:"/js/maoqud.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354459/; classtype:trojan-activity;sid:84217559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354460)"; flow:established,from_client; content:"GET"; http_method; content:"/js/otcqfm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354460/; classtype:trojan-activity;sid:84217560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354461)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pjyaom.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354461/; classtype:trojan-activity;sid:84217561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354462)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skbvxr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354462/; classtype:trojan-activity;sid:84217562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354463)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hijwpt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354463/; classtype:trojan-activity;sid:84217563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354464)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dnujfr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354464/; classtype:trojan-activity;sid:84217564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354465)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hqdsvz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354465/; classtype:trojan-activity;sid:84217565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354466)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zcgxyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354466/; classtype:trojan-activity;sid:84217566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354467)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eurtbp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354467/; classtype:trojan-activity;sid:84217567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354451)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjpzcl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354451/; classtype:trojan-activity;sid:84217551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354452)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cmkovg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354452/; classtype:trojan-activity;sid:84217552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354453)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tkrgos.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354453/; classtype:trojan-activity;sid:84217553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354454)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bvtnxg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354454/; classtype:trojan-activity;sid:84217554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354455)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hztyge.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354455/; classtype:trojan-activity;sid:84217555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354456)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pkgntu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354456/; classtype:trojan-activity;sid:84217556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354448)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yhilkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354448/; classtype:trojan-activity;sid:84217548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354449)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmhoyx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354449/; classtype:trojan-activity;sid:84217549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354450)"; flow:established,from_client; content:"GET"; http_method; content:"/js/epmykf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354450/; classtype:trojan-activity;sid:84217550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354446)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vhrpsb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354446/; classtype:trojan-activity;sid:84217546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354447)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifkoly.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354447/; classtype:trojan-activity;sid:84217547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354444)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ncwgsz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354444/; classtype:trojan-activity;sid:84217544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354445)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fwckyt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354445/; classtype:trojan-activity;sid:84217545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354442)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jopsxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354442/; classtype:trojan-activity;sid:84217542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354443)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iethuj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354443/; classtype:trojan-activity;sid:84217543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354441)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eumhxy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354441/; classtype:trojan-activity;sid:84217541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354440)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nshfcx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354440/; classtype:trojan-activity;sid:84217540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354435)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cfvedw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354435/; classtype:trojan-activity;sid:84217535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354436)"; flow:established,from_client; content:"GET"; http_method; content:"/js/puysej.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354436/; classtype:trojan-activity;sid:84217536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354437)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbtoij.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354437/; classtype:trojan-activity;sid:84217537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354438)"; flow:established,from_client; content:"GET"; http_method; content:"/js/niycgr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354438/; classtype:trojan-activity;sid:84217538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354439)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jmcsqd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354439/; classtype:trojan-activity;sid:84217539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354430)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yzdrmq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354430/; classtype:trojan-activity;sid:84217530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354431)"; flow:established,from_client; content:"GET"; http_method; content:"/js/awrgeb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354431/; classtype:trojan-activity;sid:84217531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354432)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xnhazm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354432/; classtype:trojan-activity;sid:84217532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354433)"; flow:established,from_client; content:"GET"; http_method; content:"/js/haminl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354433/; classtype:trojan-activity;sid:84217533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354434)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gvzykl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354434/; classtype:trojan-activity;sid:84217534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354427)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jdvxrl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354427/; classtype:trojan-activity;sid:84217527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354428)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zemkpl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354428/; classtype:trojan-activity;sid:84217528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354429)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uflomw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354429/; classtype:trojan-activity;sid:84217529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354422)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zlumay.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354422/; classtype:trojan-activity;sid:84217522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354423)"; flow:established,from_client; content:"GET"; http_method; content:"/js/brmcuo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354423/; classtype:trojan-activity;sid:84217523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354424)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dxvzfu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354424/; classtype:trojan-activity;sid:84217524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354425)"; flow:established,from_client; content:"GET"; http_method; content:"/js/whraun.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354425/; classtype:trojan-activity;sid:84217525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354426)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ekfmtr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354426/; classtype:trojan-activity;sid:84217526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354415)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pouxyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354415/; classtype:trojan-activity;sid:84217515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354416)"; flow:established,from_client; content:"GET"; http_method; content:"/js/efznhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354416/; classtype:trojan-activity;sid:84217516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354417)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vjcsgp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354417/; classtype:trojan-activity;sid:84217517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354418)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvaxpe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354418/; classtype:trojan-activity;sid:84217518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354419)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cenzsh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354419/; classtype:trojan-activity;sid:84217519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354420)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kifdpx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354420/; classtype:trojan-activity;sid:84217520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354421)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dyvnzc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354421/; classtype:trojan-activity;sid:84217521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354409)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gihkob.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354409/; classtype:trojan-activity;sid:84217509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354410)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wduqre.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354410/; classtype:trojan-activity;sid:84217510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354411)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lgjyfs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354411/; classtype:trojan-activity;sid:84217511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354412)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ymduqh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354412/; classtype:trojan-activity;sid:84217512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354413)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uehmsp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354413/; classtype:trojan-activity;sid:84217513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354414)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ylmczb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354414/; classtype:trojan-activity;sid:84217514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354407)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mboxlq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354407/; classtype:trojan-activity;sid:84217507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354408)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhpiem.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354408/; classtype:trojan-activity;sid:84217508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354403)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gjzows.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354403/; classtype:trojan-activity;sid:84217503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354404)"; flow:established,from_client; content:"GET"; http_method; content:"/js/buersl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354404/; classtype:trojan-activity;sid:84217504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354405)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mnldgk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354405/; classtype:trojan-activity;sid:84217505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354406)"; flow:established,from_client; content:"GET"; http_method; content:"/js/axgkvf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354406/; classtype:trojan-activity;sid:84217506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354398)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmvyfu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354398/; classtype:trojan-activity;sid:84217498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354399)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vbjzsq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354399/; classtype:trojan-activity;sid:84217499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354400)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mnytgr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354400/; classtype:trojan-activity;sid:84217500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354401)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zowbnf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354401/; classtype:trojan-activity;sid:84217501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354402)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bsyhel.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354402/; classtype:trojan-activity;sid:84217502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354393)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rkcvse.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354393/; classtype:trojan-activity;sid:84217493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354394)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tabfsk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354394/; classtype:trojan-activity;sid:84217494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354395)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zlyrgt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354395/; classtype:trojan-activity;sid:84217495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354396)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ovqgkw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354396/; classtype:trojan-activity;sid:84217496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354397)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oukrae.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354397/; classtype:trojan-activity;sid:84217497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354391)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jxowyn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354391/; classtype:trojan-activity;sid:84217491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354392)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ybvrko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354392/; classtype:trojan-activity;sid:84217492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354384)"; flow:established,from_client; content:"GET"; http_method; content:"/js/spvbid.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354384/; classtype:trojan-activity;sid:84217484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354385)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wviojy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354385/; classtype:trojan-activity;sid:84217485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354386)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bsuxni.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354386/; classtype:trojan-activity;sid:84217486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354387)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ensdwm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354387/; classtype:trojan-activity;sid:84217487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354388)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nwumxg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354388/; classtype:trojan-activity;sid:84217488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354389)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kgpeij.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354389/; classtype:trojan-activity;sid:84217489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354390)"; flow:established,from_client; content:"GET"; http_method; content:"/js/heimgs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354390/; classtype:trojan-activity;sid:84217490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354381)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qhcvtm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354381/; classtype:trojan-activity;sid:84217481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354382)"; flow:established,from_client; content:"GET"; http_method; content:"/js/enscpd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354382/; classtype:trojan-activity;sid:84217482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354383)"; flow:established,from_client; content:"GET"; http_method; content:"/js/krbvhd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354383/; classtype:trojan-activity;sid:84217483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354376)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mndbuf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354376/; classtype:trojan-activity;sid:84217476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354377)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cyuwxm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354377/; classtype:trojan-activity;sid:84217477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354378)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ugkcma.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354378/; classtype:trojan-activity;sid:84217478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354379)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vpbqrh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354379/; classtype:trojan-activity;sid:84217479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354380)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iuoavk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354380/; classtype:trojan-activity;sid:84217480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354370)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ayojtr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354370/; classtype:trojan-activity;sid:84217470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354371)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qyzfwx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354371/; classtype:trojan-activity;sid:84217471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354372)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zapktx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354372/; classtype:trojan-activity;sid:84217472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354373)"; flow:established,from_client; content:"GET"; http_method; content:"/js/drawbz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354373/; classtype:trojan-activity;sid:84217473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354374)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mlidbc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354374/; classtype:trojan-activity;sid:84217474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354375)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rtwceu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354375/; classtype:trojan-activity;sid:84217475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354365)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nwuapj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354365/; classtype:trojan-activity;sid:84217465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354366)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tmzyks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354366/; classtype:trojan-activity;sid:84217466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354367)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dpygbo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354367/; classtype:trojan-activity;sid:84217467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354368)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tadsko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354368/; classtype:trojan-activity;sid:84217468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354369)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aviloh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354369/; classtype:trojan-activity;sid:84217469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354364)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bvayux.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354364/; classtype:trojan-activity;sid:84217464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354363)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hylkeo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354363/; classtype:trojan-activity;sid:84217463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354362)"; flow:established,from_client; content:"GET"; http_method; content:"/js/plmrui.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354362/; classtype:trojan-activity;sid:84217462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354358)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qyxofk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354358/; classtype:trojan-activity;sid:84217458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354359)"; flow:established,from_client; content:"GET"; http_method; content:"/js/esnqmp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354359/; classtype:trojan-activity;sid:84217459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354360)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbsaod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354360/; classtype:trojan-activity;sid:84217460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354361)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uwqgzk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354361/; classtype:trojan-activity;sid:84217461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354350)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jybhov.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354350/; classtype:trojan-activity;sid:84217450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354351)"; flow:established,from_client; content:"GET"; http_method; content:"/js/alzcqd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354351/; classtype:trojan-activity;sid:84217451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354352)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fwsovh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354352/; classtype:trojan-activity;sid:84217452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354353)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gwthjv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354353/; classtype:trojan-activity;sid:84217453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354354)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ojrkzc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354354/; classtype:trojan-activity;sid:84217454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354355)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jzkcvs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354355/; classtype:trojan-activity;sid:84217455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354356)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bgkluf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354356/; classtype:trojan-activity;sid:84217456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354357)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fjlepi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354357/; classtype:trojan-activity;sid:84217457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354345)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mjpqax.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354345/; classtype:trojan-activity;sid:84217445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354346)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ocdngb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354346/; classtype:trojan-activity;sid:84217446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354347)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bwqztc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354347/; classtype:trojan-activity;sid:84217447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354348)"; flow:established,from_client; content:"GET"; http_method; content:"/js/numesr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354348/; classtype:trojan-activity;sid:84217448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354349)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kxsuoa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354349/; classtype:trojan-activity;sid:84217449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354342)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ajmdxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354342/; classtype:trojan-activity;sid:84217442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354343)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gdplov.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354343/; classtype:trojan-activity;sid:84217443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354344)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qotmlf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354344/; classtype:trojan-activity;sid:84217444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354341)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zoutmk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354341/; classtype:trojan-activity;sid:84217441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354331)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lcmpeb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354331/; classtype:trojan-activity;sid:84217431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354332)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eakigy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354332/; classtype:trojan-activity;sid:84217432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354333)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yvjacr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354333/; classtype:trojan-activity;sid:84217433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354334)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tvcsep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354334/; classtype:trojan-activity;sid:84217434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354335)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jgutyw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354335/; classtype:trojan-activity;sid:84217435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354336)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hzrlpg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354336/; classtype:trojan-activity;sid:84217436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354337)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gpxfac.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354337/; classtype:trojan-activity;sid:84217437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354338)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hnsqxf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354338/; classtype:trojan-activity;sid:84217438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354339)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ijghlm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354339/; classtype:trojan-activity;sid:84217439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354340)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qpzucl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354340/; classtype:trojan-activity;sid:84217440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354330)"; flow:established,from_client; content:"GET"; http_method; content:"/js/misjhz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354330/; classtype:trojan-activity;sid:84217430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354325)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wfcoen.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354325/; classtype:trojan-activity;sid:84217425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354326)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dlerac.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354326/; classtype:trojan-activity;sid:84217426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354327)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sygxrq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354327/; classtype:trojan-activity;sid:84217427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354328)"; flow:established,from_client; content:"GET"; http_method; content:"/js/adimqh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354328/; classtype:trojan-activity;sid:84217428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354329)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mbradq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354329/; classtype:trojan-activity;sid:84217429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354324)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vejaul.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354324/; classtype:trojan-activity;sid:84217424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354322)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mhztey.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354322/; classtype:trojan-activity;sid:84217422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354323)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sqkxat.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354323/; classtype:trojan-activity;sid:84217423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354314)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cvbrkt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354314/; classtype:trojan-activity;sid:84217414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354315)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ktjixm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354315/; classtype:trojan-activity;sid:84217415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354316)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xdcbli.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354316/; classtype:trojan-activity;sid:84217416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354317)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ubhnre.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354317/; classtype:trojan-activity;sid:84217417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354318)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xrnmah.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354318/; classtype:trojan-activity;sid:84217418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354319)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mzxpbv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354319/; classtype:trojan-activity;sid:84217419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354320)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ihmwqr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354320/; classtype:trojan-activity;sid:84217420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354321)"; flow:established,from_client; content:"GET"; http_method; content:"/js/upkqfn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354321/; classtype:trojan-activity;sid:84217421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354305)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkveiz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354305/; classtype:trojan-activity;sid:84217405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354306)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bwjsde.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354306/; classtype:trojan-activity;sid:84217406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354307)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fazydx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354307/; classtype:trojan-activity;sid:84217407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354308)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eaojfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354308/; classtype:trojan-activity;sid:84217408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354309)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fmxdzc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354309/; classtype:trojan-activity;sid:84217409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354310)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gpcqwm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354310/; classtype:trojan-activity;sid:84217410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354311)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qnscho.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354311/; classtype:trojan-activity;sid:84217411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354312)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hbnpgy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354312/; classtype:trojan-activity;sid:84217412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354313)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ykhpws.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354313/; classtype:trojan-activity;sid:84217413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354304)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ifnqtj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354304/; classtype:trojan-activity;sid:84217404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354295)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fvmsou.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354295/; classtype:trojan-activity;sid:84217395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354296)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pmxdhq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354296/; classtype:trojan-activity;sid:84217396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354297)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cwmist.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354297/; classtype:trojan-activity;sid:84217397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354298)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zrkbud.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354298/; classtype:trojan-activity;sid:84217398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354299)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eykdsz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354299/; classtype:trojan-activity;sid:84217399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354300)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nhsayl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354300/; classtype:trojan-activity;sid:84217400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354301)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aolwzh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354301/; classtype:trojan-activity;sid:84217401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354302)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yoseda.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354302/; classtype:trojan-activity;sid:84217402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354303)"; flow:established,from_client; content:"GET"; http_method; content:"/js/joywkb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354303/; classtype:trojan-activity;sid:84217403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354291)"; flow:established,from_client; content:"GET"; http_method; content:"/js/umbvwh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354291/; classtype:trojan-activity;sid:84217391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354292)"; flow:established,from_client; content:"GET"; http_method; content:"/js/riodfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354292/; classtype:trojan-activity;sid:84217392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354293)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bqagtw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354293/; classtype:trojan-activity;sid:84217393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354294)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dnyaje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354294/; classtype:trojan-activity;sid:84217394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354288)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dfzirc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354288/; classtype:trojan-activity;sid:84217388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354289)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kegiqp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354289/; classtype:trojan-activity;sid:84217389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354290)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jodbih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354290/; classtype:trojan-activity;sid:84217390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354285)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ajykuv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354285/; classtype:trojan-activity;sid:84217385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354286)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gnitks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354286/; classtype:trojan-activity;sid:84217386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354287)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wkgytd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354287/; classtype:trojan-activity;sid:84217387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354284)"; flow:established,from_client; content:"GET"; http_method; content:"/js/niqpef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354284/; classtype:trojan-activity;sid:84217384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354283)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oxuhpl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354283/; classtype:trojan-activity;sid:84217383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354282)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sfgmwc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354282/; classtype:trojan-activity;sid:84217382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354278)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cdfoxq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354278/; classtype:trojan-activity;sid:84217378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354279)"; flow:established,from_client; content:"GET"; http_method; content:"/js/idfstq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354279/; classtype:trojan-activity;sid:84217379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354280)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nsujfq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354280/; classtype:trojan-activity;sid:84217380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354281)"; flow:established,from_client; content:"GET"; http_method; content:"/js/skdgza.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354281/; classtype:trojan-activity;sid:84217381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354273)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kvjida.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354273/; classtype:trojan-activity;sid:84217373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354274)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gyunzl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354274/; classtype:trojan-activity;sid:84217374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354275)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xymdwu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354275/; classtype:trojan-activity;sid:84217375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354276)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zmugrb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354276/; classtype:trojan-activity;sid:84217376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354277)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pxejzw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354277/; classtype:trojan-activity;sid:84217377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354260)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kuftwg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354260/; classtype:trojan-activity;sid:84217360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354261)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mhjdoq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354261/; classtype:trojan-activity;sid:84217361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354262)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ylxgbf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354262/; classtype:trojan-activity;sid:84217362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354263)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xkhduz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354263/; classtype:trojan-activity;sid:84217363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354264)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sldvou.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354264/; classtype:trojan-activity;sid:84217364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354265)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hibsjo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354265/; classtype:trojan-activity;sid:84217365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354266)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uqyrmj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354266/; classtype:trojan-activity;sid:84217366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354267)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ypfkmw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354267/; classtype:trojan-activity;sid:84217367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354268)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tynogi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354268/; classtype:trojan-activity;sid:84217368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354269)"; flow:established,from_client; content:"GET"; http_method; content:"/js/taedsg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354269/; classtype:trojan-activity;sid:84217369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354270)"; flow:established,from_client; content:"GET"; http_method; content:"/js/aowqks.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354270/; classtype:trojan-activity;sid:84217370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354271)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mwvxjr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354271/; classtype:trojan-activity;sid:84217371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354272)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rjhivf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354272/; classtype:trojan-activity;sid:84217372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354251)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lzexci.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354251/; classtype:trojan-activity;sid:84217351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354252)"; flow:established,from_client; content:"GET"; http_method; content:"/js/boctsi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354252/; classtype:trojan-activity;sid:84217352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354253)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vgdzuy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354253/; classtype:trojan-activity;sid:84217353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354254)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tasxbp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354254/; classtype:trojan-activity;sid:84217354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354255)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nftlqa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354255/; classtype:trojan-activity;sid:84217355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354256)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yobkea.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354256/; classtype:trojan-activity;sid:84217356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354257)"; flow:established,from_client; content:"GET"; http_method; content:"/js/raylkw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354257/; classtype:trojan-activity;sid:84217357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354258)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qxnjci.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354258/; classtype:trojan-activity;sid:84217358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354259)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vnfawj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354259/; classtype:trojan-activity;sid:84217359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354246)"; flow:established,from_client; content:"GET"; http_method; content:"/js/etuvzw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354246/; classtype:trojan-activity;sid:84217346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354247)"; flow:established,from_client; content:"GET"; http_method; content:"/js/glbawu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354247/; classtype:trojan-activity;sid:84217347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354248)"; flow:established,from_client; content:"GET"; http_method; content:"/js/etbxhs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354248/; classtype:trojan-activity;sid:84217348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354249)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zseihm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354249/; classtype:trojan-activity;sid:84217349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354250)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jrbqam.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354250/; classtype:trojan-activity;sid:84217350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354245)"; flow:established,from_client; content:"GET"; http_method; content:"/js/usdfba.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354245/; classtype:trojan-activity;sid:84217345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354243)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lijgxa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354243/; classtype:trojan-activity;sid:84217343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354244)"; flow:established,from_client; content:"GET"; http_method; content:"/js/brivej.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354244/; classtype:trojan-activity;sid:84217344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354241)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rqshzg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354241/; classtype:trojan-activity;sid:84217341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354242)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fanigm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354242/; classtype:trojan-activity;sid:84217342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354239)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djugez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354239/; classtype:trojan-activity;sid:84217339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354240)"; flow:established,from_client; content:"GET"; http_method; content:"/js/djcuar.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354240/; classtype:trojan-activity;sid:84217340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354230)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vlconi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354230/; classtype:trojan-activity;sid:84217330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354231)"; flow:established,from_client; content:"GET"; http_method; content:"/js/icstgl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354231/; classtype:trojan-activity;sid:84217331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354232)"; flow:established,from_client; content:"GET"; http_method; content:"/js/umacjk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354232/; classtype:trojan-activity;sid:84217332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354233)"; flow:established,from_client; content:"GET"; http_method; content:"/js/chzwis.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354233/; classtype:trojan-activity;sid:84217333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354234)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nqspxm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354234/; classtype:trojan-activity;sid:84217334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354235)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mcpjkt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354235/; classtype:trojan-activity;sid:84217335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354236)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zhijyx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354236/; classtype:trojan-activity;sid:84217336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354237)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pucqej.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354237/; classtype:trojan-activity;sid:84217337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354238)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xwbofs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354238/; classtype:trojan-activity;sid:84217338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354216)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ymrxfg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354216/; classtype:trojan-activity;sid:84217316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354217)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bmntfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354217/; classtype:trojan-activity;sid:84217317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354218)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gtrsea.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354218/; classtype:trojan-activity;sid:84217318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354219)"; flow:established,from_client; content:"GET"; http_method; content:"/js/axtfwk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354219/; classtype:trojan-activity;sid:84217319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354220)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mgqaes.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354220/; classtype:trojan-activity;sid:84217320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354221)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvgnwu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354221/; classtype:trojan-activity;sid:84217321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354222)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qxtcbz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354222/; classtype:trojan-activity;sid:84217322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354223)"; flow:established,from_client; content:"GET"; http_method; content:"/js/einfto.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354223/; classtype:trojan-activity;sid:84217323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354224)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ctyhds.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354224/; classtype:trojan-activity;sid:84217324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354225)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mtrisk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354225/; classtype:trojan-activity;sid:84217325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354226)"; flow:established,from_client; content:"GET"; http_method; content:"/js/acosvb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354226/; classtype:trojan-activity;sid:84217326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354227)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zjprmi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354227/; classtype:trojan-activity;sid:84217327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354228)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zciruy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354228/; classtype:trojan-activity;sid:84217328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354229)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sobque.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354229/; classtype:trojan-activity;sid:84217329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354208)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apinhw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354208/; classtype:trojan-activity;sid:84217308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354209)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iauyko.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354209/; classtype:trojan-activity;sid:84217309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354210)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tcugad.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354210/; classtype:trojan-activity;sid:84217310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354211)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fmqawp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354211/; classtype:trojan-activity;sid:84217311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354212)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ouzgnx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354212/; classtype:trojan-activity;sid:84217312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354213)"; flow:established,from_client; content:"GET"; http_method; content:"/js/oipakb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354213/; classtype:trojan-activity;sid:84217313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354214)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eopqhu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354214/; classtype:trojan-activity;sid:84217314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354215)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zkwlug.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354215/; classtype:trojan-activity;sid:84217315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354205)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vjzrmc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354205/; classtype:trojan-activity;sid:84217305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354206)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vcsfoe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354206/; classtype:trojan-activity;sid:84217306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354207)"; flow:established,from_client; content:"GET"; http_method; content:"/js/urewih.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354207/; classtype:trojan-activity;sid:84217307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354202)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qysdje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354202/; classtype:trojan-activity;sid:84217302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354203)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vakynh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354203/; classtype:trojan-activity;sid:84217303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354204)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lcbqxh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354204/; classtype:trojan-activity;sid:84217304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354201)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtdkap.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354201/; classtype:trojan-activity;sid:84217301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354199)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvfuyt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354199/; classtype:trojan-activity;sid:84217299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354200)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cmhniy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354200/; classtype:trojan-activity;sid:84217300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354197)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lipzek.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354197/; classtype:trojan-activity;sid:84217297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354198)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pbjhce.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354198/; classtype:trojan-activity;sid:84217298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354178)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xhufal.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354178/; classtype:trojan-activity;sid:84217278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354179)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jykaos.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354179/; classtype:trojan-activity;sid:84217279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354180)"; flow:established,from_client; content:"GET"; http_method; content:"/js/brvcon.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354180/; classtype:trojan-activity;sid:84217280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354181)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zcyfux.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354181/; classtype:trojan-activity;sid:84217281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354182)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cwuspz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354182/; classtype:trojan-activity;sid:84217282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354183)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uaobrk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354183/; classtype:trojan-activity;sid:84217283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354184)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vuasyb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354184/; classtype:trojan-activity;sid:84217284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354185)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gzuktd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354185/; classtype:trojan-activity;sid:84217285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354186)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rpgutn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354186/; classtype:trojan-activity;sid:84217286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354187)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qpcnir.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354187/; classtype:trojan-activity;sid:84217287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354188)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wjlhyp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354188/; classtype:trojan-activity;sid:84217288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354189)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vcboik.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354189/; classtype:trojan-activity;sid:84217289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354190)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhxjmt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354190/; classtype:trojan-activity;sid:84217290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354191)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lxpqmy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354191/; classtype:trojan-activity;sid:84217291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354192)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qdaszh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354192/; classtype:trojan-activity;sid:84217292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354193)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mwyreq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354193/; classtype:trojan-activity;sid:84217293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354194)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yzcxiw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354194/; classtype:trojan-activity;sid:84217294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354195)"; flow:established,from_client; content:"GET"; http_method; content:"/js/larniw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354195/; classtype:trojan-activity;sid:84217295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354196)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yoifqb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354196/; classtype:trojan-activity;sid:84217296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354173)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dqetif.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354173/; classtype:trojan-activity;sid:84217273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354174)"; flow:established,from_client; content:"GET"; http_method; content:"/js/guclef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354174/; classtype:trojan-activity;sid:84217274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354175)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yuzolj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354175/; classtype:trojan-activity;sid:84217275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354176)"; flow:established,from_client; content:"GET"; http_method; content:"/js/czoahi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354176/; classtype:trojan-activity;sid:84217276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354177)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vajdwl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354177/; classtype:trojan-activity;sid:84217277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354166)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bjenhx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354166/; classtype:trojan-activity;sid:84217266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354167)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zpqows.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354167/; classtype:trojan-activity;sid:84217267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354168)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dkauol.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354168/; classtype:trojan-activity;sid:84217268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354169)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wcfjdb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354169/; classtype:trojan-activity;sid:84217269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354170)"; flow:established,from_client; content:"GET"; http_method; content:"/js/avjbmt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354170/; classtype:trojan-activity;sid:84217270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354171)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ckjhao.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354171/; classtype:trojan-activity;sid:84217271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354172)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qbxril.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354172/; classtype:trojan-activity;sid:84217272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354165)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eajylz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354165/; classtype:trojan-activity;sid:84217265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354163)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jqtsyz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354163/; classtype:trojan-activity;sid:84217263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354164)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kbmfje.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354164/; classtype:trojan-activity;sid:84217264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354162)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mdryul.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354162/; classtype:trojan-activity;sid:84217262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354161)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rlzpin.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354161/; classtype:trojan-activity;sid:84217261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354159)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixadqj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354159/; classtype:trojan-activity;sid:84217259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354160)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tobwal.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354160/; classtype:trojan-activity;sid:84217260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354144)"; flow:established,from_client; content:"GET"; http_method; content:"/js/facwzd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354144/; classtype:trojan-activity;sid:84217244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354145)"; flow:established,from_client; content:"GET"; http_method; content:"/js/poalxr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354145/; classtype:trojan-activity;sid:84217245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354146)"; flow:established,from_client; content:"GET"; http_method; content:"/js/phgsfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354146/; classtype:trojan-activity;sid:84217246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354147)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ktdvgm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354147/; classtype:trojan-activity;sid:84217247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354148)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mdkvnt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354148/; classtype:trojan-activity;sid:84217248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354149)"; flow:established,from_client; content:"GET"; http_method; content:"/js/spywol.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354149/; classtype:trojan-activity;sid:84217249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354150)"; flow:established,from_client; content:"GET"; http_method; content:"/js/hfbjax.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354150/; classtype:trojan-activity;sid:84217250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354151)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zhrlvj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354151/; classtype:trojan-activity;sid:84217251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354152)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wqnygk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354152/; classtype:trojan-activity;sid:84217252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354153)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bnsqhl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354153/; classtype:trojan-activity;sid:84217253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354154)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ylcoep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354154/; classtype:trojan-activity;sid:84217254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354155)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qzwkpl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354155/; classtype:trojan-activity;sid:84217255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354156)"; flow:established,from_client; content:"GET"; http_method; content:"/js/sejdtf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354156/; classtype:trojan-activity;sid:84217256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354157)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wzpbls.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354157/; classtype:trojan-activity;sid:84217257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354158)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yrfcjd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354158/; classtype:trojan-activity;sid:84217258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354126)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pfvcmo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354126/; classtype:trojan-activity;sid:84217226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354127)"; flow:established,from_client; content:"GET"; http_method; content:"/js/islqym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354127/; classtype:trojan-activity;sid:84217227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354128)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkuhcj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354128/; classtype:trojan-activity;sid:84217228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354129)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ltiqpf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354129/; classtype:trojan-activity;sid:84217229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354130)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wtfaex.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354130/; classtype:trojan-activity;sid:84217230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354131)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bynwiz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354131/; classtype:trojan-activity;sid:84217231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354132)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pkvzdr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354132/; classtype:trojan-activity;sid:84217232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354133)"; flow:established,from_client; content:"GET"; http_method; content:"/js/olmdcw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354133/; classtype:trojan-activity;sid:84217233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354134)"; flow:established,from_client; content:"GET"; http_method; content:"/js/urvxpw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354134/; classtype:trojan-activity;sid:84217234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354135)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dzlgtx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354135/; classtype:trojan-activity;sid:84217235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354136)"; flow:established,from_client; content:"GET"; http_method; content:"/js/codneq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354136/; classtype:trojan-activity;sid:84217236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354137)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bckimf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354137/; classtype:trojan-activity;sid:84217237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354138)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rqkvhn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354138/; classtype:trojan-activity;sid:84217238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354139)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xbgkrq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354139/; classtype:trojan-activity;sid:84217239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354140)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kmyint.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354140/; classtype:trojan-activity;sid:84217240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354141)"; flow:established,from_client; content:"GET"; http_method; content:"/js/htgmbl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354141/; classtype:trojan-activity;sid:84217241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354142)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qecdsa.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354142/; classtype:trojan-activity;sid:84217242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354143)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xwolzf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354143/; classtype:trojan-activity;sid:84217243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354125)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xroaql.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354125/; classtype:trojan-activity;sid:84217225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354123)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mbdnef.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354123/; classtype:trojan-activity;sid:84217223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354124)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fjcdei.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354124/; classtype:trojan-activity;sid:84217224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354121)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cihlkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354121/; classtype:trojan-activity;sid:84217221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354122)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mnqtfd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354122/; classtype:trojan-activity;sid:84217222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354114)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gursxj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354114/; classtype:trojan-activity;sid:84217214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354115)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nzoyfc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354115/; classtype:trojan-activity;sid:84217215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354116)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tuyfsr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354116/; classtype:trojan-activity;sid:84217216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354117)"; flow:established,from_client; content:"GET"; http_method; content:"/js/dimxvb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354117/; classtype:trojan-activity;sid:84217217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354118)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ovdxtn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354118/; classtype:trojan-activity;sid:84217218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354119)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bedskm.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354119/; classtype:trojan-activity;sid:84217219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354120)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kezaoy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354120/; classtype:trojan-activity;sid:84217220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354092)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qynjiu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354092/; classtype:trojan-activity;sid:84217192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354093)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jkarym.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354093/; classtype:trojan-activity;sid:84217193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354094)"; flow:established,from_client; content:"GET"; http_method; content:"/js/heovgu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354094/; classtype:trojan-activity;sid:84217194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354095)"; flow:established,from_client; content:"GET"; http_method; content:"/js/seavld.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354095/; classtype:trojan-activity;sid:84217195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354096)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wrsytn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354096/; classtype:trojan-activity;sid:84217196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354097)"; flow:established,from_client; content:"GET"; http_method; content:"/js/srfhnu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354097/; classtype:trojan-activity;sid:84217197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354098)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ftrkab.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354098/; classtype:trojan-activity;sid:84217198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354099)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zpxrwf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354099/; classtype:trojan-activity;sid:84217199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354100)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xtpfgb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354100/; classtype:trojan-activity;sid:84217200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354101)"; flow:established,from_client; content:"GET"; http_method; content:"/js/olafpy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354101/; classtype:trojan-activity;sid:84217201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354102)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tnrpjk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354102/; classtype:trojan-activity;sid:84217202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354103)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wmzudk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354103/; classtype:trojan-activity;sid:84217203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354104)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zabyop.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354104/; classtype:trojan-activity;sid:84217204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354105)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iumeyl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354105/; classtype:trojan-activity;sid:84217205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354106)"; flow:established,from_client; content:"GET"; http_method; content:"/js/fhcjmq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354106/; classtype:trojan-activity;sid:84217206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354107)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ahtkco.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354107/; classtype:trojan-activity;sid:84217207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354108)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qatnpf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354108/; classtype:trojan-activity;sid:84217208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354109)"; flow:established,from_client; content:"GET"; http_method; content:"/js/knrhej.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354109/; classtype:trojan-activity;sid:84217209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354110)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pagoqr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354110/; classtype:trojan-activity;sid:84217210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354111)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jwzuea.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354111/; classtype:trojan-activity;sid:84217211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354112)"; flow:established,from_client; content:"GET"; http_method; content:"/js/uyvldz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354112/; classtype:trojan-activity;sid:84217212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354113)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rnvemu.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354113/; classtype:trojan-activity;sid:84217213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354086)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rtkdwb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354086/; classtype:trojan-activity;sid:84217186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354087)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gltihe.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354087/; classtype:trojan-activity;sid:84217187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354088)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rhtxjl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354088/; classtype:trojan-activity;sid:84217188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354089)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mbyqhr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354089/; classtype:trojan-activity;sid:84217189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354090)"; flow:established,from_client; content:"GET"; http_method; content:"/js/kvitgy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354090/; classtype:trojan-activity;sid:84217190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354091)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ejycbr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354091/; classtype:trojan-activity;sid:84217191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354085)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mxtczf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354085/; classtype:trojan-activity;sid:84217185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354084)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yhbids.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354084/; classtype:trojan-activity;sid:84217184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354081)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zphnbt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354081/; classtype:trojan-activity;sid:84217181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354082)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixufoz.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354082/; classtype:trojan-activity;sid:84217182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354083)"; flow:established,from_client; content:"GET"; http_method; content:"/js/iecrax.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354083/; classtype:trojan-activity;sid:84217183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354058)"; flow:established,from_client; content:"GET"; http_method; content:"/js/zeugbi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354058/; classtype:trojan-activity;sid:84217158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354059)"; flow:established,from_client; content:"GET"; http_method; content:"/js/flxcrw.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354059/; classtype:trojan-activity;sid:84217159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354060)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gkuqxy.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354060/; classtype:trojan-activity;sid:84217160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354061)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gkuwsh.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354061/; classtype:trojan-activity;sid:84217161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354062)"; flow:established,from_client; content:"GET"; http_method; content:"/js/leghpn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354062/; classtype:trojan-activity;sid:84217162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354063)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qvdkzp.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354063/; classtype:trojan-activity;sid:84217163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354064)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ixfkgs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354064/; classtype:trojan-activity;sid:84217164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354065)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lyenkq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354065/; classtype:trojan-activity;sid:84217165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354066)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jurkep.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354066/; classtype:trojan-activity;sid:84217166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354067)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rpljdi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354067/; classtype:trojan-activity;sid:84217167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354068)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bmkvfo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354068/; classtype:trojan-activity;sid:84217168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354069)"; flow:established,from_client; content:"GET"; http_method; content:"/js/xgaojl.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354069/; classtype:trojan-activity;sid:84217169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354070)"; flow:established,from_client; content:"GET"; http_method; content:"/js/krndeb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354070/; classtype:trojan-activity;sid:84217170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354071)"; flow:established,from_client; content:"GET"; http_method; content:"/js/gumaod.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354071/; classtype:trojan-activity;sid:84217171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354072)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ojnzqv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354072/; classtype:trojan-activity;sid:84217172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354073)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wguzsb.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354073/; classtype:trojan-activity;sid:84217173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354074)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ghaesk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354074/; classtype:trojan-activity;sid:84217174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354075)"; flow:established,from_client; content:"GET"; http_method; content:"/js/libtoj.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354075/; classtype:trojan-activity;sid:84217175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354076)"; flow:established,from_client; content:"GET"; http_method; content:"/js/eynpaf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354076/; classtype:trojan-activity;sid:84217176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354077)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qwnruo.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354077/; classtype:trojan-activity;sid:84217177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354078)"; flow:established,from_client; content:"GET"; http_method; content:"/js/wrhpzg.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354078/; classtype:trojan-activity;sid:84217178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354079)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jvwilr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354079/; classtype:trojan-activity;sid:84217179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354080)"; flow:established,from_client; content:"GET"; http_method; content:"/js/svdqij.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354080/; classtype:trojan-activity;sid:84217180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354045)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cnowez.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354045/; classtype:trojan-activity;sid:84217145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354046)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lgmcnk.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354046/; classtype:trojan-activity;sid:84217146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354047)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yrimah.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354047/; classtype:trojan-activity;sid:84217147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354048)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apybvd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354048/; classtype:trojan-activity;sid:84217148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354049)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cuzyrn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354049/; classtype:trojan-activity;sid:84217149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354050)"; flow:established,from_client; content:"GET"; http_method; content:"/js/jmhwni.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354050/; classtype:trojan-activity;sid:84217150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354051)"; flow:established,from_client; content:"GET"; http_method; content:"/js/qdymkf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354051/; classtype:trojan-activity;sid:84217151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354052)"; flow:established,from_client; content:"GET"; http_method; content:"/js/yaksvd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354052/; classtype:trojan-activity;sid:84217152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354053)"; flow:established,from_client; content:"GET"; http_method; content:"/js/nzxcby.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354053/; classtype:trojan-activity;sid:84217153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354054)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vpgsbt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354054/; classtype:trojan-activity;sid:84217154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354055)"; flow:established,from_client; content:"GET"; http_method; content:"/js/pauzmd.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354055/; classtype:trojan-activity;sid:84217155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354056)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ljixfv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354056/; classtype:trojan-activity;sid:84217156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354057)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tgocyq.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354057/; classtype:trojan-activity;sid:84217157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354044)"; flow:established,from_client; content:"GET"; http_method; content:"/js/acvixr.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354044/; classtype:trojan-activity;sid:84217144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.227.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354041/; classtype:trojan-activity;sid:84217141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.241.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354042/; classtype:trojan-activity;sid:84217142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.81.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354040/; classtype:trojan-activity;sid:84217140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354039)"; flow:established,from_client; content:"GET"; http_method; content:"/676198543e20a/pko_0019868519477_pdf_%e2%91%a2%e2%91%a5%e2%91%a1%e2%91%a5%e2%91%a7%e2%91%a4%e2%91%a4%e2%91%a6.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354039/; classtype:trojan-activity;sid:84217139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354038)"; flow:established,from_client; content:"GET"; http_method; content:"/676198543e20a/pko_0019868519477_pdf_%e2%91%a2%e2%91%a5%e2%91%a1%e2%91%a5%e2%91%a7%e2%91%a4%e2%91%a4%e2%91%a6.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354038/; classtype:trojan-activity;sid:84217138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354036)"; flow:established,from_client; content:"GET"; http_method; content:"/676198543e20a/js/676198543e135.js"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354036/; classtype:trojan-activity;sid:84217136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354037)"; flow:established,from_client; content:"GET"; http_method; content:"/676198543e20a/pko_0019868519477_pdf_%e2%91%a2%e2%91%a5%e2%91%a1%e2%91%a5%e2%91%a7%e2%91%a4%e2%91%a4%e2%91%a6.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354037/; classtype:trojan-activity;sid:84217137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354034)"; flow:established,from_client; content:"GET"; http_method; content:"/676198543e20a/js/676198543e135.js"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354034/; classtype:trojan-activity;sid:84217134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354035)"; flow:established,from_client; content:"GET"; http_method; content:"/676198543e20a/js/676198543e135.js"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354035/; classtype:trojan-activity;sid:84217135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354031)"; flow:established,from_client; content:"GET"; http_method; content:"/676198543e20a/676198543e2f3.vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354031/; classtype:trojan-activity;sid:84217131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354032)"; flow:established,from_client; content:"GET"; http_method; content:"/676198543e20a/676198543e2f3.vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354032/; classtype:trojan-activity;sid:84217132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354033)"; flow:established,from_client; content:"GET"; http_method; content:"/676198543e20a/676198543e2f3.vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354033/; classtype:trojan-activity;sid:84217133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354028)"; flow:established,from_client; content:"GET"; http_method; content:"/676198543e20a/676198543e2f1.vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354028/; classtype:trojan-activity;sid:84217128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354029)"; flow:established,from_client; content:"GET"; http_method; content:"/676198543e20a/676198543e2f1.vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"45.11.180.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354029/; classtype:trojan-activity;sid:84217129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354030)"; flow:established,from_client; content:"GET"; http_method; content:"/676198543e20a/676198543e2f1.vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"pko-download.kagyouth.co.ke"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354030/; classtype:trojan-activity;sid:84217130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354027/; classtype:trojan-activity;sid:84217127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354026/; classtype:trojan-activity;sid:84217126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354025/; classtype:trojan-activity;sid:84217125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.88.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354024/; classtype:trojan-activity;sid:84217124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.179.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354022/; classtype:trojan-activity;sid:84217122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.3.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354023/; classtype:trojan-activity;sid:84217123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.121.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354021/; classtype:trojan-activity;sid:84217121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354020)"; flow:established,from_client; content:"GET"; http_method; content:"/lem.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"138.124.60.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354020/; classtype:trojan-activity;sid:84217120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.231.239.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354019/; classtype:trojan-activity;sid:84217119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.20.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354018/; classtype:trojan-activity;sid:84217118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354015)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6546212505/on7zdqr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354015/; classtype:trojan-activity;sid:84217115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354016)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6989783370/8omoedz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354016/; classtype:trojan-activity;sid:84217116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354017)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6989783370/awt7h8g.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354017/; classtype:trojan-activity;sid:84217117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.215.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354014/; classtype:trojan-activity;sid:84217114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354013/; classtype:trojan-activity;sid:84217113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.225.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354012/; classtype:trojan-activity;sid:84217112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354011/; classtype:trojan-activity;sid:84217111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.80.38.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354010/; classtype:trojan-activity;sid:84217110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.150.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354009/; classtype:trojan-activity;sid:84217109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354007/; classtype:trojan-activity;sid:84217107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.125.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354008/; classtype:trojan-activity;sid:84217108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.81.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354006/; classtype:trojan-activity;sid:84217106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.227.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354005/; classtype:trojan-activity;sid:84217105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.111.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354004/; classtype:trojan-activity;sid:84217104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.40.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354002/; classtype:trojan-activity;sid:84217102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.73.72.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354003/; classtype:trojan-activity;sid:84217103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.239.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354001/; classtype:trojan-activity;sid:84217101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.195.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354000/; classtype:trojan-activity;sid:84217100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.222.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353998/; classtype:trojan-activity;sid:84217098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.221.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353999/; classtype:trojan-activity;sid:84217099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.109.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353997/; classtype:trojan-activity;sid:84217097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353995/; classtype:trojan-activity;sid:84217095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.215.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353996/; classtype:trojan-activity;sid:84217096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.32.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353994/; classtype:trojan-activity;sid:84217094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.225.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353993/; classtype:trojan-activity;sid:84217093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353992)"; flow:established,from_client; content:"GET"; http_method; content:"/download/gold.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"193.143.1.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353992/; classtype:trojan-activity;sid:84217092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353991)"; flow:established,from_client; content:"GET"; http_method; content:"/download/av.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.143.1.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353991/; classtype:trojan-activity;sid:84217091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353990)"; flow:established,from_client; content:"GET"; http_method; content:"/rufus.zip.enc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353990/; classtype:trojan-activity;sid:84217090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353988)"; flow:established,from_client; content:"GET"; http_method; content:"/bat.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"db14g2.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353988/; classtype:trojan-activity;sid:84217088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.111.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353987/; classtype:trojan-activity;sid:84217087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353979)"; flow:established,from_client; content:"GET"; http_method; content:"/pd.js"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"db14g3.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353979/; classtype:trojan-activity;sid:84217079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353980)"; flow:established,from_client; content:"GET"; http_method; content:"/kit.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"db14g2.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353980/; classtype:trojan-activity;sid:84217080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353981)"; flow:established,from_client; content:"GET"; http_method; content:"/min.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"db14g2.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353981/; classtype:trojan-activity;sid:84217081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353982)"; flow:established,from_client; content:"GET"; http_method; content:"/anc.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"db14g4.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353982/; classtype:trojan-activity;sid:84217082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353983)"; flow:established,from_client; content:"GET"; http_method; content:"/cbd.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"db14g4.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353983/; classtype:trojan-activity;sid:84217083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353984)"; flow:established,from_client; content:"GET"; http_method; content:"/ad.js"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"db14g1.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353984/; classtype:trojan-activity;sid:84217084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353985)"; flow:established,from_client; content:"GET"; http_method; content:"/dst.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"db14g2.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353985/; classtype:trojan-activity;sid:84217085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353986)"; flow:established,from_client; content:"GET"; http_method; content:"/ui.js"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"db14g3.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353986/; classtype:trojan-activity;sid:84217086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.74.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353978/; classtype:trojan-activity;sid:84217078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.16.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353977/; classtype:trojan-activity;sid:84217077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.131.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353976/; classtype:trojan-activity;sid:84217076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353975/; classtype:trojan-activity;sid:84217075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.32.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353974/; classtype:trojan-activity;sid:84217074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.40.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353973/; classtype:trojan-activity;sid:84217073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.54.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353972/; classtype:trojan-activity;sid:84217072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353971/; classtype:trojan-activity;sid:84217071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353970)"; flow:established,from_client; content:"GET"; http_method; content:"/din.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"138.124.60.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353970/; classtype:trojan-activity;sid:84217070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.91.101.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353969/; classtype:trojan-activity;sid:84217069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.127.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353968/; classtype:trojan-activity;sid:84217068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.235.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353967/; classtype:trojan-activity;sid:84217067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353966/; classtype:trojan-activity;sid:84217066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.39.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353965/; classtype:trojan-activity;sid:84217065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.242.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353964/; classtype:trojan-activity;sid:84217064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.158.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353963/; classtype:trojan-activity;sid:84217063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353962)"; flow:established,from_client; content:"GET"; http_method; content:"/shtrayeasy35.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hansgborn.eu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353962/; classtype:trojan-activity;sid:84217062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353961)"; flow:established,from_client; content:"GET"; http_method; content:"/files/kosodium/random.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353961/; classtype:trojan-activity;sid:84217061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.63.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353960/; classtype:trojan-activity;sid:84217060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353959)"; flow:established,from_client; content:"GET"; http_method; content:"/cavxsy/crazy.spoofer/raw/refs/heads/main/loader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353959/; classtype:trojan-activity;sid:84217059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.74.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353958/; classtype:trojan-activity;sid:84217058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353957)"; flow:established,from_client; content:"GET"; http_method; content:"/rookievip/xx/main/loader.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353957/; classtype:trojan-activity;sid:84217057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.20.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353956/; classtype:trojan-activity;sid:84217056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.54.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353955/; classtype:trojan-activity;sid:84217055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353953)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353953/; classtype:trojan-activity;sid:84217053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.101.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353954/; classtype:trojan-activity;sid:84217054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353952)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353952/; classtype:trojan-activity;sid:84217052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353951)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353951/; classtype:trojan-activity;sid:84217051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353947)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353947/; classtype:trojan-activity;sid:84217047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353948)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353948/; classtype:trojan-activity;sid:84217048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353949)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353949/; classtype:trojan-activity;sid:84217049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353950)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353950/; classtype:trojan-activity;sid:84217050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353934)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353934/; classtype:trojan-activity;sid:84217034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353935)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353935/; classtype:trojan-activity;sid:84217035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353936)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353936/; classtype:trojan-activity;sid:84217036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353937)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353937/; classtype:trojan-activity;sid:84217037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353938)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353938/; classtype:trojan-activity;sid:84217038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353939)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353939/; classtype:trojan-activity;sid:84217039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353940)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353940/; classtype:trojan-activity;sid:84217040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353941)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353941/; classtype:trojan-activity;sid:84217041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353942)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353942/; classtype:trojan-activity;sid:84217042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353943)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353943/; classtype:trojan-activity;sid:84217043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353944)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353944/; classtype:trojan-activity;sid:84217044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353945)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353945/; classtype:trojan-activity;sid:84217045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353946)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353946/; classtype:trojan-activity;sid:84217046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353932)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353932/; classtype:trojan-activity;sid:84217032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353933)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353933/; classtype:trojan-activity;sid:84217033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.140.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353931/; classtype:trojan-activity;sid:84217031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353918)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353918/; classtype:trojan-activity;sid:84217018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353919)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353919/; classtype:trojan-activity;sid:84217019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353920)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353920/; classtype:trojan-activity;sid:84217020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353921)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353921/; classtype:trojan-activity;sid:84217021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353922)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353922/; classtype:trojan-activity;sid:84217022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353923)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353923/; classtype:trojan-activity;sid:84217023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353924)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353924/; classtype:trojan-activity;sid:84217024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353925)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353925/; classtype:trojan-activity;sid:84217025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353926)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353926/; classtype:trojan-activity;sid:84217026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353927)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353927/; classtype:trojan-activity;sid:84217027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353928)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353928/; classtype:trojan-activity;sid:84217028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353929)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353929/; classtype:trojan-activity;sid:84217029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353930)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353930/; classtype:trojan-activity;sid:84217030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353904/; classtype:trojan-activity;sid:84217004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353905)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353905/; classtype:trojan-activity;sid:84217005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353906)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353906/; classtype:trojan-activity;sid:84217006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353907)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353907/; classtype:trojan-activity;sid:84217007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353908)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353908/; classtype:trojan-activity;sid:84217008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353909)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353909/; classtype:trojan-activity;sid:84217009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353910)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353910/; classtype:trojan-activity;sid:84217010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353911)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353911/; classtype:trojan-activity;sid:84217011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353912)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353912/; classtype:trojan-activity;sid:84217012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353913)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353913/; classtype:trojan-activity;sid:84217013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353914)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"servers.vlrt-gap.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353914/; classtype:trojan-activity;sid:84217014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353915)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353915/; classtype:trojan-activity;sid:84217015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353916)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353916/; classtype:trojan-activity;sid:84217016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353917)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353917/; classtype:trojan-activity;sid:84217017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353902)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vlrt-gap.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353902/; classtype:trojan-activity;sid:84217002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.121.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353879/; classtype:trojan-activity;sid:84216979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353878/; classtype:trojan-activity;sid:84216978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.56.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353877/; classtype:trojan-activity;sid:84216977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.143.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353876/; classtype:trojan-activity;sid:84216976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.221.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353875/; classtype:trojan-activity;sid:84216975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.68.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353874/; classtype:trojan-activity;sid:84216974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353873/; classtype:trojan-activity;sid:84216973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.12.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353872/; classtype:trojan-activity;sid:84216972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.156.48.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353871/; classtype:trojan-activity;sid:84216971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.207.138.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353870/; classtype:trojan-activity;sid:84216970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.102.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353869/; classtype:trojan-activity;sid:84216969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353867)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353867/; classtype:trojan-activity;sid:84216967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353868)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353868/; classtype:trojan-activity;sid:84216968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.240.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353866/; classtype:trojan-activity;sid:84216966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.163.86.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353865/; classtype:trojan-activity;sid:84216965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353864)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.228.87.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353864/; classtype:trojan-activity;sid:84216964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353863/; classtype:trojan-activity;sid:84216963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353862/; classtype:trojan-activity;sid:84216962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353861/; classtype:trojan-activity;sid:84216961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.143.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353860/; classtype:trojan-activity;sid:84216960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.195.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353859/; classtype:trojan-activity;sid:84216959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.247.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353858/; classtype:trojan-activity;sid:84216958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.51.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353853/; classtype:trojan-activity;sid:84216953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353854)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353854/; classtype:trojan-activity;sid:84216954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353855)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353855/; classtype:trojan-activity;sid:84216955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353856)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353856/; classtype:trojan-activity;sid:84216956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.243.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353857/; classtype:trojan-activity;sid:84216957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353851)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353851/; classtype:trojan-activity;sid:84216951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353852)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353852/; classtype:trojan-activity;sid:84216952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.39.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353850/; classtype:trojan-activity;sid:84216950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353841)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353841/; classtype:trojan-activity;sid:84216941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353842)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353842/; classtype:trojan-activity;sid:84216942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353843)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353843/; classtype:trojan-activity;sid:84216943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353844)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353844/; classtype:trojan-activity;sid:84216944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353845)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353845/; classtype:trojan-activity;sid:84216945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353846)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353846/; classtype:trojan-activity;sid:84216946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353847)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353847/; classtype:trojan-activity;sid:84216947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353848)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353848/; classtype:trojan-activity;sid:84216948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353849)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"seyfhg.work.gd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353849/; classtype:trojan-activity;sid:84216949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353840)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.33.135.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353840/; classtype:trojan-activity;sid:84216940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.213.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353838/; classtype:trojan-activity;sid:84216938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353839/; classtype:trojan-activity;sid:84216939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.195.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353837/; classtype:trojan-activity;sid:84216937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353836)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353836/; classtype:trojan-activity;sid:84216936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353835)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353835/; classtype:trojan-activity;sid:84216935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.23.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353834/; classtype:trojan-activity;sid:84216934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353832)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.120.125.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353832/; classtype:trojan-activity;sid:84216932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353833)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.125.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353833/; classtype:trojan-activity;sid:84216933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.63.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353831/; classtype:trojan-activity;sid:84216931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353830/; classtype:trojan-activity;sid:84216930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353829)"; flow:established,from_client; content:"GET"; http_method; content:"/sshell.service"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"51.81.121.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353829/; classtype:trojan-activity;sid:84216929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353828)"; flow:established,from_client; content:"GET"; http_method; content:"/carm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"51.81.121.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353828/; classtype:trojan-activity;sid:84216928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353814)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353814/; classtype:trojan-activity;sid:84216914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353815)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353815/; classtype:trojan-activity;sid:84216915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353816)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353816/; classtype:trojan-activity;sid:84216916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353817)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353817/; classtype:trojan-activity;sid:84216917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353818)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353818/; classtype:trojan-activity;sid:84216918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353819)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353819/; classtype:trojan-activity;sid:84216919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353820)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353820/; classtype:trojan-activity;sid:84216920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353821)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353821/; classtype:trojan-activity;sid:84216921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353822)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353822/; classtype:trojan-activity;sid:84216922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353823)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353823/; classtype:trojan-activity;sid:84216923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353824)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353824/; classtype:trojan-activity;sid:84216924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353825)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353825/; classtype:trojan-activity;sid:84216925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353826)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353826/; classtype:trojan-activity;sid:84216926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353827)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353827/; classtype:trojan-activity;sid:84216927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.64.155.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353813/; classtype:trojan-activity;sid:84216913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.39.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353812/; classtype:trojan-activity;sid:84216912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353811/; classtype:trojan-activity;sid:84216911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.207.137.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353809/; classtype:trojan-activity;sid:84216909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353810/; classtype:trojan-activity;sid:84216910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.163.185.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353808/; classtype:trojan-activity;sid:84216908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353807)"; flow:established,from_client; content:"GET"; http_method; content:"/64.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"woo097878781.win"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353807/; classtype:trojan-activity;sid:84216907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353806)"; flow:established,from_client; content:"GET"; http_method; content:"/32.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"woo097878781.win"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353806/; classtype:trojan-activity;sid:84216906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353805)"; flow:established,from_client; content:"GET"; http_method; content:"/p.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"woo097878781.win"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353805/; classtype:trojan-activity;sid:84216905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353804)"; flow:established,from_client; content:"GET"; http_method; content:"//sostener.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.135.232.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353804/; classtype:trojan-activity;sid:84216904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.195.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353803/; classtype:trojan-activity;sid:84216903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.72.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353802/; classtype:trojan-activity;sid:84216902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.250.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353801/; classtype:trojan-activity;sid:84216901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.43.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353800/; classtype:trojan-activity;sid:84216900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.195.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353799/; classtype:trojan-activity;sid:84216899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353798)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.9.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353798/; classtype:trojan-activity;sid:84216898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.120.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353797/; classtype:trojan-activity;sid:84216897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.72.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353796/; classtype:trojan-activity;sid:84216896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353795)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.31.246.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353795/; classtype:trojan-activity;sid:84216895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353794/; classtype:trojan-activity;sid:84216894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.45.56.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353793/; classtype:trojan-activity;sid:84216893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.9.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353792/; classtype:trojan-activity;sid:84216892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.69.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353791/; classtype:trojan-activity;sid:84216891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353790)"; flow:established,from_client; content:"GET"; http_method; content:"/dir/five/singl5.mp4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"buck1st.oss-ap-southeast-5.aliyuncs.com"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353790/; classtype:trojan-activity;sid:84216890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353789)"; flow:established,from_client; content:"GET"; http_method; content:"/singl5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"heavens.holistic-haven.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353789/; classtype:trojan-activity;sid:84216889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.24.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353788/; classtype:trojan-activity;sid:84216888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.234.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353787/; classtype:trojan-activity;sid:84216887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.245.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353786/; classtype:trojan-activity;sid:84216886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.185.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353785/; classtype:trojan-activity;sid:84216885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.187.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353784/; classtype:trojan-activity;sid:84216884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.184.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353783/; classtype:trojan-activity;sid:84216883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.31.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353782/; classtype:trojan-activity;sid:84216882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.69.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353781/; classtype:trojan-activity;sid:84216881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.111.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353780/; classtype:trojan-activity;sid:84216880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.112.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353779/; classtype:trojan-activity;sid:84216879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.9.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353778/; classtype:trojan-activity;sid:84216878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.242.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353777/; classtype:trojan-activity;sid:84216877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353776/; classtype:trojan-activity;sid:84216876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.94.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353775/; classtype:trojan-activity;sid:84216875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.117.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353774/; classtype:trojan-activity;sid:84216874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.131.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353773/; classtype:trojan-activity;sid:84216873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.35.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353772/; classtype:trojan-activity;sid:84216872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.245.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353771/; classtype:trojan-activity;sid:84216871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.147.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353770/; classtype:trojan-activity;sid:84216870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.187.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353769/; classtype:trojan-activity;sid:84216869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.185.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353768/; classtype:trojan-activity;sid:84216868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353767)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353767/; classtype:trojan-activity;sid:84216867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353766/; classtype:trojan-activity;sid:84216866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353765)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353765/; classtype:trojan-activity;sid:84216865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353764)"; flow:established,from_client; content:"GET"; http_method; content:"/nshppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353764/; classtype:trojan-activity;sid:84216864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353756)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353756/; classtype:trojan-activity;sid:84216856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353757)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353757/; classtype:trojan-activity;sid:84216857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353758)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353758/; classtype:trojan-activity;sid:84216858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353759)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353759/; classtype:trojan-activity;sid:84216859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353760)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353760/; classtype:trojan-activity;sid:84216860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353761)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353761/; classtype:trojan-activity;sid:84216861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353762)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353762/; classtype:trojan-activity;sid:84216862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353763)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353763/; classtype:trojan-activity;sid:84216863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.147.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353755/; classtype:trojan-activity;sid:84216855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.117.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353754/; classtype:trojan-activity;sid:84216854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.108.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353753/; classtype:trojan-activity;sid:84216853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.45.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353752/; classtype:trojan-activity;sid:84216852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.12.94.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353750/; classtype:trojan-activity;sid:84216850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353751/; classtype:trojan-activity;sid:84216851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.165.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353749/; classtype:trojan-activity;sid:84216849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353747)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353747/; classtype:trojan-activity;sid:84216847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353748)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353748/; classtype:trojan-activity;sid:84216848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353742)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353742/; classtype:trojan-activity;sid:84216842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353743)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353743/; classtype:trojan-activity;sid:84216843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353744)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353744/; classtype:trojan-activity;sid:84216844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353745)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353745/; classtype:trojan-activity;sid:84216845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353746)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353746/; classtype:trojan-activity;sid:84216846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353741)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.44.238.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353741/; classtype:trojan-activity;sid:84216841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.153.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353740/; classtype:trojan-activity;sid:84216840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.86.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353739/; classtype:trojan-activity;sid:84216839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.247.83.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353738/; classtype:trojan-activity;sid:84216838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.79.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353737/; classtype:trojan-activity;sid:84216837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.187.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353736/; classtype:trojan-activity;sid:84216836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.71.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353735/; classtype:trojan-activity;sid:84216835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353734)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.136.41.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353734/; classtype:trojan-activity;sid:84216834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353733/; classtype:trojan-activity;sid:84216833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.224.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353732/; classtype:trojan-activity;sid:84216832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.41.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353731/; classtype:trojan-activity;sid:84216831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.113.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353730/; classtype:trojan-activity;sid:84216830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.171.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353729/; classtype:trojan-activity;sid:84216829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.28.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353728/; classtype:trojan-activity;sid:84216828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.12.94.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353727/; classtype:trojan-activity;sid:84216827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.16.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353726/; classtype:trojan-activity;sid:84216826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.233.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353725/; classtype:trojan-activity;sid:84216825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.190.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353724/; classtype:trojan-activity;sid:84216824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.148.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353722/; classtype:trojan-activity;sid:84216822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.212.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353723/; classtype:trojan-activity;sid:84216823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.68.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353721/; classtype:trojan-activity;sid:84216821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.153.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353720/; classtype:trojan-activity;sid:84216820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.4.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353719/; classtype:trojan-activity;sid:84216819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.47.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353716/; classtype:trojan-activity;sid:84216816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.197.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353717/; classtype:trojan-activity;sid:84216817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.200.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353718/; classtype:trojan-activity;sid:84216818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.45.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353715/; classtype:trojan-activity;sid:84216815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.80.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353713/; classtype:trojan-activity;sid:84216813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.245.91.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353714/; classtype:trojan-activity;sid:84216814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.136.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353712/; classtype:trojan-activity;sid:84216812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.86.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353711/; classtype:trojan-activity;sid:84216811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.3.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353710/; classtype:trojan-activity;sid:84216810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.208.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353709/; classtype:trojan-activity;sid:84216809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.245.91.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353708/; classtype:trojan-activity;sid:84216808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353707/; classtype:trojan-activity;sid:84216807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.151.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353706/; classtype:trojan-activity;sid:84216806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353705/; classtype:trojan-activity;sid:84216805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353704/; classtype:trojan-activity;sid:84216804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353703/; classtype:trojan-activity;sid:84216803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.197.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353702/; classtype:trojan-activity;sid:84216802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.200.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353701/; classtype:trojan-activity;sid:84216801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353698/; classtype:trojan-activity;sid:84216798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.47.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353699/; classtype:trojan-activity;sid:84216799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.45.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353700/; classtype:trojan-activity;sid:84216800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.139.220.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353697/; classtype:trojan-activity;sid:84216797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.10.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353696/; classtype:trojan-activity;sid:84216796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353695/; classtype:trojan-activity;sid:84216795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.10.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353693/; classtype:trojan-activity;sid:84216793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.84.139.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353694/; classtype:trojan-activity;sid:84216794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.80.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353692/; classtype:trojan-activity;sid:84216792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.16.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353691/; classtype:trojan-activity;sid:84216791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.122.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353690/; classtype:trojan-activity;sid:84216790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.19.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353689/; classtype:trojan-activity;sid:84216789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.93.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353688/; classtype:trojan-activity;sid:84216788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353687/; classtype:trojan-activity;sid:84216787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.204.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353686/; classtype:trojan-activity;sid:84216786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353685/; classtype:trojan-activity;sid:84216785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.9.90"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353684/; classtype:trojan-activity;sid:84216784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.75.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353683/; classtype:trojan-activity;sid:84216783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.249.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353682/; classtype:trojan-activity;sid:84216782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.68.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353681/; classtype:trojan-activity;sid:84216781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.105.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353680/; classtype:trojan-activity;sid:84216780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.75.210.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353679/; classtype:trojan-activity;sid:84216779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.105.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353676/; classtype:trojan-activity;sid:84216776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.153.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353677/; classtype:trojan-activity;sid:84216777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.32.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353678/; classtype:trojan-activity;sid:84216778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.33.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353675/; classtype:trojan-activity;sid:84216775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.84.139.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353674/; classtype:trojan-activity;sid:84216774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353673)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.49.34.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353673/; classtype:trojan-activity;sid:84216773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.19.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353672/; classtype:trojan-activity;sid:84216772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353671/; classtype:trojan-activity;sid:84216771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353670/; classtype:trojan-activity;sid:84216770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.236.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353669/; classtype:trojan-activity;sid:84216769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.75.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353668/; classtype:trojan-activity;sid:84216768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353667/; classtype:trojan-activity;sid:84216767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.25.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353666/; classtype:trojan-activity;sid:84216766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353665/; classtype:trojan-activity;sid:84216765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.90"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353664/; classtype:trojan-activity;sid:84216764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.40.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353662/; classtype:trojan-activity;sid:84216762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.249.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353663/; classtype:trojan-activity;sid:84216763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.255.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353661/; classtype:trojan-activity;sid:84216761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.153.99.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353659/; classtype:trojan-activity;sid:84216759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.168.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353660/; classtype:trojan-activity;sid:84216760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.210.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353658/; classtype:trojan-activity;sid:84216758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.211.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353657/; classtype:trojan-activity;sid:84216757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353656/; classtype:trojan-activity;sid:84216756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.179.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353655/; classtype:trojan-activity;sid:84216755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.157.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353650/; classtype:trojan-activity;sid:84216750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353651/; classtype:trojan-activity;sid:84216751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353652/; classtype:trojan-activity;sid:84216752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353653/; classtype:trojan-activity;sid:84216753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.216.97.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353654/; classtype:trojan-activity;sid:84216754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.20.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353649/; classtype:trojan-activity;sid:84216749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353648/; classtype:trojan-activity;sid:84216748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.239.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353647/; classtype:trojan-activity;sid:84216747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353646/; classtype:trojan-activity;sid:84216746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.96.30"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353645/; classtype:trojan-activity;sid:84216745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.92.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353644/; classtype:trojan-activity;sid:84216744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.197.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353643/; classtype:trojan-activity;sid:84216743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.122.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353642/; classtype:trojan-activity;sid:84216742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.45.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353641/; classtype:trojan-activity;sid:84216741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.153.99.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353640/; classtype:trojan-activity;sid:84216740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.254.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353639/; classtype:trojan-activity;sid:84216739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.83.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353638/; classtype:trojan-activity;sid:84216738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.108.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353637/; classtype:trojan-activity;sid:84216737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.226.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353635/; classtype:trojan-activity;sid:84216735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.92.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353636/; classtype:trojan-activity;sid:84216736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.168.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353634/; classtype:trojan-activity;sid:84216734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.187.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353633/; classtype:trojan-activity;sid:84216733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353632)"; flow:established,from_client; content:"GET"; http_method; content:"/0210/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353632/; classtype:trojan-activity;sid:84216732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353630)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"keepz.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353630/; classtype:trojan-activity;sid:84216730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353628)"; flow:established,from_client; content:"GET"; http_method; content:"/x.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"195.179.227.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353628/; classtype:trojan-activity;sid:84216728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353629)"; flow:established,from_client; content:"GET"; http_method; content:"/iisstart.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mikedonohue.kozow.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353629/; classtype:trojan-activity;sid:84216729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353618)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.199.101.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353618/; classtype:trojan-activity;sid:84216718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353619)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353619/; classtype:trojan-activity;sid:84216719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353620)"; flow:established,from_client; content:"GET"; http_method; content:"/1109/h5ys7pe6wphyubnjgyl6.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353620/; classtype:trojan-activity;sid:84216720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353621)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/img/lemotiv.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353621/; classtype:trojan-activity;sid:84216721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353622)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/89ney51qj6qogvfpvop4.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353622/; classtype:trojan-activity;sid:84216722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353623)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dxpam.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353623/; classtype:trojan-activity;sid:84216723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353624)"; flow:established,from_client; content:"GET"; http_method; content:"/lossless%20scaling.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"207.231.111.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353624/; classtype:trojan-activity;sid:84216724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353625)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/img/error.jpeg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353625/; classtype:trojan-activity;sid:84216725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353626)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/img/logo-davivienda-blanco.png"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353626/; classtype:trojan-activity;sid:84216726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353627)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/img/vigilado.png"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353627/; classtype:trojan-activity;sid:84216727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353608)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/qurgsbvreupoyx9a01xp.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353608/; classtype:trojan-activity;sid:84216708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353609)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/qq0nddljve5fbkxrgqqa.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353609/; classtype:trojan-activity;sid:84216709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353610)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/ijpigioclbcwbidbk0sr.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353610/; classtype:trojan-activity;sid:84216710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353611)"; flow:established,from_client; content:"GET"; http_method; content:"/2509/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353611/; classtype:trojan-activity;sid:84216711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353612)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/img/campana.jpeg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353612/; classtype:trojan-activity;sid:84216712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353613)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353613/; classtype:trojan-activity;sid:84216713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353614)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/img/davivienda-fondo1.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353614/; classtype:trojan-activity;sid:84216714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353615)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353615/; classtype:trojan-activity;sid:84216715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353616)"; flow:established,from_client; content:"GET"; http_method; content:"/0911/pxiepnytgwldhznkmpki.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353616/; classtype:trojan-activity;sid:84216716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353617)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/instant"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353617/; classtype:trojan-activity;sid:84216717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353603)"; flow:established,from_client; content:"GET"; http_method; content:"/1109/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353603/; classtype:trojan-activity;sid:84216703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353604)"; flow:established,from_client; content:"GET"; http_method; content:"/1109/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353604/; classtype:trojan-activity;sid:84216704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353605)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.135.232.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353605/; classtype:trojan-activity;sid:84216705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353606)"; flow:established,from_client; content:"GET"; http_method; content:"/2009/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353606/; classtype:trojan-activity;sid:84216706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353607)"; flow:established,from_client; content:"GET"; http_method; content:"/d/s44"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353607/; classtype:trojan-activity;sid:84216707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353600)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/jka7ebhstdkjrdlbk21t.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353600/; classtype:trojan-activity;sid:84216700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353601)"; flow:established,from_client; content:"GET"; http_method; content:"/2009/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353601/; classtype:trojan-activity;sid:84216701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353602)"; flow:established,from_client; content:"GET"; http_method; content:"/0911/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353602/; classtype:trojan-activity;sid:84216702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353596)"; flow:established,from_client; content:"GET"; http_method; content:"/bancolombia/img/itemb.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"keepz.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353596/; classtype:trojan-activity;sid:84216696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353597)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/wnxqwna9xzrgxnhhacfe.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353597/; classtype:trojan-activity;sid:84216697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353598)"; flow:established,from_client; content:"GET"; http_method; content:"/2009/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353598/; classtype:trojan-activity;sid:84216698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353599)"; flow:established,from_client; content:"GET"; http_method; content:"/0911/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353599/; classtype:trojan-activity;sid:84216699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353591)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/script/script.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"keepz.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353591/; classtype:trojan-activity;sid:84216691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353592)"; flow:established,from_client; content:"GET"; http_method; content:"/bancolombia/img/logo_sve.gif"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"keepz.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353592/; classtype:trojan-activity;sid:84216692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353593)"; flow:established,from_client; content:"GET"; http_method; content:"/bancolombia/img/icono.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353593/; classtype:trojan-activity;sid:84216693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353594)"; flow:established,from_client; content:"GET"; http_method; content:"/bancolombia/img/logo_sve.gif"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353594/; classtype:trojan-activity;sid:84216694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353595)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/script/script.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353595/; classtype:trojan-activity;sid:84216695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353588)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353588/; classtype:trojan-activity;sid:84216688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353589)"; flow:established,from_client; content:"GET"; http_method; content:"/2509/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353589/; classtype:trojan-activity;sid:84216689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353590)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/b15xm0jm9zzmzcn8y57g.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353590/; classtype:trojan-activity;sid:84216690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353586)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/cn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353586/; classtype:trojan-activity;sid:84216686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353587)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"pingservice.blogdns.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353587/; classtype:trojan-activity;sid:84216687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353574)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/img/candado.jpeg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353574/; classtype:trojan-activity;sid:84216674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353575)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/img/icon.jpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353575/; classtype:trojan-activity;sid:84216675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353576)"; flow:established,from_client; content:"GET"; http_method; content:"/bancolombia/img/itemb.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353576/; classtype:trojan-activity;sid:84216676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353577)"; flow:established,from_client; content:"GET"; http_method; content:"/bancolombia/img/favicon.ico"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353577/; classtype:trojan-activity;sid:84216677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353578)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353578/; classtype:trojan-activity;sid:84216678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353579)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/img/signo.jpeg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353579/; classtype:trojan-activity;sid:84216679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353580)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/img/compartir.jpeg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353580/; classtype:trojan-activity;sid:84216680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353581)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353581/; classtype:trojan-activity;sid:84216681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353582)"; flow:established,from_client; content:"GET"; http_method; content:"/bancolombia/img/sucursal.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353582/; classtype:trojan-activity;sid:84216682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353583)"; flow:established,from_client; content:"GET"; http_method; content:"/electrum.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"elektrum.sbs"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353583/; classtype:trojan-activity;sid:84216683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353584)"; flow:established,from_client; content:"GET"; http_method; content:"/bancolombia/cop%c3%ada"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353584/; classtype:trojan-activity;sid:84216684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353585)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/img/campana2.jpeg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353585/; classtype:trojan-activity;sid:84216685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353568)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"respaldo2.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353568/; classtype:trojan-activity;sid:84216668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353569)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/img/llave.jpeg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353569/; classtype:trojan-activity;sid:84216669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353570)"; flow:established,from_client; content:"GET"; http_method; content:"/2509/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353570/; classtype:trojan-activity;sid:84216670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353571)"; flow:established,from_client; content:"GET"; http_method; content:"/2509/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353571/; classtype:trojan-activity;sid:84216671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353572)"; flow:established,from_client; content:"GET"; http_method; content:"/bancolombia/img/logo.jpg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353572/; classtype:trojan-activity;sid:84216672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353573)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/prynp1lge1kpfasibcl8.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353573/; classtype:trojan-activity;sid:84216673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353561)"; flow:established,from_client; content:"GET"; http_method; content:"/1109/ytzuzggaddetwfpmpqje.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353561/; classtype:trojan-activity;sid:84216661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353562)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"keepz.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353562/; classtype:trojan-activity;sid:84216662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353563)"; flow:established,from_client; content:"GET"; http_method; content:"/1109/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353563/; classtype:trojan-activity;sid:84216663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353564)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353564/; classtype:trojan-activity;sid:84216664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353565)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.updatee-facebok.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353565/; classtype:trojan-activity;sid:84216665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353566)"; flow:established,from_client; content:"GET"; http_method; content:"/0911/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353566/; classtype:trojan-activity;sid:84216666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353567)"; flow:established,from_client; content:"GET"; http_method; content:"/d/r44"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353567/; classtype:trojan-activity;sid:84216667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353557)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/hmv3stflgux49v1bfdvw.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353557/; classtype:trojan-activity;sid:84216657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353558)"; flow:established,from_client; content:"GET"; http_method; content:"/1109/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353558/; classtype:trojan-activity;sid:84216658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353559)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353559/; classtype:trojan-activity;sid:84216659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353560)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353560/; classtype:trojan-activity;sid:84216660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353553)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/4o9eihfoasgaxbfkfd5h.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353553/; classtype:trojan-activity;sid:84216653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353554)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/2srkxnyhdkvfkznjfsvx.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353554/; classtype:trojan-activity;sid:84216654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353555)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/pnry4fqetksjor3dfaen.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353555/; classtype:trojan-activity;sid:84216655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353556)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353556/; classtype:trojan-activity;sid:84216656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353552)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"209.105.248.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353552/; classtype:trojan-activity;sid:84216652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353551)"; flow:established,from_client; content:"GET"; http_method; content:"/davivienda/styles/style.css"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353551/; classtype:trojan-activity;sid:84216651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353547)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"173.249.202.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353547/; classtype:trojan-activity;sid:84216647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353548)"; flow:established,from_client; content:"GET"; http_method; content:"/bancolombia/tokeninvalido/style.css"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353548/; classtype:trojan-activity;sid:84216648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353549)"; flow:established,from_client; content:"GET"; http_method; content:"/bancolombia/script.js"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353549/; classtype:trojan-activity;sid:84216649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353550)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"static-173-249-202-39.cust.tzulo.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353550/; classtype:trojan-activity;sid:84216650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353545)"; flow:established,from_client; content:"GET"; http_method; content:"/0911/cn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353545/; classtype:trojan-activity;sid:84216645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353546)"; flow:established,from_client; content:"GET"; http_method; content:"/bancolombia/style.css"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"updatee-facebok.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353546/; classtype:trojan-activity;sid:84216646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353540)"; flow:established,from_client; content:"GET"; http_method; content:"/0210/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353540/; classtype:trojan-activity;sid:84216640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353541)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353541/; classtype:trojan-activity;sid:84216641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353542)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/fxyjkpf3otcmickmshv6.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353542/; classtype:trojan-activity;sid:84216642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353543)"; flow:established,from_client; content:"GET"; http_method; content:"/0210/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353543/; classtype:trojan-activity;sid:84216643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353544)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353544/; classtype:trojan-activity;sid:84216644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353538)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353538/; classtype:trojan-activity;sid:84216638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353539)"; flow:established,from_client; content:"GET"; http_method; content:"/0210/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353539/; classtype:trojan-activity;sid:84216639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.211.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353537/; classtype:trojan-activity;sid:84216637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.63.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353536/; classtype:trojan-activity;sid:84216636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.96.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353535/; classtype:trojan-activity;sid:84216635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353534/; classtype:trojan-activity;sid:84216634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.255.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353533/; classtype:trojan-activity;sid:84216633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353532)"; flow:established,from_client; content:"GET"; http_method; content:"/kunde2637252.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"klarnaportal.live"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353532/; classtype:trojan-activity;sid:84216632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.96.30"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353531/; classtype:trojan-activity;sid:84216631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.176.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353530/; classtype:trojan-activity;sid:84216630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353528/; classtype:trojan-activity;sid:84216628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.185.157.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353529/; classtype:trojan-activity;sid:84216629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.24.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353527/; classtype:trojan-activity;sid:84216627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353526)"; flow:established,from_client; content:"GET"; http_method; content:"/118/sup/greatnicefeatureswithsupercodebnaturalthingsinlineforgiven.hta"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"23.95.235.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353526/; classtype:trojan-activity;sid:84216626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353525)"; flow:established,from_client; content:"GET"; http_method; content:"/75/ecome.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.179.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353525/; classtype:trojan-activity;sid:84216625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353523)"; flow:established,from_client; content:"GET"; http_method; content:"/bo.js"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353523/; classtype:trojan-activity;sid:84216623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353524)"; flow:established,from_client; content:"GET"; http_method; content:"/2023_company_data.js"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353524/; classtype:trojan-activity;sid:84216624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353519)"; flow:established,from_client; content:"GET"; http_method; content:"/web/w8.jar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.3.220.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353519/; classtype:trojan-activity;sid:84216619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353520)"; flow:established,from_client; content:"GET"; http_method; content:"/76/ecome.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.179.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353520/; classtype:trojan-activity;sid:84216620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353521)"; flow:established,from_client; content:"GET"; http_method; content:"/f.pdf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353521/; classtype:trojan-activity;sid:84216621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353522)"; flow:established,from_client; content:"GET"; http_method; content:"/web/wpv.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.3.220.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353522/; classtype:trojan-activity;sid:84216622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353518)"; flow:established,from_client; content:"GET"; http_method; content:"/466/wcc/matchingwithbestthingstobegreatforentirelifegivenmebestthignsevergive.hta"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"172.245.142.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353518/; classtype:trojan-activity;sid:84216618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353514)"; flow:established,from_client; content:"GET"; http_method; content:"/466/kidsniceformetogetbackgreatthingswithnetiertimegivenmebestforme.tif"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"172.245.142.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353514/; classtype:trojan-activity;sid:84216614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353515)"; flow:established,from_client; content:"GET"; http_method; content:"/c.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353515/; classtype:trojan-activity;sid:84216615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353516)"; flow:established,from_client; content:"GET"; http_method; content:"/c.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353516/; classtype:trojan-activity;sid:84216616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353517)"; flow:established,from_client; content:"GET"; http_method; content:"/bo.js"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353517/; classtype:trojan-activity;sid:84216617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353510)"; flow:established,from_client; content:"GET"; http_method; content:"/c2.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353510/; classtype:trojan-activity;sid:84216610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353511)"; flow:established,from_client; content:"GET"; http_method; content:"/c2.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353511/; classtype:trojan-activity;sid:84216611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353512)"; flow:established,from_client; content:"GET"; http_method; content:"/msword.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353512/; classtype:trojan-activity;sid:84216612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353513)"; flow:established,from_client; content:"GET"; http_method; content:"/f.pdf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353513/; classtype:trojan-activity;sid:84216613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353509)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/net.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353509/; classtype:trojan-activity;sid:84216609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353507)"; flow:established,from_client; content:"GET"; http_method; content:"/crack/go.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353507/; classtype:trojan-activity;sid:84216607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353508)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/ph.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353508/; classtype:trojan-activity;sid:84216608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353504)"; flow:established,from_client; content:"GET"; http_method; content:"/web/kiz.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.3.220.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353504/; classtype:trojan-activity;sid:84216604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353505)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/dr/contents1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353505/; classtype:trojan-activity;sid:84216605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353506)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/dr/contents4.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353506/; classtype:trojan-activity;sid:84216606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353498)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/v4/dr.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353498/; classtype:trojan-activity;sid:84216598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353499)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/dr/contents3.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353499/; classtype:trojan-activity;sid:84216599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353500)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/dr/contents2.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353500/; classtype:trojan-activity;sid:84216600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353501)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/v4/go.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353501/; classtype:trojan-activity;sid:84216601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353502)"; flow:established,from_client; content:"GET"; http_method; content:"/118/freesizedressfornaturalbeautyinthiscaseforyougood.tif"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"23.95.235.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353502/; classtype:trojan-activity;sid:84216602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353503)"; flow:established,from_client; content:"GET"; http_method; content:"/121/simplegreatfeatureswithnicespeakingthingsentirelifegoingon.tif"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"192.3.122.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353503/; classtype:trojan-activity;sid:84216603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.187.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353497/; classtype:trojan-activity;sid:84216597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.253.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353496/; classtype:trojan-activity;sid:84216596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.68.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353495/; classtype:trojan-activity;sid:84216595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.97.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353494/; classtype:trojan-activity;sid:84216594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353493/; classtype:trojan-activity;sid:84216593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353492/; classtype:trojan-activity;sid:84216592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.170.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353491/; classtype:trojan-activity;sid:84216591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.176.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353490/; classtype:trojan-activity;sid:84216590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.230.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353489/; classtype:trojan-activity;sid:84216589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.104.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353487/; classtype:trojan-activity;sid:84216587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.86.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353488/; classtype:trojan-activity;sid:84216588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.24.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353486/; classtype:trojan-activity;sid:84216586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.218.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353485/; classtype:trojan-activity;sid:84216585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.192.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353484/; classtype:trojan-activity;sid:84216584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.11.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353483/; classtype:trojan-activity;sid:84216583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353482/; classtype:trojan-activity;sid:84216582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.117.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353481/; classtype:trojan-activity;sid:84216581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353480/; classtype:trojan-activity;sid:84216580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.236.75.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353479/; classtype:trojan-activity;sid:84216579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353474/; classtype:trojan-activity;sid:84216574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.85.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353475/; classtype:trojan-activity;sid:84216575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353476/; classtype:trojan-activity;sid:84216576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.60.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353477/; classtype:trojan-activity;sid:84216577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353478/; classtype:trojan-activity;sid:84216578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.108.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353473/; classtype:trojan-activity;sid:84216573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.209.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353472/; classtype:trojan-activity;sid:84216572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.207.137.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353471/; classtype:trojan-activity;sid:84216571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.124.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353470/; classtype:trojan-activity;sid:84216570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.97.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353469/; classtype:trojan-activity;sid:84216569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.94.193.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353468/; classtype:trojan-activity;sid:84216568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.88.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353467/; classtype:trojan-activity;sid:84216567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353466/; classtype:trojan-activity;sid:84216566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353465/; classtype:trojan-activity;sid:84216565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.200.84.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353463/; classtype:trojan-activity;sid:84216563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.153.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353462/; classtype:trojan-activity;sid:84216562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.187.85.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353458/; classtype:trojan-activity;sid:84216558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.20.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353459/; classtype:trojan-activity;sid:84216559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.199.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353460/; classtype:trojan-activity;sid:84216560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.237.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353461/; classtype:trojan-activity;sid:84216561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.238.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353455/; classtype:trojan-activity;sid:84216555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.70.181.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353456/; classtype:trojan-activity;sid:84216556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353457/; classtype:trojan-activity;sid:84216557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353454/; classtype:trojan-activity;sid:84216554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.126.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353453/; classtype:trojan-activity;sid:84216553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353452/; classtype:trojan-activity;sid:84216552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353449/; classtype:trojan-activity;sid:84216549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.125.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353450/; classtype:trojan-activity;sid:84216550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.182.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353451/; classtype:trojan-activity;sid:84216551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.230.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353448/; classtype:trojan-activity;sid:84216548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.130.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353447/; classtype:trojan-activity;sid:84216547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.104.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353446/; classtype:trojan-activity;sid:84216546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.26.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353445/; classtype:trojan-activity;sid:84216545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.113.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353444/; classtype:trojan-activity;sid:84216544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.23.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353442/; classtype:trojan-activity;sid:84216542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353443)"; flow:established,from_client; content:"GET"; http_method; content:"/server"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.45.126.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353443/; classtype:trojan-activity;sid:84216543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/invoicenr274728.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.45.126.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353441/; classtype:trojan-activity;sid:84216541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.220.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353440/; classtype:trojan-activity;sid:84216540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353439)"; flow:established,from_client; content:"GET"; http_method; content:"/ztysvryz/blusterer.deploy"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ig2c.icu"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353439/; classtype:trojan-activity;sid:84216539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353438)"; flow:established,from_client; content:"GET"; http_method; content:"/jvcarekj/nywxkprvdifooug4.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ig2c.icu"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353438/; classtype:trojan-activity;sid:84216538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.85.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353436/; classtype:trojan-activity;sid:84216536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.226.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353437/; classtype:trojan-activity;sid:84216537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.86.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353435/; classtype:trojan-activity;sid:84216535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353434/; classtype:trojan-activity;sid:84216534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.51.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353433/; classtype:trojan-activity;sid:84216533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.35.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353432/; classtype:trojan-activity;sid:84216532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.49.145.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353430/; classtype:trojan-activity;sid:84216530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.124.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353431/; classtype:trojan-activity;sid:84216531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.193.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353429/; classtype:trojan-activity;sid:84216529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.111.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353428/; classtype:trojan-activity;sid:84216528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.247.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353427/; classtype:trojan-activity;sid:84216527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.200.168.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353426/; classtype:trojan-activity;sid:84216526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353425/; classtype:trojan-activity;sid:84216525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353424)"; flow:established,from_client; content:"GET"; http_method; content:"/439/weareusinggoodcompaniesforgifitingbesthingsformetoget.tif"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"23.95.235.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353424/; classtype:trojan-activity;sid:84216524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353423)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.217.43.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353423/; classtype:trojan-activity;sid:84216523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353422)"; flow:established,from_client; content:"GET"; http_method; content:"/233/createdbestthingswithenergylevelgoodforbusinesspuropse.tif"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"172.245.123.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353422/; classtype:trojan-activity;sid:84216522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.180.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353421/; classtype:trojan-activity;sid:84216521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.90"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353419/; classtype:trojan-activity;sid:84216519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.26.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353420/; classtype:trojan-activity;sid:84216520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.111.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353418/; classtype:trojan-activity;sid:84216518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.200.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353417/; classtype:trojan-activity;sid:84216517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.79.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353416/; classtype:trojan-activity;sid:84216516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353415)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/refs/heads/main/benpolatalemdar.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353415/; classtype:trojan-activity;sid:84216515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353413/; classtype:trojan-activity;sid:84216513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.11.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353414/; classtype:trojan-activity;sid:84216514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353408)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/refs/heads/main/discord.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353408/; classtype:trojan-activity;sid:84216508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353409)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/refs/heads/main/seksiak.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353409/; classtype:trojan-activity;sid:84216509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353410)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/refs/heads/main/injector.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353410/; classtype:trojan-activity;sid:84216510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353411)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/refs/heads/main/built.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353411/; classtype:trojan-activity;sid:84216511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353412)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/refs/heads/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353412/; classtype:trojan-activity;sid:84216512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353405)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/refs/heads/main/svhost.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353405/; classtype:trojan-activity;sid:84216505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353406)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/refs/heads/main/mmo%201.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353406/; classtype:trojan-activity;sid:84216506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353407)"; flow:established,from_client; content:"GET"; http_method; content:"/faokun1/aaa/refs/heads/main/client-built.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353407/; classtype:trojan-activity;sid:84216507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353404)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/refs/heads/main/perviy.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353404/; classtype:trojan-activity;sid:84216504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353403)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/prueba.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353403/; classtype:trojan-activity;sid:84216503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353401)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/refs/heads/main/com%20surrogate.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353401/; classtype:trojan-activity;sid:84216501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353402)"; flow:established,from_client; content:"GET"; http_method; content:"/iamgelogger233/imagelogger/refs/heads/main/imagelogger.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353402/; classtype:trojan-activity;sid:84216502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353397)"; flow:established,from_client; content:"GET"; http_method; content:"/lohoainam/-at/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353397/; classtype:trojan-activity;sid:84216497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353398)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/refs/heads/main/vtoroy.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353398/; classtype:trojan-activity;sid:84216498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353399)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/refs/heads/main/msedge.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353399/; classtype:trojan-activity;sid:84216499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353400)"; flow:established,from_client; content:"GET"; http_method; content:"/stukit/svhoste/refs/heads/main/svhoste.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353400/; classtype:trojan-activity;sid:84216500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353395)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/refs/heads/main/msedge..exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353395/; classtype:trojan-activity;sid:84216495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353396)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/refs/heads/main/evetbeta.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353396/; classtype:trojan-activity;sid:84216496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353393)"; flow:established,from_client; content:"GET"; http_method; content:"/quas_brout_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353393/; classtype:trojan-activity;sid:84216493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353383)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353383/; classtype:trojan-activity;sid:84216483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353384)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"49.0.254.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353384/; classtype:trojan-activity;sid:84216484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353385)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/refs/heads/main/x.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353385/; classtype:trojan-activity;sid:84216485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353386)"; flow:established,from_client; content:"GET"; http_method; content:"/l79wum.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353386/; classtype:trojan-activity;sid:84216486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353387)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/refs/heads/main/money.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353387/; classtype:trojan-activity;sid:84216487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353388)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/sgvp%20client%20system.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353388/; classtype:trojan-activity;sid:84216488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353389)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/refs/heads/main/fud2.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353389/; classtype:trojan-activity;sid:84216489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353390)"; flow:established,from_client; content:"GET"; http_method; content:"/client-builtlocal.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"189.241.217.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353390/; classtype:trojan-activity;sid:84216490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353391)"; flow:established,from_client; content:"GET"; http_method; content:"/local.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.241.217.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353391/; classtype:trojan-activity;sid:84216491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353392)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"189.241.217.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353392/; classtype:trojan-activity;sid:84216492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353381)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353381/; classtype:trojan-activity;sid:84216481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353382)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/refs/heads/main/client-built-playit.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353382/; classtype:trojan-activity;sid:84216482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353380)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/refs/heads/main/client-built.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353380/; classtype:trojan-activity;sid:84216480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353379)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/test.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353379/; classtype:trojan-activity;sid:84216479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353377)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.0.254.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353377/; classtype:trojan-activity;sid:84216477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353378)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"49.0.254.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353378/; classtype:trojan-activity;sid:84216478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353376)"; flow:established,from_client; content:"GET"; http_method; content:"/ozcanpng/backd00r/refs/heads/main/backd00rhome.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353376/; classtype:trojan-activity;sid:84216476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353369)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.0.254.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353369/; classtype:trojan-activity;sid:84216469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353370)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf_reader_update.hta"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"prntsrcn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353370/; classtype:trojan-activity;sid:84216470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353371)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"49.0.254.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353371/; classtype:trojan-activity;sid:84216471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353372)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/refs/heads/main/shellcode.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353372/; classtype:trojan-activity;sid:84216472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353373)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"49.0.254.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353373/; classtype:trojan-activity;sid:84216473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353374)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/refs/heads/main/kali_tools.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353374/; classtype:trojan-activity;sid:84216474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353375)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"49.0.254.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353375/; classtype:trojan-activity;sid:84216475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353364)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/lyjdfjthawd.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353364/; classtype:trojan-activity;sid:84216464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353365)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/nthnaedltg.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353365/; classtype:trojan-activity;sid:84216465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353366)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"49.0.254.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353366/; classtype:trojan-activity;sid:84216466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353367)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"49.0.254.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353367/; classtype:trojan-activity;sid:84216467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353368)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"49.0.254.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353368/; classtype:trojan-activity;sid:84216468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353361)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/refs/heads/main/discord.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353361/; classtype:trojan-activity;sid:84216461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353362)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/refs/heads/main/tcp.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353362/; classtype:trojan-activity;sid:84216462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353363)"; flow:established,from_client; content:"GET"; http_method; content:"/videoxfrx/crealstealer/refs/heads/main/creal.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353363/; classtype:trojan-activity;sid:84216463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353358)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/main/shell.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353358/; classtype:trojan-activity;sid:84216458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353359)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/refs/heads/main/crspoofer.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353359/; classtype:trojan-activity;sid:84216459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353360)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/refs/heads/main/shell.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353360/; classtype:trojan-activity;sid:84216460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353354)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/refs/heads/main/fern_wifi_recon%252.34.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353354/; classtype:trojan-activity;sid:84216454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353355)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/refs/heads/main/asyncclient.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353355/; classtype:trojan-activity;sid:84216455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353356)"; flow:established,from_client; content:"GET"; http_method; content:"/mhemon404/project01/refs/heads/main/system404.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353356/; classtype:trojan-activity;sid:84216456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353357)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/refs/heads/main/discordd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353357/; classtype:trojan-activity;sid:84216457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.28.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353353/; classtype:trojan-activity;sid:84216453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353351)"; flow:established,from_client; content:"GET"; http_method; content:"/whk4tmu9xpwa/nj.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.90.62.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353351/; classtype:trojan-activity;sid:84216451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353352)"; flow:established,from_client; content:"GET"; http_method; content:"/quas_autre_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353352/; classtype:trojan-activity;sid:84216452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353347)"; flow:established,from_client; content:"GET"; http_method; content:"/tiraundercode/rev/raw/main/client-built.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353347/; classtype:trojan-activity;sid:84216447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353348)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/raw/refs/heads/main/powerrat.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353348/; classtype:trojan-activity;sid:84216448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353349)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353349/; classtype:trojan-activity;sid:84216449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353350)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/miopmim.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353350/; classtype:trojan-activity;sid:84216450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353343)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hacker.kygtps.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353343/; classtype:trojan-activity;sid:84216443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353344)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hacker.kygtps.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353344/; classtype:trojan-activity;sid:84216444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353345)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/raw/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353345/; classtype:trojan-activity;sid:84216445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353346)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hacker.kygtps.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353346/; classtype:trojan-activity;sid:84216446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353340)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hacker.kygtps.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353340/; classtype:trojan-activity;sid:84216440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353341)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hacker.kygtps.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353341/; classtype:trojan-activity;sid:84216441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353342)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hacker.kygtps.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353342/; classtype:trojan-activity;sid:84216442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353339)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/dnknkpm.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353339/; classtype:trojan-activity;sid:84216439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353336)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/mhifjmf.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353336/; classtype:trojan-activity;sid:84216436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353337)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hacker.kygtps.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353337/; classtype:trojan-activity;sid:84216437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353338)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/smcembd.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353338/; classtype:trojan-activity;sid:84216438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353332)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/raw/main/shell.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353332/; classtype:trojan-activity;sid:84216432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353333)"; flow:established,from_client; content:"GET"; http_method; content:"/dlc_update.data"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353333/; classtype:trojan-activity;sid:84216433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353334)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/main/discordd.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353334/; classtype:trojan-activity;sid:84216434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353335)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/refs/heads/main/anne.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353335/; classtype:trojan-activity;sid:84216435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353327)"; flow:established,from_client; content:"GET"; http_method; content:"/arm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353327/; classtype:trojan-activity;sid:84216427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353328)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hacker.kygtps.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353328/; classtype:trojan-activity;sid:84216428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353329)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hacker.kygtps.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353329/; classtype:trojan-activity;sid:84216429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353330)"; flow:established,from_client; content:"GET"; http_method; content:"/ducminh23/ddosv1/refs/heads/main/ddosziller.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353330/; classtype:trojan-activity;sid:84216430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353331)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/main/discordd.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353331/; classtype:trojan-activity;sid:84216431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353326)"; flow:established,from_client; content:"GET"; http_method; content:"/spc/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353326/; classtype:trojan-activity;sid:84216426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353325)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hacker.kygtps.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353325/; classtype:trojan-activity;sid:84216425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353324/; classtype:trojan-activity;sid:84216424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.154.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353323/; classtype:trojan-activity;sid:84216423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.176.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353322/; classtype:trojan-activity;sid:84216422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353320)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/refs/heads/main/asyncclient.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353320/; classtype:trojan-activity;sid:84216420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353321)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/daww/refs/heads/main/loader.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353321/; classtype:trojan-activity;sid:84216421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353319)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/exe/refs/heads/main/solara_protect.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353319/; classtype:trojan-activity;sid:84216419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353318)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/file3.mentah"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353318/; classtype:trojan-activity;sid:84216418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353317)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/file3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353317/; classtype:trojan-activity;sid:84216417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353316)"; flow:established,from_client; content:"GET"; http_method; content:"/senju/senju_simple_vp.rar"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353316/; classtype:trojan-activity;sid:84216416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/n5hl9mgl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353314/; classtype:trojan-activity;sid:84216414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353315)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353315/; classtype:trojan-activity;sid:84216415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353312)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jwnv23gb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353312/; classtype:trojan-activity;sid:84216412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353313)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/refs/heads/main/sharpmonoinjector.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353313/; classtype:trojan-activity;sid:84216413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353310)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/simple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353310/; classtype:trojan-activity;sid:84216410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353311)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/simple3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353311/; classtype:trojan-activity;sid:84216411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353309)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353309/; classtype:trojan-activity;sid:84216409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353307)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353307/; classtype:trojan-activity;sid:84216407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353308)"; flow:established,from_client; content:"GET"; http_method; content:"/api/getinjects"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353308/; classtype:trojan-activity;sid:84216408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353304)"; flow:established,from_client; content:"GET"; http_method; content:"/koala/injek3.mentah"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353304/; classtype:trojan-activity;sid:84216404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353305)"; flow:established,from_client; content:"GET"; http_method; content:"/api/getkeyloggers"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353305/; classtype:trojan-activity;sid:84216405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353306)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted_uclient.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353306/; classtype:trojan-activity;sid:84216406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353300)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353300/; classtype:trojan-activity;sid:84216400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353301)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injeksimple3.mentah"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353301/; classtype:trojan-activity;sid:84216401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353302)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/file3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353302/; classtype:trojan-activity;sid:84216402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353303)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353303/; classtype:trojan-activity;sid:84216403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353296)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/file3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353296/; classtype:trojan-activity;sid:84216396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353297)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_hard_vp.rar"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353297/; classtype:trojan-activity;sid:84216397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353298)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/simple3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353298/; classtype:trojan-activity;sid:84216398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353299)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353299/; classtype:trojan-activity;sid:84216399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353294)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injekkey.mentah"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353294/; classtype:trojan-activity;sid:84216394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353295)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353295/; classtype:trojan-activity;sid:84216395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353285)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/injek3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353285/; classtype:trojan-activity;sid:84216385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353286)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353286/; classtype:trojan-activity;sid:84216386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353287)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353287/; classtype:trojan-activity;sid:84216387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353288)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353288/; classtype:trojan-activity;sid:84216388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353289)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injek3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353289/; classtype:trojan-activity;sid:84216389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353290)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353290/; classtype:trojan-activity;sid:84216390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353291)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_simple_vp.rar"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353291/; classtype:trojan-activity;sid:84216391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353292)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/simple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353292/; classtype:trojan-activity;sid:84216392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353293)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353293/; classtype:trojan-activity;sid:84216393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353284)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353284/; classtype:trojan-activity;sid:84216384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353280)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353280/; classtype:trojan-activity;sid:84216380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353281)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353281/; classtype:trojan-activity;sid:84216381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353282)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injeksimple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353282/; classtype:trojan-activity;sid:84216382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353283)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353283/; classtype:trojan-activity;sid:84216383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353279)"; flow:established,from_client; content:"GET"; http_method; content:"/dc999.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353279/; classtype:trojan-activity;sid:84216379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353277)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex12344.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353277/; classtype:trojan-activity;sid:84216377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353278)"; flow:established,from_client; content:"GET"; http_method; content:"/xnn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353278/; classtype:trojan-activity;sid:84216378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353275)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353275/; classtype:trojan-activity;sid:84216375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353276)"; flow:established,from_client; content:"GET"; http_method; content:"/dc2111bat.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353276/; classtype:trojan-activity;sid:84216376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353273)"; flow:established,from_client; content:"GET"; http_method; content:"/s99zbootlog"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.96.128.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353273/; classtype:trojan-activity;sid:84216373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353274)"; flow:established,from_client; content:"GET"; http_method; content:"/5511.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353274/; classtype:trojan-activity;sid:84216374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.104.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353272/; classtype:trojan-activity;sid:84216372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353271)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injeksimple3.mentah"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353271/; classtype:trojan-activity;sid:84216371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353270)"; flow:established,from_client; content:"GET"; http_method; content:"/.shell"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353270/; classtype:trojan-activity;sid:84216370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353269)"; flow:established,from_client; content:"GET"; http_method; content:"/midwifefridayxxmpdw-constraints.vbs"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"104.168.7.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353269/; classtype:trojan-activity;sid:84216369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353267)"; flow:established,from_client; content:"GET"; http_method; content:"/webmadammpdw-constraints.vbs"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"104.168.7.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353267/; classtype:trojan-activity;sid:84216367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353268)"; flow:established,from_client; content:"GET"; http_method; content:"/one.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.96.128.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353268/; classtype:trojan-activity;sid:84216368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353266)"; flow:established,from_client; content:"GET"; http_method; content:"/chromedriver.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353266/; classtype:trojan-activity;sid:84216366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353265)"; flow:established,from_client; content:"GET"; http_method; content:"/libccc.zip.tar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353265/; classtype:trojan-activity;sid:84216365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353264)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353264/; classtype:trojan-activity;sid:84216364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353263)"; flow:established,from_client; content:"GET"; http_method; content:"/xc.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353263/; classtype:trojan-activity;sid:84216363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353262)"; flow:established,from_client; content:"GET"; http_method; content:"/vmpwn.7z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353262/; classtype:trojan-activity;sid:84216362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353261)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353261/; classtype:trojan-activity;sid:84216361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353260)"; flow:established,from_client; content:"GET"; http_method; content:"/tinynote.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353260/; classtype:trojan-activity;sid:84216360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353258)"; flow:established,from_client; content:"GET"; http_method; content:"/boot"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353258/; classtype:trojan-activity;sid:84216358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353259)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/ipc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353259/; classtype:trojan-activity;sid:84216359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353257)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353257/; classtype:trojan-activity;sid:84216357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353252)"; flow:established,from_client; content:"GET"; http_method; content:"/minerpad.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.169.13.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353252/; classtype:trojan-activity;sid:84216352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353253)"; flow:established,from_client; content:"GET"; http_method; content:"/musl-dbgsym_1.2.2-1_amd64.ddeb"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353253/; classtype:trojan-activity;sid:84216353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353254)"; flow:established,from_client; content:"GET"; http_method; content:"/eznoted2b1405e.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353254/; classtype:trojan-activity;sid:84216354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353255)"; flow:established,from_client; content:"GET"; http_method; content:"/pig.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353255/; classtype:trojan-activity;sid:84216355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353256)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353256/; classtype:trojan-activity;sid:84216356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353250/; classtype:trojan-activity;sid:84216350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353251)"; flow:established,from_client; content:"GET"; http_method; content:"/master.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353251/; classtype:trojan-activity;sid:84216351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353242/; classtype:trojan-activity;sid:84216342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353243/; classtype:trojan-activity;sid:84216343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_2.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353244/; classtype:trojan-activity;sid:84216344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353245)"; flow:established,from_client; content:"GET"; http_method; content:"/gold.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hardcore-cartwright.194-26-192-76.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353245/; classtype:trojan-activity;sid:84216345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353246)"; flow:established,from_client; content:"GET"; http_method; content:"//google.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353246/; classtype:trojan-activity;sid:84216346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353247)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353247/; classtype:trojan-activity;sid:84216347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353248)"; flow:established,from_client; content:"GET"; http_method; content:"/smcr66.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.113.115.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353248/; classtype:trojan-activity;sid:84216348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353249)"; flow:established,from_client; content:"GET"; http_method; content:"/nan_brout_ncrypt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353249/; classtype:trojan-activity;sid:84216349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353236)"; flow:established,from_client; content:"GET"; http_method; content:"/1010.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hardcore-cartwright.194-26-192-76.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353236/; classtype:trojan-activity;sid:84216336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353237)"; flow:established,from_client; content:"GET"; http_method; content:"/out-encryptedscript.ps1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353237/; classtype:trojan-activity;sid:84216337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.upx.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353238/; classtype:trojan-activity;sid:84216338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353239)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.63.187.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353239/; classtype:trojan-activity;sid:84216339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353240)"; flow:established,from_client; content:"GET"; http_method; content:"/seoboosss.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.169.13.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353240/; classtype:trojan-activity;sid:84216340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353241)"; flow:established,from_client; content:"GET"; http_method; content:"/gpg.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"92.255.85.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353241/; classtype:trojan-activity;sid:84216341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353234/; classtype:trojan-activity;sid:84216334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353235/; classtype:trojan-activity;sid:84216335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353231)"; flow:established,from_client; content:"GET"; http_method; content:"/sup.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353231/; classtype:trojan-activity;sid:84216331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353232)"; flow:established,from_client; content:"GET"; http_method; content:"/233/eec/createdbetterthingswithgreatnressgivenmebackwithnice.hta"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"172.245.123.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353232/; classtype:trojan-activity;sid:84216332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353233)"; flow:established,from_client; content:"GET"; http_method; content:"/unicorn/include/unicorn/platform.h"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353233/; classtype:trojan-activity;sid:84216333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353229)"; flow:established,from_client; content:"GET"; http_method; content:"/ca.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hardcore-cartwright.194-26-192-76.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353229/; classtype:trojan-activity;sid:84216329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353230)"; flow:established,from_client; content:"GET"; http_method; content:"/kajwfbkjb_bb.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"92.255.85.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353230/; classtype:trojan-activity;sid:84216330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353227)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353227/; classtype:trojan-activity;sid:84216327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353228)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"66.63.187.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353228/; classtype:trojan-activity;sid:84216328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353222)"; flow:established,from_client; content:"GET"; http_method; content:"/unicorn/include/unicorn/arm.h"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353222/; classtype:trojan-activity;sid:84216322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353223)"; flow:established,from_client; content:"GET"; http_method; content:"/unicorn/include/unicorn/riscv.h"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353223/; classtype:trojan-activity;sid:84216323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353224)"; flow:established,from_client; content:"GET"; http_method; content:"/unicorn-2.0.0rc7.dist-info/wheel"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353224/; classtype:trojan-activity;sid:84216324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353225)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"telegram-autification.lol"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353225/; classtype:trojan-activity;sid:84216325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353226)"; flow:established,from_client; content:"GET"; http_method; content:"/unicorn-2.0.0rc7.dist-info/top_level.txt"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353226/; classtype:trojan-activity;sid:84216326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353220)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.169.13.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353220/; classtype:trojan-activity;sid:84216320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353221)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.63.187.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353221/; classtype:trojan-activity;sid:84216321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353214)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353214/; classtype:trojan-activity;sid:84216314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353215)"; flow:established,from_client; content:"GET"; http_method; content:"/1010-duck-01.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353215/; classtype:trojan-activity;sid:84216315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353216)"; flow:established,from_client; content:"GET"; http_method; content:"//chromesetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353216/; classtype:trojan-activity;sid:84216316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353217)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.169.13.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353217/; classtype:trojan-activity;sid:84216317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353218)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.63.187.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353218/; classtype:trojan-activity;sid:84216318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353219)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.py"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353219/; classtype:trojan-activity;sid:84216319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353213)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.py"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353213/; classtype:trojan-activity;sid:84216313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353210)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353210/; classtype:trojan-activity;sid:84216310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353211)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.254.74.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353211/; classtype:trojan-activity;sid:84216311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353212)"; flow:established,from_client; content:"GET"; http_method; content:"/oldxteam.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hardcore-cartwright.194-26-192-76.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353212/; classtype:trojan-activity;sid:84216312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353203/; classtype:trojan-activity;sid:84216303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.ps1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353204/; classtype:trojan-activity;sid:84216304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353205)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pidors.ddosit.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353205/; classtype:trojan-activity;sid:84216305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353206)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injek3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353206/; classtype:trojan-activity;sid:84216306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353207)"; flow:established,from_client; content:"GET"; http_method; content:"/buildtagu.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.169.13.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353207/; classtype:trojan-activity;sid:84216307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353208)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353208/; classtype:trojan-activity;sid:84216308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353209)"; flow:established,from_client; content:"GET"; http_method; content:"/beetle/17.11.21/tools/run.hta"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"update.drp.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353209/; classtype:trojan-activity;sid:84216309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353196)"; flow:established,from_client; content:"GET"; http_method; content:"//xclient.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.197.69.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353196/; classtype:trojan-activity;sid:84216296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353197)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.63.187.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353197/; classtype:trojan-activity;sid:84216297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353198)"; flow:established,from_client; content:"GET"; http_method; content:"/gwergwerg.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.169.13.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353198/; classtype:trojan-activity;sid:84216298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353199)"; flow:established,from_client; content:"GET"; http_method; content:"/unicorn-2.0.0rc7.dist-info/record"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353199/; classtype:trojan-activity;sid:84216299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353200)"; flow:established,from_client; content:"GET"; http_method; content:"/getdesc.py"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353200/; classtype:trojan-activity;sid:84216300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353201)"; flow:established,from_client; content:"GET"; http_method; content:"/shop.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.169.13.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353201/; classtype:trojan-activity;sid:84216301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353202)"; flow:established,from_client; content:"GET"; http_method; content:"/43/gfcc/seethebestmethodwithgreatnessgoodnewsgreatdaygivenme.hta"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"74.208.80.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353202/; classtype:trojan-activity;sid:84216302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353189/; classtype:trojan-activity;sid:84216289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353190/; classtype:trojan-activity;sid:84216290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353191)"; flow:established,from_client; content:"GET"; http_method; content:"/elf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353191/; classtype:trojan-activity;sid:84216291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353192/; classtype:trojan-activity;sid:84216292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353193)"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353193/; classtype:trojan-activity;sid:84216293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353194)"; flow:established,from_client; content:"GET"; http_method; content:"/putong.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353194/; classtype:trojan-activity;sid:84216294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353195)"; flow:established,from_client; content:"GET"; http_method; content:"/439/wse/sweetnesswithgreatnessiwthbestthingswithmebackickmegreatthings.hta"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"23.95.235.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353195/; classtype:trojan-activity;sid:84216295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353187)"; flow:established,from_client; content:"GET"; http_method; content:"//crss.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.197.69.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353187/; classtype:trojan-activity;sid:84216287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353188)"; flow:established,from_client; content:"GET"; http_method; content:"/test.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353188/; classtype:trojan-activity;sid:84216288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353185)"; flow:established,from_client; content:"GET"; http_method; content:"/unicorn/include/unicorn/x86.h"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353185/; classtype:trojan-activity;sid:84216285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353186)"; flow:established,from_client; content:"GET"; http_method; content:"/tinynote.py"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353186/; classtype:trojan-activity;sid:84216286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353184)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.armv7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353184/; classtype:trojan-activity;sid:84216284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353180)"; flow:established,from_client; content:"GET"; http_method; content:"/vip.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353180/; classtype:trojan-activity;sid:84216280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353181)"; flow:established,from_client; content:"GET"; http_method; content:"/unicorn/include/unicorn/ppc.h"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353181/; classtype:trojan-activity;sid:84216281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353182)"; flow:established,from_client; content:"GET"; http_method; content:"/index.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353182/; classtype:trojan-activity;sid:84216282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353183)"; flow:established,from_client; content:"GET"; http_method; content:"//02.08.2022.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ecs-124-71-152-79.compute.hwclouds-dns.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353183/; classtype:trojan-activity;sid:84216283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353177)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.254.74.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353177/; classtype:trojan-activity;sid:84216277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353178)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353178/; classtype:trojan-activity;sid:84216278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353179)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi.py"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353179/; classtype:trojan-activity;sid:84216279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353176)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%af%be%e4%bb%b6-%e7%ac%ac6%e8%af%be%e6%97%b6-910%e7%ab%a0%e8%8a%82.pptx"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353176/; classtype:trojan-activity;sid:84216276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353175)"; flow:established,from_client; content:"GET"; http_method; content:"/2022%e7%bd%91%e9%bc%8e%e6%9d%af%e5%8d%8a%e5%86%b3%e8%b5%9b.7z"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353175/; classtype:trojan-activity;sid:84216275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353174)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%89%af%e6%9c%ac21.3%e8%93%9d%e9%98%9f%e6%8a%a4%e7%bd%91%e9%9d%a2%e8%af%95%e8%b5%84%e6%96%99210303.xlsx"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353174/; classtype:trojan-activity;sid:84216274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353171)"; flow:established,from_client; content:"GET"; http_method; content:"/electrum.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"electrum.la"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353171/; classtype:trojan-activity;sid:84216271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353172)"; flow:established,from_client; content:"GET"; http_method; content:"/electrum.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"elektrum.icu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353172/; classtype:trojan-activity;sid:84216272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353173)"; flow:established,from_client; content:"GET"; http_method; content:"//purchase%20order%20006-2024%20gia-av%20rev%201_pdf.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"163.123.142.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353173/; classtype:trojan-activity;sid:84216273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353167)"; flow:established,from_client; content:"GET"; http_method; content:"/powercat-v2.0/powercat.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"165.232.186.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353167/; classtype:trojan-activity;sid:84216267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353168)"; flow:established,from_client; content:"GET"; http_method; content:"/farting/nk41"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.107.126.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353168/; classtype:trojan-activity;sid:84216268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353169)"; flow:established,from_client; content:"GET"; http_method; content:"//purchase%20order%20006-2024%20gia-av%20rev%201_pdf.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"163.123.142.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353169/; classtype:trojan-activity;sid:84216269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353170)"; flow:established,from_client; content:"GET"; http_method; content:"/electrum.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.electrum.la"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353170/; classtype:trojan-activity;sid:84216270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.62.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353166/; classtype:trojan-activity;sid:84216266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.116.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353165/; classtype:trojan-activity;sid:84216265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.148.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353164/; classtype:trojan-activity;sid:84216264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.121.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353163/; classtype:trojan-activity;sid:84216263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.238.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353162/; classtype:trojan-activity;sid:84216262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.19.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353161/; classtype:trojan-activity;sid:84216261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.252.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353159/; classtype:trojan-activity;sid:84216259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.8.222"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353160/; classtype:trojan-activity;sid:84216260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.183.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353158/; classtype:trojan-activity;sid:84216258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.104.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353157/; classtype:trojan-activity;sid:84216257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.217.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353156/; classtype:trojan-activity;sid:84216256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.182.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353155/; classtype:trojan-activity;sid:84216255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.80.241"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353154/; classtype:trojan-activity;sid:84216254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.170.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353153/; classtype:trojan-activity;sid:84216253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.132.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353152/; classtype:trojan-activity;sid:84216252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.217.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353151/; classtype:trojan-activity;sid:84216251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.148.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353150/; classtype:trojan-activity;sid:84216250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.169.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353149/; classtype:trojan-activity;sid:84216249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353148/; classtype:trojan-activity;sid:84216248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.183.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353147/; classtype:trojan-activity;sid:84216247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.73.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353146/; classtype:trojan-activity;sid:84216246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353145/; classtype:trojan-activity;sid:84216245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.194.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353144/; classtype:trojan-activity;sid:84216244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.164.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353143/; classtype:trojan-activity;sid:84216243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.79.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353142/; classtype:trojan-activity;sid:84216242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.116.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353141/; classtype:trojan-activity;sid:84216241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.217.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353140/; classtype:trojan-activity;sid:84216240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.224.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353139/; classtype:trojan-activity;sid:84216239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.237.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353138/; classtype:trojan-activity;sid:84216238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.164.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353137/; classtype:trojan-activity;sid:84216237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353134/; classtype:trojan-activity;sid:84216234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353135/; classtype:trojan-activity;sid:84216235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353136/; classtype:trojan-activity;sid:84216236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353133/; classtype:trojan-activity;sid:84216233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353132/; classtype:trojan-activity;sid:84216232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.115.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353131/; classtype:trojan-activity;sid:84216231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.8.222"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353129/; classtype:trojan-activity;sid:84216229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.104.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353130/; classtype:trojan-activity;sid:84216230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.112.99.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353128/; classtype:trojan-activity;sid:84216228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353126/; classtype:trojan-activity;sid:84216226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.90.83"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353127/; classtype:trojan-activity;sid:84216227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.138.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353125/; classtype:trojan-activity;sid:84216225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.111.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353124/; classtype:trojan-activity;sid:84216224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353123)"; flow:established,from_client; content:"GET"; http_method; content:"/cqhack/ddos-script/refs/heads/master/cqhack.pl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353123/; classtype:trojan-activity;sid:84216223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.120.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353122/; classtype:trojan-activity;sid:84216222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353121/; classtype:trojan-activity;sid:84216221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.74.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353120/; classtype:trojan-activity;sid:84216220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.120.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353119/; classtype:trojan-activity;sid:84216219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.9.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353118/; classtype:trojan-activity;sid:84216218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.180.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353116/; classtype:trojan-activity;sid:84216216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.123.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353117/; classtype:trojan-activity;sid:84216217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353115/; classtype:trojan-activity;sid:84216215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.47.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353114/; classtype:trojan-activity;sid:84216214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.120.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353113/; classtype:trojan-activity;sid:84216213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.19.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353112/; classtype:trojan-activity;sid:84216212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.164.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353111/; classtype:trojan-activity;sid:84216211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.16.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353110/; classtype:trojan-activity;sid:84216210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353108/; classtype:trojan-activity;sid:84216208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.124.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353109/; classtype:trojan-activity;sid:84216209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353107/; classtype:trojan-activity;sid:84216207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353106/; classtype:trojan-activity;sid:84216206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.197.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353105/; classtype:trojan-activity;sid:84216205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.30.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353104/; classtype:trojan-activity;sid:84216204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.215.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353103/; classtype:trojan-activity;sid:84216203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.5.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353102/; classtype:trojan-activity;sid:84216202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.219.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353100/; classtype:trojan-activity;sid:84216200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.120.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353101/; classtype:trojan-activity;sid:84216201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.104.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353099/; classtype:trojan-activity;sid:84216199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.246.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353098/; classtype:trojan-activity;sid:84216198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.132.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353097/; classtype:trojan-activity;sid:84216197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.68.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353096/; classtype:trojan-activity;sid:84216196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.201.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353095/; classtype:trojan-activity;sid:84216195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353094/; classtype:trojan-activity;sid:84216194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.191.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353093/; classtype:trojan-activity;sid:84216193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.106.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353092/; classtype:trojan-activity;sid:84216192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.92.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353091/; classtype:trojan-activity;sid:84216191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.49.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353089/; classtype:trojan-activity;sid:84216189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.72.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353090/; classtype:trojan-activity;sid:84216190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.19.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353088/; classtype:trojan-activity;sid:84216188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353087/; classtype:trojan-activity;sid:84216187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.162.235.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353086/; classtype:trojan-activity;sid:84216186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.27.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353084/; classtype:trojan-activity;sid:84216184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353085/; classtype:trojan-activity;sid:84216185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353083/; classtype:trojan-activity;sid:84216183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.83.55.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353081/; classtype:trojan-activity;sid:84216181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.87.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353082/; classtype:trojan-activity;sid:84216182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.219.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353080/; classtype:trojan-activity;sid:84216180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.248.224.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353079/; classtype:trojan-activity;sid:84216179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.191.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353078/; classtype:trojan-activity;sid:84216178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.68.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353076/; classtype:trojan-activity;sid:84216176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.203.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353077/; classtype:trojan-activity;sid:84216177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.126.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353075/; classtype:trojan-activity;sid:84216175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.86.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353074/; classtype:trojan-activity;sid:84216174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353073/; classtype:trojan-activity;sid:84216173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.9.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353072/; classtype:trojan-activity;sid:84216172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.201.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353071/; classtype:trojan-activity;sid:84216171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.49.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353070/; classtype:trojan-activity;sid:84216170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.48.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353069/; classtype:trojan-activity;sid:84216169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.154.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353067/; classtype:trojan-activity;sid:84216167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.224.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353068/; classtype:trojan-activity;sid:84216168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.27.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353065/; classtype:trojan-activity;sid:84216165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.189.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353066/; classtype:trojan-activity;sid:84216166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353064/; classtype:trojan-activity;sid:84216164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.149.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353063/; classtype:trojan-activity;sid:84216163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.239.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353062/; classtype:trojan-activity;sid:84216162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.224.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353061/; classtype:trojan-activity;sid:84216161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.188.181.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353060/; classtype:trojan-activity;sid:84216160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.74.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353059/; classtype:trojan-activity;sid:84216159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353058/; classtype:trojan-activity;sid:84216158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.87.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353057/; classtype:trojan-activity;sid:84216157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.141.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353056/; classtype:trojan-activity;sid:84216156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.168.1.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353055/; classtype:trojan-activity;sid:84216155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.132.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353054/; classtype:trojan-activity;sid:84216154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.221.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353053/; classtype:trojan-activity;sid:84216153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353052/; classtype:trojan-activity;sid:84216152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353051/; classtype:trojan-activity;sid:84216151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.90.3.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353050/; classtype:trojan-activity;sid:84216150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.83.55.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353049/; classtype:trojan-activity;sid:84216149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.43.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353047/; classtype:trojan-activity;sid:84216147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.72.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353048/; classtype:trojan-activity;sid:84216148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.170.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353046/; classtype:trojan-activity;sid:84216146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353045/; classtype:trojan-activity;sid:84216145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353044/; classtype:trojan-activity;sid:84216144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353043/; classtype:trojan-activity;sid:84216143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.48.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353042/; classtype:trojan-activity;sid:84216142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.110.23.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353040/; classtype:trojan-activity;sid:84216140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.99.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353041/; classtype:trojan-activity;sid:84216141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.95.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353039/; classtype:trojan-activity;sid:84216139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.200.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353038/; classtype:trojan-activity;sid:84216138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.74.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353037/; classtype:trojan-activity;sid:84216137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.126.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353036/; classtype:trojan-activity;sid:84216136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.86.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353035/; classtype:trojan-activity;sid:84216135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.200.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353034/; classtype:trojan-activity;sid:84216134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.141.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353033/; classtype:trojan-activity;sid:84216133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.250.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353032/; classtype:trojan-activity;sid:84216132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.241.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353031/; classtype:trojan-activity;sid:84216131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.220.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353030/; classtype:trojan-activity;sid:84216130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.43.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353029/; classtype:trojan-activity;sid:84216129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.200.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353028/; classtype:trojan-activity;sid:84216128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.43.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353027/; classtype:trojan-activity;sid:84216127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353026)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hacker.kygtps.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353026/; classtype:trojan-activity;sid:84216126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353025/; classtype:trojan-activity;sid:84216125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353024/; classtype:trojan-activity;sid:84216124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353023/; classtype:trojan-activity;sid:84216123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.10.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353021/; classtype:trojan-activity;sid:84216121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.168.1.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353022/; classtype:trojan-activity;sid:84216122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.69.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353020/; classtype:trojan-activity;sid:84216120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.200.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353019/; classtype:trojan-activity;sid:84216119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.60.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353017/; classtype:trojan-activity;sid:84216117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.151.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353018/; classtype:trojan-activity;sid:84216118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.32.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353016/; classtype:trojan-activity;sid:84216116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353015/; classtype:trojan-activity;sid:84216115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353014/; classtype:trojan-activity;sid:84216114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.169.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353013/; classtype:trojan-activity;sid:84216113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.132.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353012/; classtype:trojan-activity;sid:84216112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353011)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ytluo.sectors.bowentaxlaw.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353011/; classtype:trojan-activity;sid:84216111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.57.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353010/; classtype:trojan-activity;sid:84216110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353009/; classtype:trojan-activity;sid:84216109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.35.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353008/; classtype:trojan-activity;sid:84216108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.95.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353007/; classtype:trojan-activity;sid:84216107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.93.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353006/; classtype:trojan-activity;sid:84216106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.48.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353005/; classtype:trojan-activity;sid:84216105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.11.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353004/; classtype:trojan-activity;sid:84216104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.241.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353003/; classtype:trojan-activity;sid:84216103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353002/; classtype:trojan-activity;sid:84216102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353001/; classtype:trojan-activity;sid:84216101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.231.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353000/; classtype:trojan-activity;sid:84216100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.108.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352999/; classtype:trojan-activity;sid:84216099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352998/; classtype:trojan-activity;sid:84216098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.24.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352997/; classtype:trojan-activity;sid:84216097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.175.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352996/; classtype:trojan-activity;sid:84216096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.136.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352995/; classtype:trojan-activity;sid:84216095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.170.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352994/; classtype:trojan-activity;sid:84216094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.60.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352993/; classtype:trojan-activity;sid:84216093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.35.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352991/; classtype:trojan-activity;sid:84216091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.16.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352992/; classtype:trojan-activity;sid:84216092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.252.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352989/; classtype:trojan-activity;sid:84216089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.133.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352990/; classtype:trojan-activity;sid:84216090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.38.92.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352987/; classtype:trojan-activity;sid:84216087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.202.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352988/; classtype:trojan-activity;sid:84216088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.160.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352986/; classtype:trojan-activity;sid:84216086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.149.252.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352985/; classtype:trojan-activity;sid:84216085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.88.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352983/; classtype:trojan-activity;sid:84216083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.40.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352984/; classtype:trojan-activity;sid:84216084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.100.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352972/; classtype:trojan-activity;sid:84216072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.112.100.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352973/; classtype:trojan-activity;sid:84216073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352974/; classtype:trojan-activity;sid:84216074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.17.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352975/; classtype:trojan-activity;sid:84216075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.107.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352976/; classtype:trojan-activity;sid:84216076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.144.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352977/; classtype:trojan-activity;sid:84216077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.232.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352978/; classtype:trojan-activity;sid:84216078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.247.126.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352979/; classtype:trojan-activity;sid:84216079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352980/; classtype:trojan-activity;sid:84216080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352981/; classtype:trojan-activity;sid:84216081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352982/; classtype:trojan-activity;sid:84216082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.184.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352971/; classtype:trojan-activity;sid:84216071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.101.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352970/; classtype:trojan-activity;sid:84216070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352969/; classtype:trojan-activity;sid:84216069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352968/; classtype:trojan-activity;sid:84216068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.117.45.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352964/; classtype:trojan-activity;sid:84216064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.24.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352965/; classtype:trojan-activity;sid:84216065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.193.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352966/; classtype:trojan-activity;sid:84216066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352967/; classtype:trojan-activity;sid:84216067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.100.20.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352963/; classtype:trojan-activity;sid:84216063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.64.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352962/; classtype:trojan-activity;sid:84216062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352961/; classtype:trojan-activity;sid:84216061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352960/; classtype:trojan-activity;sid:84216060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.24.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352959/; classtype:trojan-activity;sid:84216059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352958/; classtype:trojan-activity;sid:84216058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.170.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352957/; classtype:trojan-activity;sid:84216057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352956/; classtype:trojan-activity;sid:84216056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.35.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352955/; classtype:trojan-activity;sid:84216055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.28.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352954/; classtype:trojan-activity;sid:84216054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.236.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352953/; classtype:trojan-activity;sid:84216053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352952)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.161.2.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352952/; classtype:trojan-activity;sid:84216052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352951/; classtype:trojan-activity;sid:84216051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.86.133"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352950/; classtype:trojan-activity;sid:84216050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352949/; classtype:trojan-activity;sid:84216049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.153.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352948/; classtype:trojan-activity;sid:84216048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.35.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352947/; classtype:trojan-activity;sid:84216047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.154.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352946/; classtype:trojan-activity;sid:84216046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.219.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352945/; classtype:trojan-activity;sid:84216045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.28.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352944/; classtype:trojan-activity;sid:84216044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.67.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352943/; classtype:trojan-activity;sid:84216043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.80.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352942/; classtype:trojan-activity;sid:84216042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352941/; classtype:trojan-activity;sid:84216041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352940/; classtype:trojan-activity;sid:84216040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352938/; classtype:trojan-activity;sid:84216038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.73.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352939/; classtype:trojan-activity;sid:84216039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.192.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352937/; classtype:trojan-activity;sid:84216037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352936/; classtype:trojan-activity;sid:84216036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.122.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352935/; classtype:trojan-activity;sid:84216035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.207.137.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352934/; classtype:trojan-activity;sid:84216034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.60.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352933/; classtype:trojan-activity;sid:84216033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.174.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352932/; classtype:trojan-activity;sid:84216032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.234.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352931/; classtype:trojan-activity;sid:84216031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352930/; classtype:trojan-activity;sid:84216030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.80.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352929/; classtype:trojan-activity;sid:84216029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.71.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352928/; classtype:trojan-activity;sid:84216028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.220.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352927/; classtype:trojan-activity;sid:84216027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.153.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352926/; classtype:trojan-activity;sid:84216026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.201.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352925/; classtype:trojan-activity;sid:84216025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.10.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352924/; classtype:trojan-activity;sid:84216024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.190.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352923/; classtype:trojan-activity;sid:84216023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.49.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352922/; classtype:trojan-activity;sid:84216022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352921)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.30.71.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352921/; classtype:trojan-activity;sid:84216021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.237.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352920/; classtype:trojan-activity;sid:84216020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.49.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352919/; classtype:trojan-activity;sid:84216019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.37.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352918/; classtype:trojan-activity;sid:84216018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.22.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352917/; classtype:trojan-activity;sid:84216017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.77.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352916/; classtype:trojan-activity;sid:84216016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.136.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352914/; classtype:trojan-activity;sid:84216014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.211.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352915/; classtype:trojan-activity;sid:84216015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.204.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352913/; classtype:trojan-activity;sid:84216013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.36.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352912/; classtype:trojan-activity;sid:84216012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.201.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352911/; classtype:trojan-activity;sid:84216011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.82.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352910/; classtype:trojan-activity;sid:84216010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.164.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352909/; classtype:trojan-activity;sid:84216009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352908/; classtype:trojan-activity;sid:84216008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352907/; classtype:trojan-activity;sid:84216007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352906/; classtype:trojan-activity;sid:84216006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.58.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352905/; classtype:trojan-activity;sid:84216005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.217.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352904/; classtype:trojan-activity;sid:84216004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.153.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352903/; classtype:trojan-activity;sid:84216003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.237.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352902/; classtype:trojan-activity;sid:84216002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352901/; classtype:trojan-activity;sid:84216001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.114.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352900/; classtype:trojan-activity;sid:84216000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352899/; classtype:trojan-activity;sid:84215999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.36.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352898/; classtype:trojan-activity;sid:84215998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.82.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352897/; classtype:trojan-activity;sid:84215997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.151.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352896/; classtype:trojan-activity;sid:84215996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.156.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352895/; classtype:trojan-activity;sid:84215995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352894/; classtype:trojan-activity;sid:84215994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.255.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352893/; classtype:trojan-activity;sid:84215993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.159.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352892/; classtype:trojan-activity;sid:84215992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.132.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352891/; classtype:trojan-activity;sid:84215991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.75.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352890/; classtype:trojan-activity;sid:84215990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.97.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352889/; classtype:trojan-activity;sid:84215989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352888/; classtype:trojan-activity;sid:84215988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.72.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352886/; classtype:trojan-activity;sid:84215986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.93.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352887/; classtype:trojan-activity;sid:84215987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.190.232.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352885/; classtype:trojan-activity;sid:84215985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.0.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352884/; classtype:trojan-activity;sid:84215984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.189.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352883/; classtype:trojan-activity;sid:84215983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.174.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352882/; classtype:trojan-activity;sid:84215982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.47.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352881/; classtype:trojan-activity;sid:84215981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.255.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352880/; classtype:trojan-activity;sid:84215980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.159.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352878/; classtype:trojan-activity;sid:84215978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352879/; classtype:trojan-activity;sid:84215979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.125.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352877/; classtype:trojan-activity;sid:84215977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.121.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352874/; classtype:trojan-activity;sid:84215974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.15.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352875/; classtype:trojan-activity;sid:84215975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.109.167.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352876/; classtype:trojan-activity;sid:84215976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.47.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352873/; classtype:trojan-activity;sid:84215973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.242.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352872/; classtype:trojan-activity;sid:84215972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.240.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352871/; classtype:trojan-activity;sid:84215971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.97.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352870/; classtype:trojan-activity;sid:84215970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.58.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352869/; classtype:trojan-activity;sid:84215969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.123.145.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352868/; classtype:trojan-activity;sid:84215968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.201.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352867/; classtype:trojan-activity;sid:84215967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352866/; classtype:trojan-activity;sid:84215966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.119.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352865/; classtype:trojan-activity;sid:84215965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.9.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352864/; classtype:trojan-activity;sid:84215964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352862/; classtype:trojan-activity;sid:84215962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.225.239.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352863/; classtype:trojan-activity;sid:84215963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.96.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352860/; classtype:trojan-activity;sid:84215960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.160.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352861/; classtype:trojan-activity;sid:84215961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.94.33.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352859/; classtype:trojan-activity;sid:84215959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.211.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352858/; classtype:trojan-activity;sid:84215958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.124.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352857/; classtype:trojan-activity;sid:84215957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352856)"; flow:established,from_client; content:"GET"; http_method; content:"/ver/d.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.16.38.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352856/; classtype:trojan-activity;sid:84215956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352854)"; flow:established,from_client; content:"GET"; http_method; content:"/api/t.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.16.38.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352854/; classtype:trojan-activity;sid:84215954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.156.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352855/; classtype:trojan-activity;sid:84215955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352853)"; flow:established,from_client; content:"GET"; http_method; content:"/ver/xt.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.16.38.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3352853/; classtype:trojan-activity;sid:84215953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352852/; classtype:trojan-activity;sid:84215952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.31.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352851/; classtype:trojan-activity;sid:84215951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352850/; classtype:trojan-activity;sid:84215950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352845)"; flow:established,from_client; content:"GET"; http_method; content:"/app/cnc.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"200.9.154.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352845/; classtype:trojan-activity;sid:84215945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352846)"; flow:established,from_client; content:"GET"; http_method; content:"/app/hide.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.9.154.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352846/; classtype:trojan-activity;sid:84215946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352847)"; flow:established,from_client; content:"GET"; http_method; content:"/app/136bet.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"200.9.154.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352847/; classtype:trojan-activity;sid:84215947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352848)"; flow:established,from_client; content:"GET"; http_method; content:"/app/onlyfans.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"200.9.154.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352848/; classtype:trojan-activity;sid:84215948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352849)"; flow:established,from_client; content:"GET"; http_method; content:"/app/hhbet.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"200.9.154.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352849/; classtype:trojan-activity;sid:84215949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.242.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352844/; classtype:trojan-activity;sid:84215944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.216.24.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352843/; classtype:trojan-activity;sid:84215943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352842)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice_final.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"20.151.75.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352842/; classtype:trojan-activity;sid:84215942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352841)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"20.151.75.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352841/; classtype:trojan-activity;sid:84215941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.19.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352840/; classtype:trojan-activity;sid:84215940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352839)"; flow:established,from_client; content:"GET"; http_method; content:"/v2dvwa.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.151.75.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352839/; classtype:trojan-activity;sid:84215939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.191.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352837/; classtype:trojan-activity;sid:84215937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.156.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352838/; classtype:trojan-activity;sid:84215938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.64.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352836/; classtype:trojan-activity;sid:84215936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.123.145.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352835/; classtype:trojan-activity;sid:84215935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.124.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352834/; classtype:trojan-activity;sid:84215934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.85.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352833/; classtype:trojan-activity;sid:84215933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.149.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352832/; classtype:trojan-activity;sid:84215932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352827)"; flow:established,from_client; content:"GET"; http_method; content:"/h3qq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352827/; classtype:trojan-activity;sid:84215927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352828)"; flow:established,from_client; content:"GET"; http_method; content:"/c9ul"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352828/; classtype:trojan-activity;sid:84215928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352829)"; flow:established,from_client; content:"GET"; http_method; content:"/4kkr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352829/; classtype:trojan-activity;sid:84215929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352830)"; flow:established,from_client; content:"GET"; http_method; content:"/f4nu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352830/; classtype:trojan-activity;sid:84215930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352831)"; flow:established,from_client; content:"GET"; http_method; content:"/qpc9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352831/; classtype:trojan-activity;sid:84215931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352824)"; flow:established,from_client; content:"GET"; http_method; content:"/images/blink"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"65.175.140.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352824/; classtype:trojan-activity;sid:84215924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.11.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352825/; classtype:trojan-activity;sid:84215925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.201.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352826/; classtype:trojan-activity;sid:84215926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.136.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352823/; classtype:trojan-activity;sid:84215923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352822/; classtype:trojan-activity;sid:84215922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.64.243.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352819/; classtype:trojan-activity;sid:84215919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352820/; classtype:trojan-activity;sid:84215920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352821)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352821/; classtype:trojan-activity;sid:84215921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.187.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352818/; classtype:trojan-activity;sid:84215918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.40.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352817/; classtype:trojan-activity;sid:84215917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352816)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/obaqiquigeflou8dltcj.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352816/; classtype:trojan-activity;sid:84215916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352815/; classtype:trojan-activity;sid:84215915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352809)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/b9uoaokmpdan1gmmrxuo.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352809/; classtype:trojan-activity;sid:84215909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352810)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/kyorihrhn8gphiz4be4p.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352810/; classtype:trojan-activity;sid:84215910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352811)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/hn9om6j1c9ycqkei5xe2.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352811/; classtype:trojan-activity;sid:84215911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352812)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/u9iczzb5fm5owwojnw5q.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352812/; classtype:trojan-activity;sid:84215912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352813)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/spkld0pht5zkdb7062ql.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352813/; classtype:trojan-activity;sid:84215913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352814)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/yntfjbwnfbowg4ulufdq.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352814/; classtype:trojan-activity;sid:84215914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352808)"; flow:established,from_client; content:"GET"; http_method; content:"/551/sheismygirlwholovedmealotstillalsoshelovesmetrulyfromtheheart.tif"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"172.245.142.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352808/; classtype:trojan-activity;sid:84215908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352807)"; flow:established,from_client; content:"GET"; http_method; content:"/801/businessgoodgorgreatfutureinhere.tif"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"198.46.178.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352807/; classtype:trojan-activity;sid:84215907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352804)"; flow:established,from_client; content:"GET"; http_method; content:"/i686.db"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"diicotsec.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352804/; classtype:trojan-activity;sid:84215904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352805)"; flow:established,from_client; content:"GET"; http_method; content:"/regele"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"diicotsec.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352805/; classtype:trojan-activity;sid:84215905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352803)"; flow:established,from_client; content:"GET"; http_method; content:"/morganv7l.db"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"diicotsec.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352803/; classtype:trojan-activity;sid:84215903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352799)"; flow:established,from_client; content:"GET"; http_method; content:"/morganv7l.db"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"66.63.187.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352799/; classtype:trojan-activity;sid:84215899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352800)"; flow:established,from_client; content:"GET"; http_method; content:"/i686.db"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"66.63.187.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352800/; classtype:trojan-activity;sid:84215900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.191.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352801/; classtype:trojan-activity;sid:84215901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352802)"; flow:established,from_client; content:"GET"; http_method; content:"/regele"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.63.187.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352802/; classtype:trojan-activity;sid:84215902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352798/; classtype:trojan-activity;sid:84215898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352796)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/ok7yvjlvmdji9ajz.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.84.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352796/; classtype:trojan-activity;sid:84215896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352797)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/zf3dxapdnla4lnl.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.84.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352797/; classtype:trojan-activity;sid:84215897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.120.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352795/; classtype:trojan-activity;sid:84215895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.19.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352794/; classtype:trojan-activity;sid:84215894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352792)"; flow:established,from_client; content:"GET"; http_method; content:"/lol2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352792/; classtype:trojan-activity;sid:84215892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.207.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352793/; classtype:trojan-activity;sid:84215893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.245.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352791/; classtype:trojan-activity;sid:84215891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.238.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352790/; classtype:trojan-activity;sid:84215890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.87.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352789/; classtype:trojan-activity;sid:84215889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.40.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352788/; classtype:trojan-activity;sid:84215888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352787/; classtype:trojan-activity;sid:84215887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352785)"; flow:established,from_client; content:"GET"; http_method; content:"/73/simplecookiebiscutwithsweetnessforentiretime.tif"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"107.172.44.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352785/; classtype:trojan-activity;sid:84215885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352786)"; flow:established,from_client; content:"GET"; http_method; content:"/90/jcc/creamypisagreatattitudewithgreatthingsentiretimegivenmr.hta"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"107.172.44.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352786/; classtype:trojan-activity;sid:84215886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352784)"; flow:established,from_client; content:"GET"; http_method; content:"/90/createdbestedbintechnologyywithgreatlovesenoughforeverybody.tif"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"107.172.44.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352784/; classtype:trojan-activity;sid:84215884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352783/; classtype:trojan-activity;sid:84215883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352782/; classtype:trojan-activity;sid:84215882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.133.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352781/; classtype:trojan-activity;sid:84215881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352778)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/zhuanyong.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352778/; classtype:trojan-activity;sid:84215878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352779)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/amaterasu.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352779/; classtype:trojan-activity;sid:84215879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352780)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/expl.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352780/; classtype:trojan-activity;sid:84215880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.33.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352776/; classtype:trojan-activity;sid:84215876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.50.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352777/; classtype:trojan-activity;sid:84215877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.30.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352775/; classtype:trojan-activity;sid:84215875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.207.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352774/; classtype:trojan-activity;sid:84215874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352773)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique3/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352773/; classtype:trojan-activity;sid:84215873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352772)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7850253564/munjf0r.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352772/; classtype:trojan-activity;sid:84215872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352771)"; flow:established,from_client; content:"GET"; http_method; content:"/files/cloud/random.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352771/; classtype:trojan-activity;sid:84215871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.139.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352769/; classtype:trojan-activity;sid:84215869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.151.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352770/; classtype:trojan-activity;sid:84215870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352768/; classtype:trojan-activity;sid:84215868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.238.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352767/; classtype:trojan-activity;sid:84215867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352766)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|a=l64|7c|26|7c|h=195.133.11.40|7c|26|7c|p=80|7c|26|7c|stage=true|7c|26|7c|t=tcp"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"195.133.11.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352766/; classtype:trojan-activity;sid:84215866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352760)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|a=l64|7c|26|7c|h=http://195.133.11.40|7c|26|7c|p=80|7c|26|7c|stage=true|7c|26|7c|t=tcp"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"195.133.11.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352760/; classtype:trojan-activity;sid:84215860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352761)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|a=a64|7c|26|7c|h=http://195.133.11.40|7c|26|7c|p=80|7c|26|7c|stage=true|7c|26|7c|t=tcp"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"195.133.11.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352761/; classtype:trojan-activity;sid:84215861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352762)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|a=a32|7c|26|7c|h=http://195.133.11.40|7c|26|7c|p=80|7c|26|7c|stage=true|7c|26|7c|t=tcp"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"195.133.11.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352762/; classtype:trojan-activity;sid:84215862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352763)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|a=l32|7c|26|7c|h=http://195.133.11.40|7c|26|7c|p=80|7c|26|7c|stage=true|7c|26|7c|t=tcp"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"195.133.11.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352763/; classtype:trojan-activity;sid:84215863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.67.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352764/; classtype:trojan-activity;sid:84215864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352765)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|a=l32|7c|26|7c|h=195.133.11.40|7c|26|7c|p=80|7c|26|7c|stage=true|7c|26|7c|t=tcp"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"195.133.11.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352765/; classtype:trojan-activity;sid:84215865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352759/; classtype:trojan-activity;sid:84215859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352758/; classtype:trojan-activity;sid:84215858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.92.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352756/; classtype:trojan-activity;sid:84215856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352757)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"axpr.sectors.bowentaxlaw.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352757/; classtype:trojan-activity;sid:84215857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.191.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352755/; classtype:trojan-activity;sid:84215855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.55.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352754/; classtype:trojan-activity;sid:84215854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.84.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352753/; classtype:trojan-activity;sid:84215853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.102.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352752/; classtype:trojan-activity;sid:84215852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.139.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352751/; classtype:trojan-activity;sid:84215851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.255.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352750/; classtype:trojan-activity;sid:84215850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.92.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352749/; classtype:trojan-activity;sid:84215849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.39.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352748/; classtype:trojan-activity;sid:84215848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352747)"; flow:established,from_client; content:"GET"; http_method; content:"/r/o8fza/0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352747/; classtype:trojan-activity;sid:84215847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.231.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352746/; classtype:trojan-activity;sid:84215846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.25.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352745/; classtype:trojan-activity;sid:84215845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352743/; classtype:trojan-activity;sid:84215843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.124.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352744/; classtype:trojan-activity;sid:84215844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.33.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352742/; classtype:trojan-activity;sid:84215842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.199.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352741/; classtype:trojan-activity;sid:84215841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.246.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352740/; classtype:trojan-activity;sid:84215840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.254.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352739/; classtype:trojan-activity;sid:84215839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352738)"; flow:established,from_client; content:"GET"; http_method; content:"/pxdn91.armv6l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.213.187.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352738/; classtype:trojan-activity;sid:84215838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352737)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352737/; classtype:trojan-activity;sid:84215837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.51.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352736/; classtype:trojan-activity;sid:84215836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352735)"; flow:established,from_client; content:"GET"; http_method; content:"/2009/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352735/; classtype:trojan-activity;sid:84215835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.210.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352734/; classtype:trojan-activity;sid:84215834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352731)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/bzhi5tgldjtr7zev5jqx.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352731/; classtype:trojan-activity;sid:84215831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352732)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/ace9quln2hbx2am6m7oq.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352732/; classtype:trojan-activity;sid:84215832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352733)"; flow:established,from_client; content:"GET"; http_method; content:"/0911/qdf3nszxpoqhxj1hgklt.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352733/; classtype:trojan-activity;sid:84215833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352713)"; flow:established,from_client; content:"GET"; http_method; content:"/0911/nr4ysarwgzbktjicxct4.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352713/; classtype:trojan-activity;sid:84215813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352714)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/9tqj1l0acstoaaukxfdj.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352714/; classtype:trojan-activity;sid:84215814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352715)"; flow:established,from_client; content:"GET"; http_method; content:"/1109/rpqjwximfji9tfh6a0kn.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352715/; classtype:trojan-activity;sid:84215815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352716)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/sqimesc8ajavco0ttspv.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352716/; classtype:trojan-activity;sid:84215816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352717)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/hvunmw5el0eaudzupdtp.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352717/; classtype:trojan-activity;sid:84215817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352718)"; flow:established,from_client; content:"GET"; http_method; content:"/1109/wrzmqxbssmwyb2qdkw9h.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352718/; classtype:trojan-activity;sid:84215818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352719)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/ljtvc5bqwnse2pvnc2pn.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352719/; classtype:trojan-activity;sid:84215819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352720)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/4ws9dqimj1paareckepe.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352720/; classtype:trojan-activity;sid:84215820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352721)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/sqmjhsso22qtsf6pac0l.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352721/; classtype:trojan-activity;sid:84215821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352722)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/6mewtfjlkomsn1gfy4tw.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352722/; classtype:trojan-activity;sid:84215822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352723)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/fbakvybdxley1gd6x8rj.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352723/; classtype:trojan-activity;sid:84215823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352724)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/vxnguq4klzoyi1fcpaz3.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352724/; classtype:trojan-activity;sid:84215824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352725)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/pjwvskyzzzoo4oi7r3lu.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352725/; classtype:trojan-activity;sid:84215825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352726)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/57lebogcb3a7e6kqctiw.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352726/; classtype:trojan-activity;sid:84215826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352727)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/nzbyianf84kxahwgxugc.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352727/; classtype:trojan-activity;sid:84215827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352728)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/oxlwv5zm69nbjn7zbpng.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352728/; classtype:trojan-activity;sid:84215828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352729)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/exqdcdmijmdvppfhhnbt.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352729/; classtype:trojan-activity;sid:84215829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352730)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/o7dsydtnwjwcvyipktkv.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352730/; classtype:trojan-activity;sid:84215830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352694)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/htr8pg6rrt5fsvizke7d.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352694/; classtype:trojan-activity;sid:84215794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352695)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/amirjky9q13q7okiklzy.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352695/; classtype:trojan-activity;sid:84215795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352696)"; flow:established,from_client; content:"GET"; http_method; content:"/2009/wlukbxbnfkemipeehl0o.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352696/; classtype:trojan-activity;sid:84215796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352697)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/wrtavgsvyf2jrub1wqw7.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352697/; classtype:trojan-activity;sid:84215797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352698)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/vo2ukgv1ve4odbnrmap0.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352698/; classtype:trojan-activity;sid:84215798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352699)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/znxmj4lbatbkopzrtsdq.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352699/; classtype:trojan-activity;sid:84215799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352700)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/jwjb16fd41abaaxwv2mb.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352700/; classtype:trojan-activity;sid:84215800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352701)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/tanyjp8pkgfon3qqyft8.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352701/; classtype:trojan-activity;sid:84215801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352702)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/crtecyphrch5urm44hhi.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352702/; classtype:trojan-activity;sid:84215802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352703)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/ugekoxi3x7zzqsztqc6a.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352703/; classtype:trojan-activity;sid:84215803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352704)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/5twalreqxmysiwzwnp0s.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352704/; classtype:trojan-activity;sid:84215804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352705)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/9n4hxadf5dbhyxocs1di.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352705/; classtype:trojan-activity;sid:84215805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352706)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/y9znrw1wf8w9e0v0wmlh.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352706/; classtype:trojan-activity;sid:84215806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352707)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/wzcubt3gt3nerh5qpezz.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352707/; classtype:trojan-activity;sid:84215807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352708)"; flow:established,from_client; content:"GET"; http_method; content:"/2009/oylye4sfbdoxhbii3qyi.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352708/; classtype:trojan-activity;sid:84215808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352709)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/pfbjmcbjaatgievufdko.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352709/; classtype:trojan-activity;sid:84215809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352710)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/r90xvdmgx8mkvhvdzrfs.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352710/; classtype:trojan-activity;sid:84215810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352711)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/rru9jjrev9yrtqt6vj3c.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352711/; classtype:trojan-activity;sid:84215811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352712)"; flow:established,from_client; content:"GET"; http_method; content:"/1211/upcywnlevww8atgczt0z.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352712/; classtype:trojan-activity;sid:84215812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.67.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352693/; classtype:trojan-activity;sid:84215793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.40.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352692/; classtype:trojan-activity;sid:84215792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.182.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352691/; classtype:trojan-activity;sid:84215791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.84.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352690/; classtype:trojan-activity;sid:84215790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.208.123.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352689/; classtype:trojan-activity;sid:84215789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352688)"; flow:established,from_client; content:"GET"; http_method; content:"/drivers.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.201.182.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352688/; classtype:trojan-activity;sid:84215788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352687)"; flow:established,from_client; content:"GET"; http_method; content:"/segura.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"152.201.182.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352687/; classtype:trojan-activity;sid:84215787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352686)"; flow:established,from_client; content:"GET"; http_method; content:"/windows.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.201.182.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352686/; classtype:trojan-activity;sid:84215786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352685)"; flow:established,from_client; content:"GET"; http_method; content:"/drivers.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"191.93.117.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352685/; classtype:trojan-activity;sid:84215785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.132.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352684/; classtype:trojan-activity;sid:84215784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.124.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352683/; classtype:trojan-activity;sid:84215783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.111.131.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352682/; classtype:trojan-activity;sid:84215782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.240.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352680/; classtype:trojan-activity;sid:84215780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.253.80.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352681/; classtype:trojan-activity;sid:84215781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.114.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352679/; classtype:trojan-activity;sid:84215779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.247.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352678/; classtype:trojan-activity;sid:84215778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.210.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352677/; classtype:trojan-activity;sid:84215777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.13.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352676/; classtype:trojan-activity;sid:84215776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.254.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352675/; classtype:trojan-activity;sid:84215775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.208.123.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352674/; classtype:trojan-activity;sid:84215774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352673)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/mhifjmf.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352673/; classtype:trojan-activity;sid:84215773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352671)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/dnknkpm.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352671/; classtype:trojan-activity;sid:84215771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352672)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/smcembd.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352672/; classtype:trojan-activity;sid:84215772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.191.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352670/; classtype:trojan-activity;sid:84215770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352669/; classtype:trojan-activity;sid:84215769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.136.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352667/; classtype:trojan-activity;sid:84215767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.186.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352668/; classtype:trojan-activity;sid:84215768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.156.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352666/; classtype:trojan-activity;sid:84215766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.233.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352665/; classtype:trojan-activity;sid:84215765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.16.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352664/; classtype:trojan-activity;sid:84215764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.59.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352663/; classtype:trojan-activity;sid:84215763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.29.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352661/; classtype:trojan-activity;sid:84215761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.114.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352662/; classtype:trojan-activity;sid:84215762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352659/; classtype:trojan-activity;sid:84215759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.15.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352660/; classtype:trojan-activity;sid:84215760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.22.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352657/; classtype:trojan-activity;sid:84215757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.130.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352658/; classtype:trojan-activity;sid:84215758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.29.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352656/; classtype:trojan-activity;sid:84215756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.250.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352655/; classtype:trojan-activity;sid:84215755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.84.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352654/; classtype:trojan-activity;sid:84215754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.214.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352652/; classtype:trojan-activity;sid:84215752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.130.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352653/; classtype:trojan-activity;sid:84215753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.210.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352651/; classtype:trojan-activity;sid:84215751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352649/; classtype:trojan-activity;sid:84215749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352650/; classtype:trojan-activity;sid:84215750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.186.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352648/; classtype:trojan-activity;sid:84215748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.50.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352647/; classtype:trojan-activity;sid:84215747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.55.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352646/; classtype:trojan-activity;sid:84215746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352645/; classtype:trojan-activity;sid:84215745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.182.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352644/; classtype:trojan-activity;sid:84215744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.24.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352643/; classtype:trojan-activity;sid:84215743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352642/; classtype:trojan-activity;sid:84215742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.58.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352641/; classtype:trojan-activity;sid:84215741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.47.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352640/; classtype:trojan-activity;sid:84215740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.214.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352639/; classtype:trojan-activity;sid:84215739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.144.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352638/; classtype:trojan-activity;sid:84215738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.210.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352637/; classtype:trojan-activity;sid:84215737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352636/; classtype:trojan-activity;sid:84215736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.211.61.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352635/; classtype:trojan-activity;sid:84215735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352634/; classtype:trojan-activity;sid:84215734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.144.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352633/; classtype:trojan-activity;sid:84215733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.37.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352632/; classtype:trojan-activity;sid:84215732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.31.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352631/; classtype:trojan-activity;sid:84215731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.44.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352630/; classtype:trojan-activity;sid:84215730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.68.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352629/; classtype:trojan-activity;sid:84215729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.228.129.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352628/; classtype:trojan-activity;sid:84215728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.169.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352627/; classtype:trojan-activity;sid:84215727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.43.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352626/; classtype:trojan-activity;sid:84215726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.202.171.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352624/; classtype:trojan-activity;sid:84215724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.80.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352625/; classtype:trojan-activity;sid:84215725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.31.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352623/; classtype:trojan-activity;sid:84215723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.20.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352622/; classtype:trojan-activity;sid:84215722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.187.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352621/; classtype:trojan-activity;sid:84215721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.196.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352620/; classtype:trojan-activity;sid:84215720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.214.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352619/; classtype:trojan-activity;sid:84215719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.197.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352618/; classtype:trojan-activity;sid:84215718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.151.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352617/; classtype:trojan-activity;sid:84215717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.91.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352616/; classtype:trojan-activity;sid:84215716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352615/; classtype:trojan-activity;sid:84215715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.36.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352614/; classtype:trojan-activity;sid:84215714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.155.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352613/; classtype:trojan-activity;sid:84215713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.175.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352612/; classtype:trojan-activity;sid:84215712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.187.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352611/; classtype:trojan-activity;sid:84215711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.202.171.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352610/; classtype:trojan-activity;sid:84215710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.232.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352609/; classtype:trojan-activity;sid:84215709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.227.21.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352608/; classtype:trojan-activity;sid:84215708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.8.222"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352606/; classtype:trojan-activity;sid:84215706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.196.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352607/; classtype:trojan-activity;sid:84215707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.61.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352605/; classtype:trojan-activity;sid:84215705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.9.168.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352603/; classtype:trojan-activity;sid:84215703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.91.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352604/; classtype:trojan-activity;sid:84215704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352602/; classtype:trojan-activity;sid:84215702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.227.21.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352601/; classtype:trojan-activity;sid:84215701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.116.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352600/; classtype:trojan-activity;sid:84215700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.215.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352599/; classtype:trojan-activity;sid:84215699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.63.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352598/; classtype:trojan-activity;sid:84215698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.179.180.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352597/; classtype:trojan-activity;sid:84215697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.26.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352596/; classtype:trojan-activity;sid:84215696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352595/; classtype:trojan-activity;sid:84215695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.187.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352594/; classtype:trojan-activity;sid:84215694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352593/; classtype:trojan-activity;sid:84215693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.50.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352592/; classtype:trojan-activity;sid:84215692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352591/; classtype:trojan-activity;sid:84215691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.168.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352590/; classtype:trojan-activity;sid:84215690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.10.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352589/; classtype:trojan-activity;sid:84215689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.12.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352588/; classtype:trojan-activity;sid:84215688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.106.255.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352587/; classtype:trojan-activity;sid:84215687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.118.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352585/; classtype:trojan-activity;sid:84215685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352586)"; flow:established,from_client; content:"GET"; http_method; content:"/comitheicon/volatus0.5/refs/heads/main/volatus0.5.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352586/; classtype:trojan-activity;sid:84215686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.21.210"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352584/; classtype:trojan-activity;sid:84215684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.174.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352583/; classtype:trojan-activity;sid:84215683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.181.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352582/; classtype:trojan-activity;sid:84215682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.157.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352581/; classtype:trojan-activity;sid:84215681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.26.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352580/; classtype:trojan-activity;sid:84215680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352579/; classtype:trojan-activity;sid:84215679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352578/; classtype:trojan-activity;sid:84215678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.226.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352577/; classtype:trojan-activity;sid:84215677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.61.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352576/; classtype:trojan-activity;sid:84215676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352575/; classtype:trojan-activity;sid:84215675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.179.180.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352574/; classtype:trojan-activity;sid:84215674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352573/; classtype:trojan-activity;sid:84215673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.138.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352572/; classtype:trojan-activity;sid:84215672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352571)"; flow:established,from_client; content:"GET"; http_method; content:"/terms-and-conditions.bat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.103.125.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352571/; classtype:trojan-activity;sid:84215671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.224.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352570/; classtype:trojan-activity;sid:84215670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352569/; classtype:trojan-activity;sid:84215669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.168.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352568/; classtype:trojan-activity;sid:84215668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.106.255.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352567/; classtype:trojan-activity;sid:84215667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.65.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352565/; classtype:trojan-activity;sid:84215665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352566/; classtype:trojan-activity;sid:84215666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.21.210"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352564/; classtype:trojan-activity;sid:84215664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.47.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352563/; classtype:trojan-activity;sid:84215663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.147.241.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352562/; classtype:trojan-activity;sid:84215662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.159.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352561/; classtype:trojan-activity;sid:84215661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352554)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/requirements.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"65.20.104.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352554/; classtype:trojan-activity;sid:84215654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352555)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/casinorequirements.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"65.20.104.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352555/; classtype:trojan-activity;sid:84215655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352556)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/img_0219.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"65.20.104.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352556/; classtype:trojan-activity;sid:84215656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352557)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/passports.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"65.20.104.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352557/; classtype:trojan-activity;sid:84215657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352558)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/casinorequirements.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"65.20.104.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352558/; classtype:trojan-activity;sid:84215658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352559)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/requirements.pdf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"65.20.104.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352559/; classtype:trojan-activity;sid:84215659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.26.47.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352560/; classtype:trojan-activity;sid:84215660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.193.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352553/; classtype:trojan-activity;sid:84215653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.162.235.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352552/; classtype:trojan-activity;sid:84215652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352551/; classtype:trojan-activity;sid:84215651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.243.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352550/; classtype:trojan-activity;sid:84215650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.231.132.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352549/; classtype:trojan-activity;sid:84215649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.244.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352548/; classtype:trojan-activity;sid:84215648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.196.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352547/; classtype:trojan-activity;sid:84215647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.239.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352546/; classtype:trojan-activity;sid:84215646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.243.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352545/; classtype:trojan-activity;sid:84215645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352544)"; flow:established,from_client; content:"GET"; http_method; content:"/pv9lg4.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352544/; classtype:trojan-activity;sid:84215644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352543)"; flow:established,from_client; content:"GET"; http_method; content:"/fvh1yu.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352543/; classtype:trojan-activity;sid:84215643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352542)"; flow:established,from_client; content:"GET"; http_method; content:"/bb00he.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352542/; classtype:trojan-activity;sid:84215642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352541)"; flow:established,from_client; content:"GET"; http_method; content:"/1qm51s.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352541/; classtype:trojan-activity;sid:84215641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352540)"; flow:established,from_client; content:"GET"; http_method; content:"/kyyse9.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352540/; classtype:trojan-activity;sid:84215640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352539)"; flow:established,from_client; content:"GET"; http_method; content:"/t9lj5k.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352539/; classtype:trojan-activity;sid:84215639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352538)"; flow:established,from_client; content:"GET"; http_method; content:"/z8sjm9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352538/; classtype:trojan-activity;sid:84215638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352535)"; flow:established,from_client; content:"GET"; http_method; content:"/jq2n6t.xx"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352535/; classtype:trojan-activity;sid:84215635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352536)"; flow:established,from_client; content:"GET"; http_method; content:"/g7s61j.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352536/; classtype:trojan-activity;sid:84215636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352537)"; flow:established,from_client; content:"GET"; http_method; content:"/nq6sar.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352537/; classtype:trojan-activity;sid:84215637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352534)"; flow:established,from_client; content:"GET"; http_method; content:"/12hc3c.sdasda"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352534/; classtype:trojan-activity;sid:84215634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352530)"; flow:established,from_client; content:"GET"; http_method; content:"/bdird7.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352530/; classtype:trojan-activity;sid:84215630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352531)"; flow:established,from_client; content:"GET"; http_method; content:"/y2fw72.etyu"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352531/; classtype:trojan-activity;sid:84215631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352532)"; flow:established,from_client; content:"GET"; http_method; content:"/c4zv2u.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352532/; classtype:trojan-activity;sid:84215632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352533)"; flow:established,from_client; content:"GET"; http_method; content:"/hlsrr0.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352533/; classtype:trojan-activity;sid:84215633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352524)"; flow:established,from_client; content:"GET"; http_method; content:"/bb26z2.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352524/; classtype:trojan-activity;sid:84215624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352525)"; flow:established,from_client; content:"GET"; http_method; content:"/id30kq.iso"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352525/; classtype:trojan-activity;sid:84215625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352526)"; flow:established,from_client; content:"GET"; http_method; content:"/cfbydu.lzh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352526/; classtype:trojan-activity;sid:84215626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352527)"; flow:established,from_client; content:"GET"; http_method; content:"/2s9j1j.etyu"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352527/; classtype:trojan-activity;sid:84215627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352528)"; flow:established,from_client; content:"GET"; http_method; content:"/6152vo.eom"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352528/; classtype:trojan-activity;sid:84215628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352529)"; flow:established,from_client; content:"GET"; http_method; content:"/916s3a.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352529/; classtype:trojan-activity;sid:84215629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352522)"; flow:established,from_client; content:"GET"; http_method; content:"/bxqnmo.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352522/; classtype:trojan-activity;sid:84215622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352523)"; flow:established,from_client; content:"GET"; http_method; content:"/v5gcsq.sys"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352523/; classtype:trojan-activity;sid:84215623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352520)"; flow:established,from_client; content:"GET"; http_method; content:"/x5n2ng.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352520/; classtype:trojan-activity;sid:84215620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352521)"; flow:established,from_client; content:"GET"; http_method; content:"/1zxvgp.7z"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352521/; classtype:trojan-activity;sid:84215621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352518)"; flow:established,from_client; content:"GET"; http_method; content:"/oe13jp.pif"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352518/; classtype:trojan-activity;sid:84215618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352519)"; flow:established,from_client; content:"GET"; http_method; content:"/6tyj9r.so"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352519/; classtype:trojan-activity;sid:84215619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352517)"; flow:established,from_client; content:"GET"; http_method; content:"/1e7hwg.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352517/; classtype:trojan-activity;sid:84215617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352516)"; flow:established,from_client; content:"GET"; http_method; content:"/1exjp2.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352516/; classtype:trojan-activity;sid:84215616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352514)"; flow:established,from_client; content:"GET"; http_method; content:"/dyaj4s.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352514/; classtype:trojan-activity;sid:84215614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352515)"; flow:established,from_client; content:"GET"; http_method; content:"/wm0vyx.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352515/; classtype:trojan-activity;sid:84215615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352512)"; flow:established,from_client; content:"GET"; http_method; content:"/ukau4t.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352512/; classtype:trojan-activity;sid:84215612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352513)"; flow:established,from_client; content:"GET"; http_method; content:"/svtih2.etyu"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352513/; classtype:trojan-activity;sid:84215613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352511)"; flow:established,from_client; content:"GET"; http_method; content:"/nds4l2.dff"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352511/; classtype:trojan-activity;sid:84215611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352510)"; flow:established,from_client; content:"GET"; http_method; content:"/otj1hn.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352510/; classtype:trojan-activity;sid:84215610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352509)"; flow:established,from_client; content:"GET"; http_method; content:"/ulr87l.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352509/; classtype:trojan-activity;sid:84215609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352508)"; flow:established,from_client; content:"GET"; http_method; content:"/d7a83m.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352508/; classtype:trojan-activity;sid:84215608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352504)"; flow:established,from_client; content:"GET"; http_method; content:"/dcns2k.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352504/; classtype:trojan-activity;sid:84215604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352505)"; flow:established,from_client; content:"GET"; http_method; content:"/c2o1v6.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352505/; classtype:trojan-activity;sid:84215605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352506)"; flow:established,from_client; content:"GET"; http_method; content:"/q6dnuy.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352506/; classtype:trojan-activity;sid:84215606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352507)"; flow:established,from_client; content:"GET"; http_method; content:"/yz1uka.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352507/; classtype:trojan-activity;sid:84215607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352497)"; flow:established,from_client; content:"GET"; http_method; content:"/p2yldo.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352497/; classtype:trojan-activity;sid:84215597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352498)"; flow:established,from_client; content:"GET"; http_method; content:"/ycgfp2.z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352498/; classtype:trojan-activity;sid:84215598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352499)"; flow:established,from_client; content:"GET"; http_method; content:"/mbrx6q.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352499/; classtype:trojan-activity;sid:84215599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352500)"; flow:established,from_client; content:"GET"; http_method; content:"/pim7uu.etyu"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352500/; classtype:trojan-activity;sid:84215600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352501)"; flow:established,from_client; content:"GET"; http_method; content:"/nwj6ph.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352501/; classtype:trojan-activity;sid:84215601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352502)"; flow:established,from_client; content:"GET"; http_method; content:"/b37xai.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352502/; classtype:trojan-activity;sid:84215602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352503)"; flow:established,from_client; content:"GET"; http_method; content:"/821yap.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352503/; classtype:trojan-activity;sid:84215603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352495)"; flow:established,from_client; content:"GET"; http_method; content:"/rzelmw.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352495/; classtype:trojan-activity;sid:84215595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352496)"; flow:established,from_client; content:"GET"; http_method; content:"/ahjsx7.pif"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352496/; classtype:trojan-activity;sid:84215596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352490)"; flow:established,from_client; content:"GET"; http_method; content:"/nt1rgi.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352490/; classtype:trojan-activity;sid:84215590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352491)"; flow:established,from_client; content:"GET"; http_method; content:"/s9zxyp.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352491/; classtype:trojan-activity;sid:84215591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352492)"; flow:established,from_client; content:"GET"; http_method; content:"/sk2nry.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352492/; classtype:trojan-activity;sid:84215592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352493)"; flow:established,from_client; content:"GET"; http_method; content:"/dte56u.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352493/; classtype:trojan-activity;sid:84215593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352494)"; flow:established,from_client; content:"GET"; http_method; content:"/gid1a4.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352494/; classtype:trojan-activity;sid:84215594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352487)"; flow:established,from_client; content:"GET"; http_method; content:"/2o3rhv.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352487/; classtype:trojan-activity;sid:84215587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352488)"; flow:established,from_client; content:"GET"; http_method; content:"/xcuhte.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352488/; classtype:trojan-activity;sid:84215588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352489)"; flow:established,from_client; content:"GET"; http_method; content:"/pwyu5k.ace"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352489/; classtype:trojan-activity;sid:84215589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352484)"; flow:established,from_client; content:"GET"; http_method; content:"/qt0gbk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352484/; classtype:trojan-activity;sid:84215584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352485)"; flow:established,from_client; content:"GET"; http_method; content:"/rqago1.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352485/; classtype:trojan-activity;sid:84215585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352486)"; flow:established,from_client; content:"GET"; http_method; content:"/djvfvk.pif"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352486/; classtype:trojan-activity;sid:84215586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352483)"; flow:established,from_client; content:"GET"; http_method; content:"/pm6gs6.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352483/; classtype:trojan-activity;sid:84215583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352482)"; flow:established,from_client; content:"GET"; http_method; content:"/h7moag.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352482/; classtype:trojan-activity;sid:84215582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352481)"; flow:established,from_client; content:"GET"; http_method; content:"/vcqq5l.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352481/; classtype:trojan-activity;sid:84215581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.162.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352480/; classtype:trojan-activity;sid:84215580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.175.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352479/; classtype:trojan-activity;sid:84215579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.175.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352478/; classtype:trojan-activity;sid:84215578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.104.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352477/; classtype:trojan-activity;sid:84215577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.162.235.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352476/; classtype:trojan-activity;sid:84215576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352475)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"zexl.riders.50kfor50years.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352475/; classtype:trojan-activity;sid:84215575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352474)"; flow:established,from_client; content:"GET"; http_method; content:"/03371654626460552678/chrome.update.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.116.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352474/; classtype:trojan-activity;sid:84215574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352462)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.37.34.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352462/; classtype:trojan-activity;sid:84215562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352463)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.226.125.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352463/; classtype:trojan-activity;sid:84215563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352464)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"149.115.225.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352464/; classtype:trojan-activity;sid:84215564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352465)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"78.138.9.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352465/; classtype:trojan-activity;sid:84215565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352466)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"189.1.245.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352466/; classtype:trojan-activity;sid:84215566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352467)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"189.1.245.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352467/; classtype:trojan-activity;sid:84215567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352468)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.69.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352468/; classtype:trojan-activity;sid:84215568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352469)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.156.166.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352469/; classtype:trojan-activity;sid:84215569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352470)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.226.62.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352470/; classtype:trojan-activity;sid:84215570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352471)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.207.178.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352471/; classtype:trojan-activity;sid:84215571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352472)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"170.130.165.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352472/; classtype:trojan-activity;sid:84215572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352473)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.48.116.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352473/; classtype:trojan-activity;sid:84215573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352458)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.245.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352458/; classtype:trojan-activity;sid:84215558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352459)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.244.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352459/; classtype:trojan-activity;sid:84215559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352460)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.155.11.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352460/; classtype:trojan-activity;sid:84215560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352461)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.60.150.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352461/; classtype:trojan-activity;sid:84215561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352455)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.182.189.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352455/; classtype:trojan-activity;sid:84215555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352456)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.21.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352456/; classtype:trojan-activity;sid:84215556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352457)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.245.139.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352457/; classtype:trojan-activity;sid:84215557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352450)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"61.135.130.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352450/; classtype:trojan-activity;sid:84215550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352451)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"61.135.130.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352451/; classtype:trojan-activity;sid:84215551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352452)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.136.60.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352452/; classtype:trojan-activity;sid:84215552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352453)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.35.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352453/; classtype:trojan-activity;sid:84215553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352454)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.206.240.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352454/; classtype:trojan-activity;sid:84215554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352443)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"18.138.186.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352443/; classtype:trojan-activity;sid:84215543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352444)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.79.171.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352444/; classtype:trojan-activity;sid:84215544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352445)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.79.171.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352445/; classtype:trojan-activity;sid:84215545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352446)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.30.103.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352446/; classtype:trojan-activity;sid:84215546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352447)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"110.41.2.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352447/; classtype:trojan-activity;sid:84215547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352448)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"112.74.184.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352448/; classtype:trojan-activity;sid:84215548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352449)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.90.38.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352449/; classtype:trojan-activity;sid:84215549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352427)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.7.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352427/; classtype:trojan-activity;sid:84215527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352428)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.144.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352428/; classtype:trojan-activity;sid:84215528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352429)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.145.229.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352429/; classtype:trojan-activity;sid:84215529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352430)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"149.115.225.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352430/; classtype:trojan-activity;sid:84215530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352431)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.198.89.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352431/; classtype:trojan-activity;sid:84215531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352432)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.100.90.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352432/; classtype:trojan-activity;sid:84215532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352433)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.196.24.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352433/; classtype:trojan-activity;sid:84215533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352434)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"52.166.123.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352434/; classtype:trojan-activity;sid:84215534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352435)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.252.183.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352435/; classtype:trojan-activity;sid:84215535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352436)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.46.223.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352436/; classtype:trojan-activity;sid:84215536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352437)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.79.171.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352437/; classtype:trojan-activity;sid:84215537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352438)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.252.183.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352438/; classtype:trojan-activity;sid:84215538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352439)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.226.125.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352439/; classtype:trojan-activity;sid:84215539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352440)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.34.54.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352440/; classtype:trojan-activity;sid:84215540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352441)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"149.88.84.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352441/; classtype:trojan-activity;sid:84215541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352442)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.94.63.197"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352442/; classtype:trojan-activity;sid:84215542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352419)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.30.103.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352419/; classtype:trojan-activity;sid:84215519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352420)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.93.243.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352420/; classtype:trojan-activity;sid:84215520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352421)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"149.115.225.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352421/; classtype:trojan-activity;sid:84215521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352422)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.236.53.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352422/; classtype:trojan-activity;sid:84215522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352423)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.252.183.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352423/; classtype:trojan-activity;sid:84215523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352424)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.252.183.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352424/; classtype:trojan-activity;sid:84215524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352425)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.156.103.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352425/; classtype:trojan-activity;sid:84215525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352426)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"98.84.163.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352426/; classtype:trojan-activity;sid:84215526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352417)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.46.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352417/; classtype:trojan-activity;sid:84215517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352418)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.106.153.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352418/; classtype:trojan-activity;sid:84215518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352415)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.182.189.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352415/; classtype:trojan-activity;sid:84215515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352416)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.73.124.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352416/; classtype:trojan-activity;sid:84215516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352412)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"61.135.130.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352412/; classtype:trojan-activity;sid:84215512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352413)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.126.128.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352413/; classtype:trojan-activity;sid:84215513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352414)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.60.150.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352414/; classtype:trojan-activity;sid:84215514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352409)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.30.103.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352409/; classtype:trojan-activity;sid:84215509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352410)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.30.103.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352410/; classtype:trojan-activity;sid:84215510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352411)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.30.103.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352411/; classtype:trojan-activity;sid:84215511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352405)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.30.103.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352405/; classtype:trojan-activity;sid:84215505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352406)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.30.103.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352406/; classtype:trojan-activity;sid:84215506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352407)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.30.103.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352407/; classtype:trojan-activity;sid:84215507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352408)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.30.103.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352408/; classtype:trojan-activity;sid:84215508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.30.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352404/; classtype:trojan-activity;sid:84215504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.146.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352403/; classtype:trojan-activity;sid:84215503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.180.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352402/; classtype:trojan-activity;sid:84215502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.71.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352401/; classtype:trojan-activity;sid:84215501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.130.95.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352400/; classtype:trojan-activity;sid:84215500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.175.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352399/; classtype:trojan-activity;sid:84215499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.100.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352398/; classtype:trojan-activity;sid:84215498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352397/; classtype:trojan-activity;sid:84215497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.153.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352396/; classtype:trojan-activity;sid:84215496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352394)"; flow:established,from_client; content:"GET"; http_method; content:"/svchostinter.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.43.36.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352394/; classtype:trojan-activity;sid:84215494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352395)"; flow:established,from_client; content:"GET"; http_method; content:"/m"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.43.36.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352395/; classtype:trojan-activity;sid:84215495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352392)"; flow:established,from_client; content:"GET"; http_method; content:"/3344.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.43.36.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352392/; classtype:trojan-activity;sid:84215492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352393)"; flow:established,from_client; content:"GET"; http_method; content:"/3344.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.43.36.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352393/; classtype:trojan-activity;sid:84215493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.38.92.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352391/; classtype:trojan-activity;sid:84215491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.167.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352390/; classtype:trojan-activity;sid:84215490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.86.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352389/; classtype:trojan-activity;sid:84215489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.140.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352388/; classtype:trojan-activity;sid:84215488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.91.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352387/; classtype:trojan-activity;sid:84215487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.140.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352386/; classtype:trojan-activity;sid:84215486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.30.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352385/; classtype:trojan-activity;sid:84215485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352384)"; flow:established,from_client; content:"GET"; http_method; content:"/electrum.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"elektrum.cfd"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352384/; classtype:trojan-activity;sid:84215484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.187.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352382/; classtype:trojan-activity;sid:84215482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.142.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352383/; classtype:trojan-activity;sid:84215483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.248.174.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352381/; classtype:trojan-activity;sid:84215481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.252.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352377/; classtype:trojan-activity;sid:84215477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.167.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352378/; classtype:trojan-activity;sid:84215478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352376)"; flow:established,from_client; content:"GET"; http_method; content:"/.nzjjoty/abc123"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"80.76.51.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352376/; classtype:trojan-activity;sid:84215476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352375)"; flow:established,from_client; content:"GET"; http_method; content:"/ad.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.120.125.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352375/; classtype:trojan-activity;sid:84215475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352372)"; flow:established,from_client; content:"GET"; http_method; content:"/files/algoup.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.120.117.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352372/; classtype:trojan-activity;sid:84215472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352373)"; flow:established,from_client; content:"GET"; http_method; content:"/anydeskx32.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.125.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352373/; classtype:trojan-activity;sid:84215473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352374)"; flow:established,from_client; content:"GET"; http_method; content:"/03371654626460552678/chrome.update.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"genellikle.biz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352374/; classtype:trojan-activity;sid:84215474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352369)"; flow:established,from_client; content:"GET"; http_method; content:"/.x/black4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.76.51.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352369/; classtype:trojan-activity;sid:84215469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352370)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/target_market.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"get-reponse-subt2.duckdns.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352370/; classtype:trojan-activity;sid:84215470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352371)"; flow:established,from_client; content:"GET"; http_method; content:"/key.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.120.114.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352371/; classtype:trojan-activity;sid:84215471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352366)"; flow:established,from_client; content:"GET"; http_method; content:"/nnnnup_file.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.125.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352366/; classtype:trojan-activity;sid:84215466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352367)"; flow:established,from_client; content:"GET"; http_method; content:"/fenta/x"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"80.76.51.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352367/; classtype:trojan-activity;sid:84215467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352368)"; flow:established,from_client; content:"GET"; http_method; content:"/files_str.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.125.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352368/; classtype:trojan-activity;sid:84215468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.57.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352365/; classtype:trojan-activity;sid:84215465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352364/; classtype:trojan-activity;sid:84215464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.184.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352363/; classtype:trojan-activity;sid:84215463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.187.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352362/; classtype:trojan-activity;sid:84215462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352361/; classtype:trojan-activity;sid:84215461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.63.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352360/; classtype:trojan-activity;sid:84215460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.37.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352359/; classtype:trojan-activity;sid:84215459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352358/; classtype:trojan-activity;sid:84215458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.125.212.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352357/; classtype:trojan-activity;sid:84215457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.248.174.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352355/; classtype:trojan-activity;sid:84215455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352356)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/exclude.ps1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352356/; classtype:trojan-activity;sid:84215456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352353)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/svhost.vbs"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352353/; classtype:trojan-activity;sid:84215453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352354)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/m.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352354/; classtype:trojan-activity;sid:84215454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352352)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/e.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352352/; classtype:trojan-activity;sid:84215452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352351)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/refs/heads/main/m.ps1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352351/; classtype:trojan-activity;sid:84215451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.91.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352350/; classtype:trojan-activity;sid:84215450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352349)"; flow:established,from_client; content:"GET"; http_method; content:"/d976bc0afbf68d51/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"92.119.114.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352349/; classtype:trojan-activity;sid:84215449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352347)"; flow:established,from_client; content:"GET"; http_method; content:"/d976bc0afbf68d51/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"92.119.114.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352347/; classtype:trojan-activity;sid:84215447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352348)"; flow:established,from_client; content:"GET"; http_method; content:"/d976bc0afbf68d51/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"92.119.114.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352348/; classtype:trojan-activity;sid:84215448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352343)"; flow:established,from_client; content:"GET"; http_method; content:"/d976bc0afbf68d51/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"92.119.114.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352343/; classtype:trojan-activity;sid:84215443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352344)"; flow:established,from_client; content:"GET"; http_method; content:"/d976bc0afbf68d51/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"92.119.114.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352344/; classtype:trojan-activity;sid:84215444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352345)"; flow:established,from_client; content:"GET"; http_method; content:"/d976bc0afbf68d51/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"92.119.114.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352345/; classtype:trojan-activity;sid:84215445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352346)"; flow:established,from_client; content:"GET"; http_method; content:"/d976bc0afbf68d51/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"92.119.114.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352346/; classtype:trojan-activity;sid:84215446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.37.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352342/; classtype:trojan-activity;sid:84215442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.94.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352341/; classtype:trojan-activity;sid:84215441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.111.217.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352340/; classtype:trojan-activity;sid:84215440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.237.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352338/; classtype:trojan-activity;sid:84215438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.24.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352339/; classtype:trojan-activity;sid:84215439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.63.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352337/; classtype:trojan-activity;sid:84215437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.150.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352336/; classtype:trojan-activity;sid:84215436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352333)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/evc/ev/crreatedbestthingswithgreatattitudeneedforthat.hta"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"192.3.179.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352333/; classtype:trojan-activity;sid:84215433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352334)"; flow:established,from_client; content:"GET"; http_method; content:"/75/ecome.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.179.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352334/; classtype:trojan-activity;sid:84215434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352335)"; flow:established,from_client; content:"GET"; http_method; content:"/76/ecome.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.179.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352335/; classtype:trojan-activity;sid:84215435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352332)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/evc/newthingswithgreatupdateiongivenbestthingswithme.hta"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"192.3.179.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352332/; classtype:trojan-activity;sid:84215432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.215.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352330/; classtype:trojan-activity;sid:84215430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.100.164.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352331/; classtype:trojan-activity;sid:84215431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352329/; classtype:trojan-activity;sid:84215429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352326)"; flow:established,from_client; content:"GET"; http_method; content:"/hpvmaprzvuax36.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"66.63.187.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352326/; classtype:trojan-activity;sid:84215426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352327)"; flow:established,from_client; content:"GET"; http_method; content:"/grdfwebxheuyrsjcdgntlz14.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"66.63.187.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352327/; classtype:trojan-activity;sid:84215427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352328)"; flow:established,from_client; content:"GET"; http_method; content:"/wbwcspgebmkxyd199.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"66.63.187.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352328/; classtype:trojan-activity;sid:84215428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.215.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352325/; classtype:trojan-activity;sid:84215425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.160.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352324/; classtype:trojan-activity;sid:84215424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.64.210"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352322/; classtype:trojan-activity;sid:84215422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.48.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352323/; classtype:trojan-activity;sid:84215423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.191.13.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352321/; classtype:trojan-activity;sid:84215421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.18.212"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352320/; classtype:trojan-activity;sid:84215420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352319)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic6.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"durraactive.com.my"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352319/; classtype:trojan-activity;sid:84215419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352314)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic2.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"durraactive.com.my"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352314/; classtype:trojan-activity;sid:84215414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352315)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic5.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"durraactive.com.my"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352315/; classtype:trojan-activity;sid:84215415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352316)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic1.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"durraactive.com.my"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352316/; classtype:trojan-activity;sid:84215416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352317)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic7.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"durraactive.com.my"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352317/; classtype:trojan-activity;sid:84215417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352318)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic8.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"durraactive.com.my"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352318/; classtype:trojan-activity;sid:84215418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352313)"; flow:established,from_client; content:"GET"; http_method; content:"/rvn.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352313/; classtype:trojan-activity;sid:84215413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352303)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/f3dll.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352303/; classtype:trojan-activity;sid:84215403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352304)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/x2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352304/; classtype:trojan-activity;sid:84215404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352305)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/j1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352305/; classtype:trojan-activity;sid:84215405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352306)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/a1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352306/; classtype:trojan-activity;sid:84215406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352307)"; flow:established,from_client; content:"GET"; http_method; content:"/236236236"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352307/; classtype:trojan-activity;sid:84215407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352308)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/dj1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352308/; classtype:trojan-activity;sid:84215408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352309)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rt.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352309/; classtype:trojan-activity;sid:84215409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352310)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/k1r.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352310/; classtype:trojan-activity;sid:84215410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352311)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/k1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352311/; classtype:trojan-activity;sid:84215411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352312)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/ark.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352312/; classtype:trojan-activity;sid:84215412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.16.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352302/; classtype:trojan-activity;sid:84215402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352299)"; flow:established,from_client; content:"GET"; http_method; content:"/diary"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352299/; classtype:trojan-activity;sid:84215399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352300)"; flow:established,from_client; content:"GET"; http_method; content:"/bntotstats"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352300/; classtype:trojan-activity;sid:84215400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352301)"; flow:established,from_client; content:"GET"; http_method; content:"/allonstsmt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352301/; classtype:trojan-activity;sid:84215401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352298)"; flow:established,from_client; content:"GET"; http_method; content:"/tnetb.exe%d.%d.%d.%dh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352298/; classtype:trojan-activity;sid:84215398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352297)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic3.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"socmad.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352297/; classtype:trojan-activity;sid:84215397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352296)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic6.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"socmad.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352296/; classtype:trojan-activity;sid:84215396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352294)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic1.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"socmad.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352294/; classtype:trojan-activity;sid:84215394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352295)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic4.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"socmad.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352295/; classtype:trojan-activity;sid:84215395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352293)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_132.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cadirkamplari.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352293/; classtype:trojan-activity;sid:84215393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352292)"; flow:established,from_client; content:"GET"; http_method; content:"/fenix.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.124.123.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352292/; classtype:trojan-activity;sid:84215392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352291)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_132.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"destinoverde.pe"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352291/; classtype:trojan-activity;sid:84215391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352290)"; flow:established,from_client; content:"GET"; http_method; content:"/754468"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352290/; classtype:trojan-activity;sid:84215390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352289)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic2.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mapimwp.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352289/; classtype:trojan-activity;sid:84215389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352280)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic5.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"socmad.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352280/; classtype:trojan-activity;sid:84215380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352281)"; flow:established,from_client; content:"GET"; http_method; content:"/tank"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.7.214.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352281/; classtype:trojan-activity;sid:84215381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352282)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic2.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"socmad.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352282/; classtype:trojan-activity;sid:84215382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352283)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/sefile.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"socmad.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352283/; classtype:trojan-activity;sid:84215383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352284)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic5.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mapimwp.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352284/; classtype:trojan-activity;sid:84215384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352285)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic1.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mapimwp.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352285/; classtype:trojan-activity;sid:84215385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352286)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic6.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mapimwp.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352286/; classtype:trojan-activity;sid:84215386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352287)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic3.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mapimwp.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352287/; classtype:trojan-activity;sid:84215387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352288)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic8.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mapimwp.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352288/; classtype:trojan-activity;sid:84215388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352278)"; flow:established,from_client; content:"GET"; http_method; content:"/extractor64.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.94.31.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352278/; classtype:trojan-activity;sid:84215378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352279)"; flow:established,from_client; content:"GET"; http_method; content:"/prog/ctlg.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"midginvineco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352279/; classtype:trojan-activity;sid:84215379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352277)"; flow:established,from_client; content:"GET"; http_method; content:"/nvid.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.180.136.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352277/; classtype:trojan-activity;sid:84215377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352276)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic4.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sekolahalghazali.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352276/; classtype:trojan-activity;sid:84215376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352260)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_132.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"casacoimbramaputo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352260/; classtype:trojan-activity;sid:84215360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352261)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic4.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sufikhat.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352261/; classtype:trojan-activity;sid:84215361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352262)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic6.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sekolahalghazali.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352262/; classtype:trojan-activity;sid:84215362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352263)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic1.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sufikhat.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352263/; classtype:trojan-activity;sid:84215363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352264)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic3.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sekolahalghazali.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352264/; classtype:trojan-activity;sid:84215364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352265)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic1.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sekolahalghazali.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352265/; classtype:trojan-activity;sid:84215365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352266)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic3.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sufikhat.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352266/; classtype:trojan-activity;sid:84215366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352267)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic12.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"sekolahalghazali.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352267/; classtype:trojan-activity;sid:84215367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352268)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic8.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sekolahalghazali.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352268/; classtype:trojan-activity;sid:84215368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352269)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic7.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sekolahalghazali.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352269/; classtype:trojan-activity;sid:84215369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352270)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic2.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sekolahalghazali.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352270/; classtype:trojan-activity;sid:84215370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352271)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic6.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sufikhat.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352271/; classtype:trojan-activity;sid:84215371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352272)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic5.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sekolahalghazali.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352272/; classtype:trojan-activity;sid:84215372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352273)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic14.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"sekolahalghazali.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352273/; classtype:trojan-activity;sid:84215373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352274)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic13.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"sekolahalghazali.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352274/; classtype:trojan-activity;sid:84215374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352275)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/sefile.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"sekolahalghazali.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352275/; classtype:trojan-activity;sid:84215375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352258)"; flow:established,from_client; content:"GET"; http_method; content:"/factory/steel.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.214.157.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352258/; classtype:trojan-activity;sid:84215358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352259)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"147.45.47.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352259/; classtype:trojan-activity;sid:84215359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.22.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352257/; classtype:trojan-activity;sid:84215357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352256)"; flow:established,from_client; content:"GET"; http_method; content:"/dropps/hhyg/-/raw/main/hnshjdfagarmin15.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352256/; classtype:trojan-activity;sid:84215356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.150.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352254/; classtype:trojan-activity;sid:84215354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352253/; classtype:trojan-activity;sid:84215353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352251/; classtype:trojan-activity;sid:84215351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.102.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352252/; classtype:trojan-activity;sid:84215352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352250/; classtype:trojan-activity;sid:84215350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.126.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352249/; classtype:trojan-activity;sid:84215349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.78.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352248/; classtype:trojan-activity;sid:84215348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.66.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352247/; classtype:trojan-activity;sid:84215347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.166.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352246/; classtype:trojan-activity;sid:84215346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.164.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352245/; classtype:trojan-activity;sid:84215345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.159.206.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352242/; classtype:trojan-activity;sid:84215342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.116.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352243/; classtype:trojan-activity;sid:84215343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352244)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/lkkwdufd.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cyprecoofamerica.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352244/; classtype:trojan-activity;sid:84215344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352241)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/ytrnyrxc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"proship.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352241/; classtype:trojan-activity;sid:84215341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.66.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352240/; classtype:trojan-activity;sid:84215340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352239)"; flow:established,from_client; content:"GET"; http_method; content:"/imakbwpy.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"naubeautylus.ch"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352239/; classtype:trojan-activity;sid:84215339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352238)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/jetpack/modules/likes/jikjcbex.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"agrizone.ae"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352238/; classtype:trojan-activity;sid:84215338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.174.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352237/; classtype:trojan-activity;sid:84215337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352236)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/sgjdghjlkahjodfjgipodhpadfhjpghj/raw/main/helper.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352236/; classtype:trojan-activity;sid:84215336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.52.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352235/; classtype:trojan-activity;sid:84215335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.174.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352234/; classtype:trojan-activity;sid:84215334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352232)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/raw/main/nvidia.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352232/; classtype:trojan-activity;sid:84215332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352233)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/raw/main/nvidias.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352233/; classtype:trojan-activity;sid:84215333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352230)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/refs/heads/main/zz.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352230/; classtype:trojan-activity;sid:84215330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352231)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/refs/heads/main/z3.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352231/; classtype:trojan-activity;sid:84215331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352229)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/refs/heads/main/z.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352229/; classtype:trojan-activity;sid:84215329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352227)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/blob/main/nvidias.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352227/; classtype:trojan-activity;sid:84215327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352228)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/raw/refs/heads/main/nvidias.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352228/; classtype:trojan-activity;sid:84215328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352226)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/blob/main/nvidia.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352226/; classtype:trojan-activity;sid:84215326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.93.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352225/; classtype:trojan-activity;sid:84215325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352224)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/sgjdghjlkahjodfjgipodhpadfhjpghj/blob/main/helper.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352224/; classtype:trojan-activity;sid:84215324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.121.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352223/; classtype:trojan-activity;sid:84215323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352221/; classtype:trojan-activity;sid:84215321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.59.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352222/; classtype:trojan-activity;sid:84215322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352218/; classtype:trojan-activity;sid:84215318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.155.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352219/; classtype:trojan-activity;sid:84215319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.89.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352220/; classtype:trojan-activity;sid:84215320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.237.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352217/; classtype:trojan-activity;sid:84215317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352216/; classtype:trojan-activity;sid:84215316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.87.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352214/; classtype:trojan-activity;sid:84215314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.122.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352215/; classtype:trojan-activity;sid:84215315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352213/; classtype:trojan-activity;sid:84215313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352212/; classtype:trojan-activity;sid:84215312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.102.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352210/; classtype:trojan-activity;sid:84215310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.194.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352211/; classtype:trojan-activity;sid:84215311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352207/; classtype:trojan-activity;sid:84215307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352208)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/refs/heads/main/zzz.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352208/; classtype:trojan-activity;sid:84215308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352209/; classtype:trojan-activity;sid:84215309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.184.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352206/; classtype:trojan-activity;sid:84215306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.164.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352205/; classtype:trojan-activity;sid:84215305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.126.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352204/; classtype:trojan-activity;sid:84215304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352203/; classtype:trojan-activity;sid:84215303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.18.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352202/; classtype:trojan-activity;sid:84215302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.197.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352201/; classtype:trojan-activity;sid:84215301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.53.65.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352200/; classtype:trojan-activity;sid:84215300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.19.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352198/; classtype:trojan-activity;sid:84215298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.236.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352199/; classtype:trojan-activity;sid:84215299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.93.136.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352197/; classtype:trojan-activity;sid:84215297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.231.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352196/; classtype:trojan-activity;sid:84215296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.71.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352195/; classtype:trojan-activity;sid:84215295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.232.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352194/; classtype:trojan-activity;sid:84215294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.52.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352193/; classtype:trojan-activity;sid:84215293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo/27193/123719821238.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352191/; classtype:trojan-activity;sid:84215291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352192)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mailer/blue.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352192/; classtype:trojan-activity;sid:84215292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.113.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352190/; classtype:trojan-activity;sid:84215290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.33.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352187/; classtype:trojan-activity;sid:84215287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.170.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352188/; classtype:trojan-activity;sid:84215288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.244.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352189/; classtype:trojan-activity;sid:84215289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.234.159.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352186/; classtype:trojan-activity;sid:84215286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.71.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352184/; classtype:trojan-activity;sid:84215284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.219.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352185/; classtype:trojan-activity;sid:84215285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.82.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352183/; classtype:trojan-activity;sid:84215283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352182)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/roblox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352182/; classtype:trojan-activity;sid:84215282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352181)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/roblox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352181/; classtype:trojan-activity;sid:84215281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352180)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352180/; classtype:trojan-activity;sid:84215280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352178)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sintv.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352178/; classtype:trojan-activity;sid:84215278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352179)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sintv.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352179/; classtype:trojan-activity;sid:84215279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352176)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe|3f|b"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352176/; classtype:trojan-activity;sid:84215276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352177)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352177/; classtype:trojan-activity;sid:84215277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352174)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/goldlummaa.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352174/; classtype:trojan-activity;sid:84215274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352175)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/goldlummaa.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352175/; classtype:trojan-activity;sid:84215275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.125.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352173/; classtype:trojan-activity;sid:84215273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.68.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352172/; classtype:trojan-activity;sid:84215272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.245.60.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352171/; classtype:trojan-activity;sid:84215271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.19.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352169/; classtype:trojan-activity;sid:84215269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.231.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352170/; classtype:trojan-activity;sid:84215270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352168)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352168/; classtype:trojan-activity;sid:84215268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352166)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352166/; classtype:trojan-activity;sid:84215266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.18.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352167/; classtype:trojan-activity;sid:84215267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352165)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352165/; classtype:trojan-activity;sid:84215265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.83.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352164/; classtype:trojan-activity;sid:84215264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352163)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352163/; classtype:trojan-activity;sid:84215263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352157)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352157/; classtype:trojan-activity;sid:84215257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352158)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352158/; classtype:trojan-activity;sid:84215258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352159)"; flow:established,from_client; content:"GET"; http_method; content:"/darm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352159/; classtype:trojan-activity;sid:84215259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352160)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352160/; classtype:trojan-activity;sid:84215260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352161/; classtype:trojan-activity;sid:84215261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352162)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352162/; classtype:trojan-activity;sid:84215262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352153)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352153/; classtype:trojan-activity;sid:84215253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352154)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352154/; classtype:trojan-activity;sid:84215254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352155)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352155/; classtype:trojan-activity;sid:84215255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352156)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352156/; classtype:trojan-activity;sid:84215256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.181.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352152/; classtype:trojan-activity;sid:84215252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.170.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352151/; classtype:trojan-activity;sid:84215251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352144)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352144/; classtype:trojan-activity;sid:84215244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352145/; classtype:trojan-activity;sid:84215245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.242.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352146/; classtype:trojan-activity;sid:84215246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352147/; classtype:trojan-activity;sid:84215247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352148)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352148/; classtype:trojan-activity;sid:84215248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352149)"; flow:established,from_client; content:"GET"; http_method; content:"/tsh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352149/; classtype:trojan-activity;sid:84215249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352150)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"banthis.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352150/; classtype:trojan-activity;sid:84215250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352143)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/jetpack/modules/markdown/jetpackhandler"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"agrizone.ae"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352143/; classtype:trojan-activity;sid:84215243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.122.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352142/; classtype:trojan-activity;sid:84215242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.29.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352141/; classtype:trojan-activity;sid:84215241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352140)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/amt.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"grupobramam.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352140/; classtype:trojan-activity;sid:84215240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.242.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352139/; classtype:trojan-activity;sid:84215239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.41.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352138/; classtype:trojan-activity;sid:84215238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.101.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352137/; classtype:trojan-activity;sid:84215237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.122.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352136/; classtype:trojan-activity;sid:84215236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.101.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352135/; classtype:trojan-activity;sid:84215235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352134)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.151.76.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352134/; classtype:trojan-activity;sid:84215234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352133/; classtype:trojan-activity;sid:84215233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.2.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352132/; classtype:trojan-activity;sid:84215232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.136.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352131/; classtype:trojan-activity;sid:84215231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.178.125.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352130/; classtype:trojan-activity;sid:84215230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.50.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352129/; classtype:trojan-activity;sid:84215229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.44.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352128/; classtype:trojan-activity;sid:84215228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.196.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352127/; classtype:trojan-activity;sid:84215227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352121)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.216.19.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352121/; classtype:trojan-activity;sid:84215221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352122)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.216.19.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352122/; classtype:trojan-activity;sid:84215222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352123)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.216.19.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352123/; classtype:trojan-activity;sid:84215223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352124)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.216.19.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352124/; classtype:trojan-activity;sid:84215224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352125)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.216.19.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352125/; classtype:trojan-activity;sid:84215225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352126)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.216.19.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352126/; classtype:trojan-activity;sid:84215226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.189.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352120/; classtype:trojan-activity;sid:84215220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.155.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352119/; classtype:trojan-activity;sid:84215219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.187.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352118/; classtype:trojan-activity;sid:84215218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.125.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352117/; classtype:trojan-activity;sid:84215217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.181.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352116/; classtype:trojan-activity;sid:84215216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.41.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352115/; classtype:trojan-activity;sid:84215215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.229.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352114/; classtype:trojan-activity;sid:84215214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.8.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352113/; classtype:trojan-activity;sid:84215213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.187.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352112/; classtype:trojan-activity;sid:84215212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.15.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352111/; classtype:trojan-activity;sid:84215211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.206.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352110/; classtype:trojan-activity;sid:84215210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.105.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352109/; classtype:trojan-activity;sid:84215209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.176.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352106/; classtype:trojan-activity;sid:84215206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.165.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352107/; classtype:trojan-activity;sid:84215207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.232.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352108/; classtype:trojan-activity;sid:84215208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352105/; classtype:trojan-activity;sid:84215205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352103)"; flow:established,from_client; content:"GET"; http_method; content:"/7vhfjke3/plugins/clip64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352103/; classtype:trojan-activity;sid:84215203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352104)"; flow:established,from_client; content:"GET"; http_method; content:"/8fvu5jh4dbs/plugins/clip64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.81.68.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352104/; classtype:trojan-activity;sid:84215204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352099)"; flow:established,from_client; content:"GET"; http_method; content:"/8fvu5jh4dbs/plugins/cred64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.81.68.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352099/; classtype:trojan-activity;sid:84215199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352100)"; flow:established,from_client; content:"GET"; http_method; content:"/7vhfjke3/plugins/cred64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352100/; classtype:trojan-activity;sid:84215200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352101)"; flow:established,from_client; content:"GET"; http_method; content:"/8fvu5jh4dbs/plugins/cred64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.81.68.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352101/; classtype:trojan-activity;sid:84215201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352102)"; flow:established,from_client; content:"GET"; http_method; content:"/8fj482jd9/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352102/; classtype:trojan-activity;sid:84215202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352094)"; flow:established,from_client; content:"GET"; http_method; content:"/7vhfjke3/plugins/clip.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352094/; classtype:trojan-activity;sid:84215194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.200.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352095/; classtype:trojan-activity;sid:84215195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352096)"; flow:established,from_client; content:"GET"; http_method; content:"/8fj482jd9/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352096/; classtype:trojan-activity;sid:84215196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.84.139.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352097/; classtype:trojan-activity;sid:84215197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352098)"; flow:established,from_client; content:"GET"; http_method; content:"/8fj482jd9/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"62.60.226.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352098/; classtype:trojan-activity;sid:84215198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352091)"; flow:established,from_client; content:"GET"; http_method; content:"/8fvu5jh4dbs/plugins/clip.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.81.68.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352091/; classtype:trojan-activity;sid:84215191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352092)"; flow:established,from_client; content:"GET"; http_method; content:"/8fvu5jh4dbs/plugins/clip.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.81.68.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352092/; classtype:trojan-activity;sid:84215192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352093)"; flow:established,from_client; content:"GET"; http_method; content:"/8fvu5jh4dbs/plugins/clip64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.81.68.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352093/; classtype:trojan-activity;sid:84215193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352087)"; flow:established,from_client; content:"GET"; http_method; content:"/8fvu5jh4dbs/plugins/cred.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.81.68.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352087/; classtype:trojan-activity;sid:84215187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352088)"; flow:established,from_client; content:"GET"; http_method; content:"/3ofn3jf3e2ljk/plugins/cred64.dll"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"sanboxland.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352088/; classtype:trojan-activity;sid:84215188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352089)"; flow:established,from_client; content:"GET"; http_method; content:"/8fj482jd9/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"62.60.226.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352089/; classtype:trojan-activity;sid:84215189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352090)"; flow:established,from_client; content:"GET"; http_method; content:"/8fvu5jh4dbs/plugins/cred.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.81.68.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352090/; classtype:trojan-activity;sid:84215190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352082)"; flow:established,from_client; content:"GET"; http_method; content:"/3ofn3jf3e2ljk/plugins/clip64.dll"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"sanboxland.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352082/; classtype:trojan-activity;sid:84215182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352083)"; flow:established,from_client; content:"GET"; http_method; content:"/files/winrar.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.50.95.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352083/; classtype:trojan-activity;sid:84215183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352084)"; flow:established,from_client; content:"GET"; http_method; content:"/3ofn3jf3e2ljk/plugins/cred.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"sanboxland.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352084/; classtype:trojan-activity;sid:84215184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352085)"; flow:established,from_client; content:"GET"; http_method; content:"/3ofn3jf3e2ljk/plugins/clip.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"sanboxland.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352085/; classtype:trojan-activity;sid:84215185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352086)"; flow:established,from_client; content:"GET"; http_method; content:"/7vhfjke3/plugins/cred.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352086/; classtype:trojan-activity;sid:84215186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.208.201.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352081/; classtype:trojan-activity;sid:84215181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.32.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352080/; classtype:trojan-activity;sid:84215180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.138.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352079/; classtype:trojan-activity;sid:84215179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352078)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.85.1"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352078/; classtype:trojan-activity;sid:84215178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352077/; classtype:trojan-activity;sid:84215177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.41.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352076/; classtype:trojan-activity;sid:84215176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.117.45.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352075/; classtype:trojan-activity;sid:84215175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.111.131.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352074/; classtype:trojan-activity;sid:84215174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.229.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352073/; classtype:trojan-activity;sid:84215173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.176.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352072/; classtype:trojan-activity;sid:84215172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.253.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352071/; classtype:trojan-activity;sid:84215171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.200.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352070/; classtype:trojan-activity;sid:84215170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.62.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352069/; classtype:trojan-activity;sid:84215169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.84.139.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352068/; classtype:trojan-activity;sid:84215168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.206.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352067/; classtype:trojan-activity;sid:84215167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352066/; classtype:trojan-activity;sid:84215166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.208.201.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352065/; classtype:trojan-activity;sid:84215165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.46.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352064/; classtype:trojan-activity;sid:84215164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.74.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352063/; classtype:trojan-activity;sid:84215163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.117.45.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352062/; classtype:trojan-activity;sid:84215162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.26.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352061/; classtype:trojan-activity;sid:84215161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352060/; classtype:trojan-activity;sid:84215160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.157.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352059/; classtype:trojan-activity;sid:84215159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352058)"; flow:established,from_client; content:"GET"; http_method; content:"/lfauq17.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"84.38.133.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352058/; classtype:trojan-activity;sid:84215158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.223.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352055/; classtype:trojan-activity;sid:84215155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.230.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352056/; classtype:trojan-activity;sid:84215156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.99.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352057/; classtype:trojan-activity;sid:84215157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.28.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352054/; classtype:trojan-activity;sid:84215154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352053)"; flow:established,from_client; content:"GET"; http_method; content:"/47/entiretimeneedgoodthingsforgetbackbestthingswithgoodnewsfor.tif"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"192.3.122.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352053/; classtype:trojan-activity;sid:84215153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.190.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352052/; classtype:trojan-activity;sid:84215152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352051)"; flow:established,from_client; content:"GET"; http_method; content:"/files/aridekvm.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"aridekvm.us"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352051/; classtype:trojan-activity;sid:84215151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352036)"; flow:established,from_client; content:"GET"; http_method; content:"/files/puttys/puttyw.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352036/; classtype:trojan-activity;sid:84215136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352037)"; flow:established,from_client; content:"GET"; http_method; content:"/files/images/123719821238.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352037/; classtype:trojan-activity;sid:84215137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352038)"; flow:established,from_client; content:"GET"; http_method; content:"/files/blue/blue.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352038/; classtype:trojan-activity;sid:84215138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352039)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7/mails/blue.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352039/; classtype:trojan-activity;sid:84215139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352040/; classtype:trojan-activity;sid:84215140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352041)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mail/bluemail.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352041/; classtype:trojan-activity;sid:84215141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352042)"; flow:established,from_client; content:"GET"; http_method; content:"/files/gmail/mailer.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352042/; classtype:trojan-activity;sid:84215142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352043)"; flow:established,from_client; content:"GET"; http_method; content:"/files/arch/e0bf7b21-dfb9-4a08-829c-d5d5619ab86a.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352043/; classtype:trojan-activity;sid:84215143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352044)"; flow:established,from_client; content:"GET"; http_method; content:"/files/test/de470c241696.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352044/; classtype:trojan-activity;sid:84215144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352045)"; flow:established,from_client; content:"GET"; http_method; content:"/files/backup/bluemail.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352045/; classtype:trojan-activity;sid:84215145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352046)"; flow:established,from_client; content:"GET"; http_method; content:"/files/bluemail/bluemaila.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352046/; classtype:trojan-activity;sid:84215146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352047)"; flow:established,from_client; content:"GET"; http_method; content:"/files/puttys/puttyw.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352047/; classtype:trojan-activity;sid:84215147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352048)"; flow:established,from_client; content:"GET"; http_method; content:"/files/winrar/winrar.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352048/; classtype:trojan-activity;sid:84215148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352049)"; flow:established,from_client; content:"GET"; http_method; content:"/files/blue/2bbe697499ad.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352049/; classtype:trojan-activity;sid:84215149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352050)"; flow:established,from_client; content:"GET"; http_method; content:"/files/puttys/puttys.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352050/; classtype:trojan-activity;sid:84215150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.66.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352030/; classtype:trojan-activity;sid:84215130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352031)"; flow:established,from_client; content:"GET"; http_method; content:"/files/images/18239.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352031/; classtype:trojan-activity;sid:84215131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352032)"; flow:established,from_client; content:"GET"; http_method; content:"/files/images/icon.ico"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352032/; classtype:trojan-activity;sid:84215132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352033)"; flow:established,from_client; content:"GET"; http_method; content:"/files/arch/cbd731b7d487.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352033/; classtype:trojan-activity;sid:84215133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352034)"; flow:established,from_client; content:"GET"; http_method; content:"/files/winrar/eula.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352034/; classtype:trojan-activity;sid:84215134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352035)"; flow:established,from_client; content:"GET"; http_method; content:"/files/test/socks_osn.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.155.249.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352035/; classtype:trojan-activity;sid:84215135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.88.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352028/; classtype:trojan-activity;sid:84215128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.214.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352029/; classtype:trojan-activity;sid:84215129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.127.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352027/; classtype:trojan-activity;sid:84215127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.10.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352026/; classtype:trojan-activity;sid:84215126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.177.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352025/; classtype:trojan-activity;sid:84215125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.221.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352024/; classtype:trojan-activity;sid:84215124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.252.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352023/; classtype:trojan-activity;sid:84215123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.74.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352022/; classtype:trojan-activity;sid:84215122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.41.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352021/; classtype:trojan-activity;sid:84215121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.61.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352020/; classtype:trojan-activity;sid:84215120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.55.194.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352017/; classtype:trojan-activity;sid:84215117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.141.192.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352018/; classtype:trojan-activity;sid:84215118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.160.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352019/; classtype:trojan-activity;sid:84215119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352016/; classtype:trojan-activity;sid:84215116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352015/; classtype:trojan-activity;sid:84215115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.169.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352014/; classtype:trojan-activity;sid:84215114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352012/; classtype:trojan-activity;sid:84215112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.168.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352013/; classtype:trojan-activity;sid:84215113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352010/; classtype:trojan-activity;sid:84215110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.69.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352011/; classtype:trojan-activity;sid:84215111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.209.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352009/; classtype:trojan-activity;sid:84215109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.4.45.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352007/; classtype:trojan-activity;sid:84215107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.10.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352008/; classtype:trojan-activity;sid:84215108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.161.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352006/; classtype:trojan-activity;sid:84215106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.219.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352005/; classtype:trojan-activity;sid:84215105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.17.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352004/; classtype:trojan-activity;sid:84215104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.191.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352003/; classtype:trojan-activity;sid:84215103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.188.143.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352002/; classtype:trojan-activity;sid:84215102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.84.139.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352000/; classtype:trojan-activity;sid:84215100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.190.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352001/; classtype:trojan-activity;sid:84215101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.7.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351999/; classtype:trojan-activity;sid:84215099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.167.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351998/; classtype:trojan-activity;sid:84215098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.127.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351997/; classtype:trojan-activity;sid:84215097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.148.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351996/; classtype:trojan-activity;sid:84215096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.66.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351995/; classtype:trojan-activity;sid:84215095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.41.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351994/; classtype:trojan-activity;sid:84215094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351993)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.104.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351993/; classtype:trojan-activity;sid:84215093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.150.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351992/; classtype:trojan-activity;sid:84215092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351991/; classtype:trojan-activity;sid:84215091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351990/; classtype:trojan-activity;sid:84215090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.59.30.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351989/; classtype:trojan-activity;sid:84215089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.22.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351987/; classtype:trojan-activity;sid:84215087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.61.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351988/; classtype:trojan-activity;sid:84215088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.232.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351986/; classtype:trojan-activity;sid:84215086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351973)"; flow:established,from_client; content:"GET"; http_method; content:"/wrjkngh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351973/; classtype:trojan-activity;sid:84215073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351974)"; flow:established,from_client; content:"GET"; http_method; content:"/wkb86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351974/; classtype:trojan-activity;sid:84215074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351975)"; flow:established,from_client; content:"GET"; http_method; content:"/bojwsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351975/; classtype:trojan-activity;sid:84215075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351976)"; flow:established,from_client; content:"GET"; http_method; content:"/qbfwdbg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351976/; classtype:trojan-activity;sid:84215076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351977)"; flow:established,from_client; content:"GET"; http_method; content:"/njvwa4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351977/; classtype:trojan-activity;sid:84215077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351978)"; flow:established,from_client; content:"GET"; http_method; content:"/fqkjei686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351978/; classtype:trojan-activity;sid:84215078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351979)"; flow:established,from_client; content:"GET"; http_method; content:"/gnjqwpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351979/; classtype:trojan-activity;sid:84215079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351980)"; flow:established,from_client; content:"GET"; http_method; content:"/ngwa5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351980/; classtype:trojan-activity;sid:84215080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351981)"; flow:established,from_client; content:"GET"; http_method; content:"/kqibeps"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351981/; classtype:trojan-activity;sid:84215081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351982)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351982/; classtype:trojan-activity;sid:84215082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.225.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351983/; classtype:trojan-activity;sid:84215083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351984)"; flow:established,from_client; content:"GET"; http_method; content:"/fnkea7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351984/; classtype:trojan-activity;sid:84215084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351985)"; flow:established,from_client; content:"GET"; http_method; content:"/wlw68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351985/; classtype:trojan-activity;sid:84215085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351969)"; flow:established,from_client; content:"GET"; http_method; content:"/ksj64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351969/; classtype:trojan-activity;sid:84215069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.150.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351970/; classtype:trojan-activity;sid:84215070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351971)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351971/; classtype:trojan-activity;sid:84215071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351972)"; flow:established,from_client; content:"GET"; http_method; content:"/woega6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351972/; classtype:trojan-activity;sid:84215072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.167.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351968/; classtype:trojan-activity;sid:84215068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351965)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.mpsl"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351965/; classtype:trojan-activity;sid:84215065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.120.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351966/; classtype:trojan-activity;sid:84215066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351967)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.mips"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351967/; classtype:trojan-activity;sid:84215067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.136.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351963/; classtype:trojan-activity;sid:84215063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351962)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/raw/refs/heads/main/armv7l"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351962/; classtype:trojan-activity;sid:84215062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351945)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/raw/refs/heads/main/mipsel"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351945/; classtype:trojan-activity;sid:84215045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351946)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.m68k"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351946/; classtype:trojan-activity;sid:84215046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351947)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.x86"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351947/; classtype:trojan-activity;sid:84215047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351948)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.arm7"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351948/; classtype:trojan-activity;sid:84215048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351949)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.arm"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351949/; classtype:trojan-activity;sid:84215049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351950)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/raw/refs/heads/main/mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351950/; classtype:trojan-activity;sid:84215050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.167.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351951/; classtype:trojan-activity;sid:84215051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351952)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.arm6"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351952/; classtype:trojan-activity;sid:84215052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351953)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.ppc"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351953/; classtype:trojan-activity;sid:84215053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351954)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/mipsel"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351954/; classtype:trojan-activity;sid:84215054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.181.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351955/; classtype:trojan-activity;sid:84215055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351956)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/sh4"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351956/; classtype:trojan-activity;sid:84215056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351957)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/raw/refs/heads/main/x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351957/; classtype:trojan-activity;sid:84215057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351958)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.arm5"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351958/; classtype:trojan-activity;sid:84215058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351959)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/powerpc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351959/; classtype:trojan-activity;sid:84215059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351960)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/raw/refs/heads/main/.5r3fqt67ew531has4231.sh4"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351960/; classtype:trojan-activity;sid:84215060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.192.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351961/; classtype:trojan-activity;sid:84215061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351943)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hacker.kygtps.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351943/; classtype:trojan-activity;sid:84215043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351940)"; flow:established,from_client; content:"GET"; http_method; content:"/dxjs2.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351940/; classtype:trojan-activity;sid:84215040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351939)"; flow:established,from_client; content:"GET"; http_method; content:"/dxjs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351939/; classtype:trojan-activity;sid:84215039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351938)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351938/; classtype:trojan-activity;sid:84215038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351937)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351937/; classtype:trojan-activity;sid:84215037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351936)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastpdr.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351936/; classtype:trojan-activity;sid:84215036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351935)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xb_8jykxncd4mwrh4wcehnepzyeyjunt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351935/; classtype:trojan-activity;sid:84215035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351934)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin1.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cheat.underground-cheat.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351934/; classtype:trojan-activity;sid:84215034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351933)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin2.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cheat.underground-cheat.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351933/; classtype:trojan-activity;sid:84215033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351932)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12jgde-soib4liipbdhs55vkz7ek8_ua6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351932/; classtype:trojan-activity;sid:84215032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351931)"; flow:established,from_client; content:"GET"; http_method; content:"/m.png"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.113.115.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351931/; classtype:trojan-activity;sid:84215031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351928)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/armv5l"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351928/; classtype:trojan-activity;sid:84215028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351929)"; flow:established,from_client; content:"GET"; http_method; content:"/startuppp.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351929/; classtype:trojan-activity;sid:84215029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351930)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/x86_32"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351930/; classtype:trojan-activity;sid:84215030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351925)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/i586"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351925/; classtype:trojan-activity;sid:84215025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351926)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/arm7"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351926/; classtype:trojan-activity;sid:84215026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351927)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.120.125.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351927/; classtype:trojan-activity;sid:84215027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351923)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/armv4l"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351923/; classtype:trojan-activity;sid:84215023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351924)"; flow:established,from_client; content:"GET"; http_method; content:"/instrumental/basx.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.113.115.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351924/; classtype:trojan-activity;sid:84215024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351918)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/m68k"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351918/; classtype:trojan-activity;sid:84215018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351919)"; flow:established,from_client; content:"GET"; http_method; content:"/bzy43mks093ksa/bzy43mks093ksa_pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351919/; classtype:trojan-activity;sid:84215019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351920)"; flow:established,from_client; content:"GET"; http_method; content:"/c80vbsa7ymf8pytvsa/c80vbsa7ymf8pytvsa_pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351920/; classtype:trojan-activity;sid:84215020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351921)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/refs/heads/main/temp.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351921/; classtype:trojan-activity;sid:84215021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351922)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.78.65.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351922/; classtype:trojan-activity;sid:84215022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351912)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/mpsl"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351912/; classtype:trojan-activity;sid:84215012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351913)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"utorrent-backup-server3.top"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351913/; classtype:trojan-activity;sid:84215013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351914)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"utorrent-backup-server4.top"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351914/; classtype:trojan-activity;sid:84215014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351915)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6380275356/wokhy9f.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351915/; classtype:trojan-activity;sid:84215015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351916)"; flow:established,from_client; content:"GET"; http_method; content:"/dys890jksma56bvsa/dys890jksma56bvsa_pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351916/; classtype:trojan-activity;sid:84215016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351917)"; flow:established,from_client; content:"GET"; http_method; content:"/files/714785314/bxq1jd2.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351917/; classtype:trojan-activity;sid:84215017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351911)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.125.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351911/; classtype:trojan-activity;sid:84215011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351909)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"147.78.65.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351909/; classtype:trojan-activity;sid:84215009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351910)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/refs/heads/main/asyncclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351910/; classtype:trojan-activity;sid:84215010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351906)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"utorrent-backup-server.top"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351906/; classtype:trojan-activity;sid:84215006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351907)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351907/; classtype:trojan-activity;sid:84215007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351908)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/stories.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.113.115.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351908/; classtype:trojan-activity;sid:84215008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351904)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"microsoft-auth-network.cc"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351904/; classtype:trojan-activity;sid:84215004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351905)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"security-service-api-link.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351905/; classtype:trojan-activity;sid:84215005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351897)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/armv6l"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351897/; classtype:trojan-activity;sid:84214997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351898)"; flow:established,from_client; content:"GET"; http_method; content:"/pws1.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351898/; classtype:trojan-activity;sid:84214998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351899)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/mips"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351899/; classtype:trojan-activity;sid:84214999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351900)"; flow:established,from_client; content:"GET"; http_method; content:"/shtrayeasy35.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hansgborn.eu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351900/; classtype:trojan-activity;sid:84215000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351901)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/refs/heads/main/discord3.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351901/; classtype:trojan-activity;sid:84215001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351902)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/x86_64"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351902/; classtype:trojan-activity;sid:84215002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351903)"; flow:established,from_client; content:"GET"; http_method; content:"/instrumental/list.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.113.115.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351903/; classtype:trojan-activity;sid:84215003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351894)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/stail.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.113.115.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351894/; classtype:trojan-activity;sid:84214994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351895)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"85.31.47.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351895/; classtype:trojan-activity;sid:84214995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351896)"; flow:established,from_client; content:"GET"; http_method; content:"/update//tpb-1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"win-network-checker.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351896/; classtype:trojan-activity;sid:84214996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351888)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/arm6"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351888/; classtype:trojan-activity;sid:84214988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351889)"; flow:established,from_client; content:"GET"; http_method; content:"/orsa9mks6hjsvbsa/orsa9mks6hjsvbsa_pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351889/; classtype:trojan-activity;sid:84214989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351890)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.120.125.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351890/; classtype:trojan-activity;sid:84214990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351891)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"147.78.65.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351891/; classtype:trojan-activity;sid:84214991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351892)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/arm"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351892/; classtype:trojan-activity;sid:84214992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351893)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/arm5"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351893/; classtype:trojan-activity;sid:84214993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351883)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/m68k"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351883/; classtype:trojan-activity;sid:84214983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351884)"; flow:established,from_client; content:"GET"; http_method; content:"/williamreport/lwpath/refs/heads/main/main.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351884/; classtype:trojan-activity;sid:84214984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351885)"; flow:established,from_client; content:"GET"; http_method; content:"/ar7jskapmksa58o/ar7jskapmksa58o_pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351885/; classtype:trojan-activity;sid:84214985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351886)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/armv7l"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351886/; classtype:trojan-activity;sid:84214986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351887)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/sh4"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351887/; classtype:trojan-activity;sid:84214987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351882)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5131681669/susfjjy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351882/; classtype:trojan-activity;sid:84214982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351881)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/mips"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351881/; classtype:trojan-activity;sid:84214981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351877)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.125.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351877/; classtype:trojan-activity;sid:84214977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351878)"; flow:established,from_client; content:"GET"; http_method; content:"/pws.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351878/; classtype:trojan-activity;sid:84214978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351879)"; flow:established,from_client; content:"GET"; http_method; content:"/installsetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.113.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351879/; classtype:trojan-activity;sid:84214979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351880)"; flow:established,from_client; content:"GET"; http_method; content:"/new.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dbasopma.one"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351880/; classtype:trojan-activity;sid:84214980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351876)"; flow:established,from_client; content:"GET"; http_method; content:"/jstnk9/research/asyncrat-analysis/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"jstnk9.github.io"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351876/; classtype:trojan-activity;sid:84214976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351875)"; flow:established,from_client; content:"GET"; http_method; content:"/cp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351875/; classtype:trojan-activity;sid:84214975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351872)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.134.55.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351872/; classtype:trojan-activity;sid:84214972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351873)"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.134.55.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351873/; classtype:trojan-activity;sid:84214973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351874)"; flow:established,from_client; content:"GET"; http_method; content:"/x/co.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.113.115.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351874/; classtype:trojan-activity;sid:84214974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351871)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hrloader.rar"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"2.59.132.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351871/; classtype:trojan-activity;sid:84214971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351870)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/x.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351870/; classtype:trojan-activity;sid:84214970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351868)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/mmo%201.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351868/; classtype:trojan-activity;sid:84214968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351869)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/raw/refs/heads/main/runtime%20broker.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351869/; classtype:trojan-activity;sid:84214969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351865)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/stail.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.113.115.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351865/; classtype:trojan-activity;sid:84214965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351866)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/stories.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.113.115.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351866/; classtype:trojan-activity;sid:84214966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351867)"; flow:established,from_client; content:"GET"; http_method; content:"/instrumental/list.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.113.115.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351867/; classtype:trojan-activity;sid:84214967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351863)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/svhost.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351863/; classtype:trojan-activity;sid:84214963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351861)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/newwork.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.113.115.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351861/; classtype:trojan-activity;sid:84214961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351862)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351862/; classtype:trojan-activity;sid:84214962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351860)"; flow:established,from_client; content:"GET"; http_method; content:"/cc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351860/; classtype:trojan-activity;sid:84214960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351858)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/raw/refs/heads/main/registry.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351858/; classtype:trojan-activity;sid:84214958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351859)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/raw/refs/heads/main/collosalloader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351859/; classtype:trojan-activity;sid:84214959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351855)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/pic8.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sufikhat.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351855/; classtype:trojan-activity;sid:84214955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351856)"; flow:established,from_client; content:"GET"; http_method; content:"/files/archives/20c38130-81c1-4db6-a2c2-b2fd1c5c0de1.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"45.11.183.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351856/; classtype:trojan-activity;sid:84214956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351857)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.38.201.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351857/; classtype:trojan-activity;sid:84214957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351853)"; flow:established,from_client; content:"GET"; http_method; content:"/files/bluemail.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.11.183.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351853/; classtype:trojan-activity;sid:84214953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351854)"; flow:established,from_client; content:"GET"; http_method; content:"/files/archives/83b295c1-c542-47ac-9dca-32191b2161cd.rar.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"45.11.183.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351854/; classtype:trojan-activity;sid:84214954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351850)"; flow:established,from_client; content:"GET"; http_method; content:"/files/flava/random.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351850/; classtype:trojan-activity;sid:84214950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351851)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6209411516/h9tu4oy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351851/; classtype:trojan-activity;sid:84214951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351852)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351852/; classtype:trojan-activity;sid:84214952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351849)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351849/; classtype:trojan-activity;sid:84214949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351848)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8199790517/k6ualau.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351848/; classtype:trojan-activity;sid:84214948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351847)"; flow:established,from_client; content:"GET"; http_method; content:"/go.png"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.113.115.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351847/; classtype:trojan-activity;sid:84214947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351846)"; flow:established,from_client; content:"GET"; http_method; content:"/nohup.out"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.37.34.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351846/; classtype:trojan-activity;sid:84214946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351845)"; flow:established,from_client; content:"GET"; http_method; content:"/8.png"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.113.115.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351845/; classtype:trojan-activity;sid:84214945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351841)"; flow:established,from_client; content:"GET"; http_method; content:"/z.png"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.11.61.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351841/; classtype:trojan-activity;sid:84214941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351842)"; flow:established,from_client; content:"GET"; http_method; content:"/a.png"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.11.61.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351842/; classtype:trojan-activity;sid:84214942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351843)"; flow:established,from_client; content:"GET"; http_method; content:"/s.png"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.113.115.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351843/; classtype:trojan-activity;sid:84214943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351844)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6380275356/wokhy9f.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351844/; classtype:trojan-activity;sid:84214944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351835)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1737349212/xazdvqx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351835/; classtype:trojan-activity;sid:84214935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351836)"; flow:established,from_client; content:"GET"; http_method; content:"/files/206321495/ziybk6w.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351836/; classtype:trojan-activity;sid:84214936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351837)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"101.37.34.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351837/; classtype:trojan-activity;sid:84214937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351838)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7850253564/4zd5c3i.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351838/; classtype:trojan-activity;sid:84214938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351839)"; flow:established,from_client; content:"GET"; http_method; content:"/files/761339286/94cwbgg.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351839/; classtype:trojan-activity;sid:84214939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351840)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7658082748/iq7ux2z.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351840/; classtype:trojan-activity;sid:84214940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351834)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/fud2.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351834/; classtype:trojan-activity;sid:84214934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.110.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351833/; classtype:trojan-activity;sid:84214933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351832)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/sgvp%20client%20system.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351832/; classtype:trojan-activity;sid:84214932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351827)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/kys.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351827/; classtype:trojan-activity;sid:84214927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351828)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/test.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351828/; classtype:trojan-activity;sid:84214928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351829)"; flow:established,from_client; content:"GET"; http_method; content:"/jn.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"misljen.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351829/; classtype:trojan-activity;sid:84214929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351830)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351830/; classtype:trojan-activity;sid:84214930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351831)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351831/; classtype:trojan-activity;sid:84214931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351817)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/discord.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351817/; classtype:trojan-activity;sid:84214917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351818)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/discord/raw/refs/heads/main/client-built.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351818/; classtype:trojan-activity;sid:84214918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351819)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/sgvp%20client%20users.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351819/; classtype:trojan-activity;sid:84214919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351820)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351820/; classtype:trojan-activity;sid:84214920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351821)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/sgvp%20client%20program.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351821/; classtype:trojan-activity;sid:84214921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351822)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/money.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351822/; classtype:trojan-activity;sid:84214922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351823)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/raw/refs/heads/main/sharpmonoinjector.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351823/; classtype:trojan-activity;sid:84214923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351824)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/cdshmfo.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351824/; classtype:trojan-activity;sid:84214924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351825)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/client-built.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351825/; classtype:trojan-activity;sid:84214925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351826)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/refs/heads/main/client-built-playit.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351826/; classtype:trojan-activity;sid:84214926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351816)"; flow:established,from_client; content:"GET"; http_method; content:"/faokun1/aaa/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351816/; classtype:trojan-activity;sid:84214916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351812)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/raw/refs/heads/main/seksiak.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351812/; classtype:trojan-activity;sid:84214912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351813)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/raw/refs/heads/main/amogus.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351813/; classtype:trojan-activity;sid:84214913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351814)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/iafcfff.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351814/; classtype:trojan-activity;sid:84214914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351815)"; flow:established,from_client; content:"GET"; http_method; content:"/stukit/svhoste/raw/refs/heads/main/svhoste.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351815/; classtype:trojan-activity;sid:84214915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351811)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/raw/refs/heads/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351811/; classtype:trojan-activity;sid:84214911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351810)"; flow:established,from_client; content:"GET"; http_method; content:"/videoxfrx/crealstealer/raw/refs/heads/main/creal.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351810/; classtype:trojan-activity;sid:84214910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351809)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/raw/refs/heads/main/built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351809/; classtype:trojan-activity;sid:84214909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351808)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351808/; classtype:trojan-activity;sid:84214908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351806)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/ksergoe.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351806/; classtype:trojan-activity;sid:84214906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351807)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/enbcimo.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351807/; classtype:trojan-activity;sid:84214907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351805)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/hafbdeh.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351805/; classtype:trojan-activity;sid:84214905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351804)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/rrmiidc.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351804/; classtype:trojan-activity;sid:84214904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351803)"; flow:established,from_client; content:"GET"; http_method; content:"/m4hvh2/dwadwa/raw/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351803/; classtype:trojan-activity;sid:84214903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351802)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.104.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351802/; classtype:trojan-activity;sid:84214902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351801)"; flow:established,from_client; content:"GET"; http_method; content:"/kjzqfgrlerzqwugdadcn1734167391|3f|argument=k6ii2c970yndxoyl1734279437"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"home.fivegr5sb.top"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351801/; classtype:trojan-activity;sid:84214901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351800)"; flow:established,from_client; content:"GET"; http_method; content:"/lem.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"page-yoda.sbs"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351800/; classtype:trojan-activity;sid:84214900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351798)"; flow:established,from_client; content:"GET"; http_method; content:"/din.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"page-yoda.sbs"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351798/; classtype:trojan-activity;sid:84214898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351799)"; flow:established,from_client; content:"GET"; http_method; content:"/wintest.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.13.224.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351799/; classtype:trojan-activity;sid:84214899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.client.application|3f|e=support|7c|26|7c|y=guest|7c|26|7c|h=wise.4cloud.click|7c|26|7c|p=8041|7c|26|7c|s=fcac3773-cce4-4f9c-94d9-e16a6d7014e8|7c|26|7c|k=bgiaaackaabsu0exaagaaaeaaqcdgv+3qfwpem8skmlksntushygdx5vriyo1bqgmaczat/vjq2tkwifckdhydq8t8s+9rkwneftft/iga4rc/gkapufhc27ysyoi0qhthkjer8qwuvfefoh8hq3ytfpdfpm8caw2mjptkgd7nczzttvananrbxx3asc6cediavdot4gsgaeetqbfyljjdnvhvmyznidg+xqwpg+lm/a9m2yxowmaki/fyq0x90pxg/vhkk909vfrb/6pnmup514e87h2ppqyp0r1osmxfvcxr9qiqb2bqspiwqxd6hdynla/hbhog5qcqumvowsfrr77ry3dulp1e07c3zdc3mfjrxh|7c|26|7c|r=|7c|26|7c|i=untitled%20session"; http_uri; depth:582; isdataat:!1,relative; nocase; content:"docsign.coursabus.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351797/; classtype:trojan-activity;sid:84214897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.180.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351796/; classtype:trojan-activity;sid:84214896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.232.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351795/; classtype:trojan-activity;sid:84214895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.227.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351794/; classtype:trojan-activity;sid:84214894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.243.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351793/; classtype:trojan-activity;sid:84214893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351792/; classtype:trojan-activity;sid:84214892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.38.92.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351791/; classtype:trojan-activity;sid:84214891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.159.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351790/; classtype:trojan-activity;sid:84214890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.43.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351789/; classtype:trojan-activity;sid:84214889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.50.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351788/; classtype:trojan-activity;sid:84214888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.238.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351787/; classtype:trojan-activity;sid:84214887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.224.90.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351786/; classtype:trojan-activity;sid:84214886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.82.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351785/; classtype:trojan-activity;sid:84214885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.227.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351784/; classtype:trojan-activity;sid:84214884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.17.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351783/; classtype:trojan-activity;sid:84214883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.180.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351782/; classtype:trojan-activity;sid:84214882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.11.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351781/; classtype:trojan-activity;sid:84214881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.201.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351780/; classtype:trojan-activity;sid:84214880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.153.99.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351779/; classtype:trojan-activity;sid:84214879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351778/; classtype:trojan-activity;sid:84214878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.121.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351777/; classtype:trojan-activity;sid:84214877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.84.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351775/; classtype:trojan-activity;sid:84214875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.166.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351776/; classtype:trojan-activity;sid:84214876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.161.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351774/; classtype:trojan-activity;sid:84214874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.197.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351773/; classtype:trojan-activity;sid:84214873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.44.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351771/; classtype:trojan-activity;sid:84214871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.120.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351772/; classtype:trojan-activity;sid:84214872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.149.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351770/; classtype:trojan-activity;sid:84214870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.84.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351769/; classtype:trojan-activity;sid:84214869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.82.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351768/; classtype:trojan-activity;sid:84214868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.110.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351767/; classtype:trojan-activity;sid:84214867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.159.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351766/; classtype:trojan-activity;sid:84214866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.203.122.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351765/; classtype:trojan-activity;sid:84214865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.63.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351764/; classtype:trojan-activity;sid:84214864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.8.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351763/; classtype:trojan-activity;sid:84214863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351760)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"krynifbeqw.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351760/; classtype:trojan-activity;sid:84214860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351761)"; flow:established,from_client; content:"GET"; http_method; content:"/dxjs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"krynifbeqw.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351761/; classtype:trojan-activity;sid:84214861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351762)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"krynifbeqw.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351762/; classtype:trojan-activity;sid:84214862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351759)"; flow:established,from_client; content:"GET"; http_method; content:"/dxjs2.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"krynifbeqw.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351759/; classtype:trojan-activity;sid:84214859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351758)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"krynifbeqw.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351758/; classtype:trojan-activity;sid:84214858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.220.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351757/; classtype:trojan-activity;sid:84214857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351756)"; flow:established,from_client; content:"GET"; http_method; content:"/startuppppp.bat"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"krynifbeqw.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351756/; classtype:trojan-activity;sid:84214856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351755)"; flow:established,from_client; content:"GET"; http_method; content:"/83hjs84028437483921982382/83hjs84028437483921982382.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"krynifbeqw.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351755/; classtype:trojan-activity;sid:84214855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351752)"; flow:established,from_client; content:"GET"; http_method; content:"/pws1.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"krynifbeqw.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351752/; classtype:trojan-activity;sid:84214852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351753)"; flow:established,from_client; content:"GET"; http_method; content:"/pws.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"krynifbeqw.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351753/; classtype:trojan-activity;sid:84214853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351754)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"krynifbeqw.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351754/; classtype:trojan-activity;sid:84214854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.129.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351751/; classtype:trojan-activity;sid:84214851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.4.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351750/; classtype:trojan-activity;sid:84214850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.44.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351748/; classtype:trojan-activity;sid:84214848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.93.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351749/; classtype:trojan-activity;sid:84214849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.197.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351747/; classtype:trojan-activity;sid:84214847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.18.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351746/; classtype:trojan-activity;sid:84214846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.160.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351745/; classtype:trojan-activity;sid:84214845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.111.16.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351744/; classtype:trojan-activity;sid:84214844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.59.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351743/; classtype:trojan-activity;sid:84214843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351742)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.12.183.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351742/; classtype:trojan-activity;sid:84214842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.206.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351741/; classtype:trojan-activity;sid:84214841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.11.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351739/; classtype:trojan-activity;sid:84214839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.8.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351740/; classtype:trojan-activity;sid:84214840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.26.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351738/; classtype:trojan-activity;sid:84214838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.58.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351737/; classtype:trojan-activity;sid:84214837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.131.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351736/; classtype:trojan-activity;sid:84214836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.44.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351735/; classtype:trojan-activity;sid:84214835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.224.90.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351733/; classtype:trojan-activity;sid:84214833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.29.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351734/; classtype:trojan-activity;sid:84214834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.129.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351732/; classtype:trojan-activity;sid:84214832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.39.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351730/; classtype:trojan-activity;sid:84214830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.186.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351731/; classtype:trojan-activity;sid:84214831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.4.2.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351729/; classtype:trojan-activity;sid:84214829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.29.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351728/; classtype:trojan-activity;sid:84214828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.178.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351727/; classtype:trojan-activity;sid:84214827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.181.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351726/; classtype:trojan-activity;sid:84214826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.11.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351724/; classtype:trojan-activity;sid:84214824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.47.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351725/; classtype:trojan-activity;sid:84214825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.200.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351723/; classtype:trojan-activity;sid:84214823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351722/; classtype:trojan-activity;sid:84214822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351721/; classtype:trojan-activity;sid:84214821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.73.72.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351720/; classtype:trojan-activity;sid:84214820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.123.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351719/; classtype:trojan-activity;sid:84214819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.6.72"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351718/; classtype:trojan-activity;sid:84214818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.65.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351717/; classtype:trojan-activity;sid:84214817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.97.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351715/; classtype:trojan-activity;sid:84214815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.35"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351716/; classtype:trojan-activity;sid:84214816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351713)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351713/; classtype:trojan-activity;sid:84214813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351714)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351714/; classtype:trojan-activity;sid:84214814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351704)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351704/; classtype:trojan-activity;sid:84214804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351705)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351705/; classtype:trojan-activity;sid:84214805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351706)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.11.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351706/; classtype:trojan-activity;sid:84214806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351707)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351707/; classtype:trojan-activity;sid:84214807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351708)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351708/; classtype:trojan-activity;sid:84214808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351709)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351709/; classtype:trojan-activity;sid:84214809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351710)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351710/; classtype:trojan-activity;sid:84214810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351711)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351711/; classtype:trojan-activity;sid:84214811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351712)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351712/; classtype:trojan-activity;sid:84214812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351702)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351702/; classtype:trojan-activity;sid:84214802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351703)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351703/; classtype:trojan-activity;sid:84214803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351700)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.251.79.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351700/; classtype:trojan-activity;sid:84214800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351701)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.251.79.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351701/; classtype:trojan-activity;sid:84214801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351676)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351676/; classtype:trojan-activity;sid:84214776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351677)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.powerpc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351677/; classtype:trojan-activity;sid:84214777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351678)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351678/; classtype:trojan-activity;sid:84214778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351679)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351679/; classtype:trojan-activity;sid:84214779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351680)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351680/; classtype:trojan-activity;sid:84214780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351681)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351681/; classtype:trojan-activity;sid:84214781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351682)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351682/; classtype:trojan-activity;sid:84214782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351683)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.11.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351683/; classtype:trojan-activity;sid:84214783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351684)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351684/; classtype:trojan-activity;sid:84214784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351685)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351685/; classtype:trojan-activity;sid:84214785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351686)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351686/; classtype:trojan-activity;sid:84214786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351687)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351687/; classtype:trojan-activity;sid:84214787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351688)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351688/; classtype:trojan-activity;sid:84214788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351689)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351689/; classtype:trojan-activity;sid:84214789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351690)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351690/; classtype:trojan-activity;sid:84214790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351691)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351691/; classtype:trojan-activity;sid:84214791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351692)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351692/; classtype:trojan-activity;sid:84214792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351693)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.172.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351693/; classtype:trojan-activity;sid:84214793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351694)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351694/; classtype:trojan-activity;sid:84214794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351695)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351695/; classtype:trojan-activity;sid:84214795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351696)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351696/; classtype:trojan-activity;sid:84214796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351697)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351697/; classtype:trojan-activity;sid:84214797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351698)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351698/; classtype:trojan-activity;sid:84214798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351699)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351699/; classtype:trojan-activity;sid:84214799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351675)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351675/; classtype:trojan-activity;sid:84214775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351669)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.251.79.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351669/; classtype:trojan-activity;sid:84214769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351670)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.251.79.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351670/; classtype:trojan-activity;sid:84214770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351671)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.251.79.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351671/; classtype:trojan-activity;sid:84214771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351672)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.251.79.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351672/; classtype:trojan-activity;sid:84214772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351673)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.251.79.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351673/; classtype:trojan-activity;sid:84214773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351674)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.251.79.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351674/; classtype:trojan-activity;sid:84214774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351666)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.251.79.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351666/; classtype:trojan-activity;sid:84214766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351667)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.251.79.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351667/; classtype:trojan-activity;sid:84214767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351668)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.251.79.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351668/; classtype:trojan-activity;sid:84214768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351664)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/riscv32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351664/; classtype:trojan-activity;sid:84214764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351665)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/arc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351665/; classtype:trojan-activity;sid:84214765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351663)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351663/; classtype:trojan-activity;sid:84214763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351659)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351659/; classtype:trojan-activity;sid:84214759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351660)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/sparc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351660/; classtype:trojan-activity;sid:84214760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351661)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/mipsel"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351661/; classtype:trojan-activity;sid:84214761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351662)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351662/; classtype:trojan-activity;sid:84214762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351658)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351658/; classtype:trojan-activity;sid:84214758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351657)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351657/; classtype:trojan-activity;sid:84214757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351654)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/powerpc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351654/; classtype:trojan-activity;sid:84214754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351655)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv4eb"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351655/; classtype:trojan-activity;sid:84214755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351656)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351656/; classtype:trojan-activity;sid:84214756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351646)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351646/; classtype:trojan-activity;sid:84214746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351647)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.172.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351647/; classtype:trojan-activity;sid:84214747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351648)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351648/; classtype:trojan-activity;sid:84214748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351649)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351649/; classtype:trojan-activity;sid:84214749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351650)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351650/; classtype:trojan-activity;sid:84214750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351651)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.124.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351651/; classtype:trojan-activity;sid:84214751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351652)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.45.124.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351652/; classtype:trojan-activity;sid:84214752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351653)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.45.124.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351653/; classtype:trojan-activity;sid:84214753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351642)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.133.56.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351642/; classtype:trojan-activity;sid:84214742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351643)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.172.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351643/; classtype:trojan-activity;sid:84214743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351644)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.11.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351644/; classtype:trojan-activity;sid:84214744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351645)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.133.56.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351645/; classtype:trojan-activity;sid:84214745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351636)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.133.56.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351636/; classtype:trojan-activity;sid:84214736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351637)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ygqdzsyabrusghdx0xhmr0yut1r1ju51i0"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351637/; classtype:trojan-activity;sid:84214737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351638)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351638/; classtype:trojan-activity;sid:84214738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351639)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.11.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351639/; classtype:trojan-activity;sid:84214739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351640)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351640/; classtype:trojan-activity;sid:84214740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yzthadmnk85agfskufcxowyi3ucaghken9"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351641/; classtype:trojan-activity;sid:84214741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351615)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.172.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351615/; classtype:trojan-activity;sid:84214715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351616)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.11.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351616/; classtype:trojan-activity;sid:84214716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351617)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.172.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351617/; classtype:trojan-activity;sid:84214717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351618)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.11.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351618/; classtype:trojan-activity;sid:84214718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351619)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.172.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351619/; classtype:trojan-activity;sid:84214719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351620)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.172.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351620/; classtype:trojan-activity;sid:84214720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351621)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.172.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351621/; classtype:trojan-activity;sid:84214721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351622)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351622/; classtype:trojan-activity;sid:84214722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351623)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351623/; classtype:trojan-activity;sid:84214723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351624)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.133.56.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351624/; classtype:trojan-activity;sid:84214724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351625)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351625/; classtype:trojan-activity;sid:84214725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351626)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351626/; classtype:trojan-activity;sid:84214726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351627)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.133.56.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351627/; classtype:trojan-activity;sid:84214727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351628)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.124.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351628/; classtype:trojan-activity;sid:84214728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351629)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.172.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351629/; classtype:trojan-activity;sid:84214729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351630)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.133.56.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351630/; classtype:trojan-activity;sid:84214730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351631)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351631/; classtype:trojan-activity;sid:84214731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351632)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.45.124.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351632/; classtype:trojan-activity;sid:84214732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351633)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.133.56.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351633/; classtype:trojan-activity;sid:84214733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351634)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351634/; classtype:trojan-activity;sid:84214734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351635)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.172.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351635/; classtype:trojan-activity;sid:84214735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351614)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.172.83.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351614/; classtype:trojan-activity;sid:84214714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351611)"; flow:established,from_client; content:"GET"; http_method; content:"/1734309121_96dec7b5453d94a762b185a7676bcee8/firmware.safe.mips.dbg"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351611/; classtype:trojan-activity;sid:84214711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351612)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/9mrjtomtqk3fb2kmni7rnkm65hyramdjv9"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351612/; classtype:trojan-activity;sid:84214712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351613)"; flow:established,from_client; content:"GET"; http_method; content:"/1734309121_96dec7b5453d94a762b185a7676bcee8/firmware.safe.armv7l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351613/; classtype:trojan-activity;sid:84214713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351606)"; flow:established,from_client; content:"GET"; http_method; content:"/1734309121_96dec7b5453d94a762b185a7676bcee8/firmware.safe.mips64"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351606/; classtype:trojan-activity;sid:84214706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351607)"; flow:established,from_client; content:"GET"; http_method; content:"/1734309121_96dec7b5453d94a762b185a7676bcee8/firmware.safe.armv6l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351607/; classtype:trojan-activity;sid:84214707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351608)"; flow:established,from_client; content:"GET"; http_method; content:"/1734309121_96dec7b5453d94a762b185a7676bcee8/firmware.safe.armv4l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351608/; classtype:trojan-activity;sid:84214708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351609)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jqfiglv5tfwetkzbzwo8iaoirusyuqomka"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351609/; classtype:trojan-activity;sid:84214709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351610)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wcfmdt3wzijxqr7ccld6lf9j3xdhwfwmkv"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351610/; classtype:trojan-activity;sid:84214710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351586)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.127.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351586/; classtype:trojan-activity;sid:84214686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351587)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351587/; classtype:trojan-activity;sid:84214687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351588)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.124.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351588/; classtype:trojan-activity;sid:84214688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351589)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.133.56.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351589/; classtype:trojan-activity;sid:84214689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351590)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351590/; classtype:trojan-activity;sid:84214690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351591)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.124.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351591/; classtype:trojan-activity;sid:84214691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351592)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.45.124.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351592/; classtype:trojan-activity;sid:84214692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351593)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.11.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351593/; classtype:trojan-activity;sid:84214693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351594)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351594/; classtype:trojan-activity;sid:84214694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351595)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.133.56.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351595/; classtype:trojan-activity;sid:84214695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351596)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351596/; classtype:trojan-activity;sid:84214696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351597)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351597/; classtype:trojan-activity;sid:84214697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351598)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351598/; classtype:trojan-activity;sid:84214698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351599)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351599/; classtype:trojan-activity;sid:84214699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351600)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.133.56.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351600/; classtype:trojan-activity;sid:84214700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351601)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.133.56.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351601/; classtype:trojan-activity;sid:84214701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351602)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351602/; classtype:trojan-activity;sid:84214702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351603)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.45.124.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351603/; classtype:trojan-activity;sid:84214703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351604)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351604/; classtype:trojan-activity;sid:84214704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351605)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.11.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351605/; classtype:trojan-activity;sid:84214705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351571)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351571/; classtype:trojan-activity;sid:84214671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351572)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351572/; classtype:trojan-activity;sid:84214672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351573)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.11.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351573/; classtype:trojan-activity;sid:84214673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351574)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351574/; classtype:trojan-activity;sid:84214674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351575)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351575/; classtype:trojan-activity;sid:84214675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351576)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351576/; classtype:trojan-activity;sid:84214676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351577)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351577/; classtype:trojan-activity;sid:84214677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351578)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.11.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351578/; classtype:trojan-activity;sid:84214678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351579)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.252.176.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351579/; classtype:trojan-activity;sid:84214679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351580)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.11.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351580/; classtype:trojan-activity;sid:84214680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351581)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.180.143.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351581/; classtype:trojan-activity;sid:84214681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351582)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.124.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351582/; classtype:trojan-activity;sid:84214682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351583)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.124.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351583/; classtype:trojan-activity;sid:84214683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351584)"; flow:established,from_client; content:"GET"; http_method; content:"/darm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351584/; classtype:trojan-activity;sid:84214684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351585)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.11.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351585/; classtype:trojan-activity;sid:84214685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351570)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351570/; classtype:trojan-activity;sid:84214670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/58vytr3qldhnuhhmaii8j5y5hoaahlhaxw"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351567/; classtype:trojan-activity;sid:84214667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/qywjpo3nhoeans2msmyhqrx1kjexv5byj2"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351568/; classtype:trojan-activity;sid:84214668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351569)"; flow:established,from_client; content:"GET"; http_method; content:"/1734309121_96dec7b5453d94a762b185a7676bcee8/firmware.safe.mips"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351569/; classtype:trojan-activity;sid:84214669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bfi32gob2wzofkqiz2cyzbmyej2lftq8dc"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351566/; classtype:trojan-activity;sid:84214666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351560)"; flow:established,from_client; content:"GET"; http_method; content:"/1734309121_96dec7b5453d94a762b185a7676bcee8/firmware.safe.armv5l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351560/; classtype:trojan-activity;sid:84214660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351561)"; flow:established,from_client; content:"GET"; http_method; content:"/1734309121_96dec7b5453d94a762b185a7676bcee8/firmware.safe.mipsel"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351561/; classtype:trojan-activity;sid:84214661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/l0i7otubfuv8spsy6lsxsbm5yye8uu97hy"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351562/; classtype:trojan-activity;sid:84214662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/fvpt0wauwv75fr32q5vmswrrrlduu8pfec"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351563/; classtype:trojan-activity;sid:84214663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351564)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/eosa68azxt8gy2sec8vzzau3dbf0gkbyld"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351564/; classtype:trojan-activity;sid:84214664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/invdc6swcd1ifnjd3dgizufxecc5oftqsd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351565/; classtype:trojan-activity;sid:84214665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pentbtofdk4semvraaxvzcrainwjfdnuvx"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351558/; classtype:trojan-activity;sid:84214658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xklpft7jqvaplwiprhdbkll7heyeejz8qn"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351559/; classtype:trojan-activity;sid:84214659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.54.160.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351557/; classtype:trojan-activity;sid:84214657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.28.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351556/; classtype:trojan-activity;sid:84214656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.186.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351555/; classtype:trojan-activity;sid:84214655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.11.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351554/; classtype:trojan-activity;sid:84214654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.222.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351553/; classtype:trojan-activity;sid:84214653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.248.25.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351549/; classtype:trojan-activity;sid:84214649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.204.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351550/; classtype:trojan-activity;sid:84214650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.29.109.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351551/; classtype:trojan-activity;sid:84214651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.42.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351552/; classtype:trojan-activity;sid:84214652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.34.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351548/; classtype:trojan-activity;sid:84214648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.115.197.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351546/; classtype:trojan-activity;sid:84214646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351547/; classtype:trojan-activity;sid:84214647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.97.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351545/; classtype:trojan-activity;sid:84214645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.54.160.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351544/; classtype:trojan-activity;sid:84214644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.7.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351543/; classtype:trojan-activity;sid:84214643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351542)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.175.2.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351542/; classtype:trojan-activity;sid:84214642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.189.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351541/; classtype:trojan-activity;sid:84214641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.178.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351540/; classtype:trojan-activity;sid:84214640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.152.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351539/; classtype:trojan-activity;sid:84214639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.16.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351538/; classtype:trojan-activity;sid:84214638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351537/; classtype:trojan-activity;sid:84214637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.195.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351536/; classtype:trojan-activity;sid:84214636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.65.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351535/; classtype:trojan-activity;sid:84214635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.222.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351534/; classtype:trojan-activity;sid:84214634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.36.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351533/; classtype:trojan-activity;sid:84214633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.25.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351532/; classtype:trojan-activity;sid:84214632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.177.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351531/; classtype:trojan-activity;sid:84214631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351529)"; flow:established,from_client; content:"GET"; http_method; content:"/vleoxoqc/aabenhedens.prm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mhlc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351529/; classtype:trojan-activity;sid:84214629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351530)"; flow:established,from_client; content:"GET"; http_method; content:"/ccveffue/etphzjmbrqsly51.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"mhlc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351530/; classtype:trojan-activity;sid:84214630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.145.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351528/; classtype:trojan-activity;sid:84214628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.189.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351527/; classtype:trojan-activity;sid:84214627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.135.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351526/; classtype:trojan-activity;sid:84214626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.113.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351525/; classtype:trojan-activity;sid:84214625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.25.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351524/; classtype:trojan-activity;sid:84214624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.55.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351523/; classtype:trojan-activity;sid:84214623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/invoicenr274728.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"212.87.222.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351522/; classtype:trojan-activity;sid:84214622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.87.222.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351519/; classtype:trojan-activity;sid:84214619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.171.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351520/; classtype:trojan-activity;sid:84214620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uae_visa2748281.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"212.87.222.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351521/; classtype:trojan-activity;sid:84214621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.65.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351517/; classtype:trojan-activity;sid:84214617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.52.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351518/; classtype:trojan-activity;sid:84214618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/klarnainvoice229837.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"212.87.222.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351516/; classtype:trojan-activity;sid:84214616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.99.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351515/; classtype:trojan-activity;sid:84214615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.139.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351514/; classtype:trojan-activity;sid:84214614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.171.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351513/; classtype:trojan-activity;sid:84214613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.220.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351511/; classtype:trojan-activity;sid:84214611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.196.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351512/; classtype:trojan-activity;sid:84214612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.145.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351510/; classtype:trojan-activity;sid:84214610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351509)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/invoice"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cyprecoofamerica.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351509/; classtype:trojan-activity;sid:84214609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351507)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-log"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"proship.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351507/; classtype:trojan-activity;sid:84214607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351508)"; flow:established,from_client; content:"GET"; http_method; content:"/headerfrontend"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"naubeautylus.ch"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351508/; classtype:trojan-activity;sid:84214608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351505)"; flow:established,from_client; content:"GET"; http_method; content:"/bzy43mks093ksa/bzy43mks093ksa_pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351505/; classtype:trojan-activity;sid:84214605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351506)"; flow:established,from_client; content:"GET"; http_method; content:"/ar7jskapmksa58o/ar7jskapmksa58o_pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351506/; classtype:trojan-activity;sid:84214606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351504)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351504/; classtype:trojan-activity;sid:84214604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351503)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351503/; classtype:trojan-activity;sid:84214603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351500)"; flow:established,from_client; content:"GET"; http_method; content:"/dxjs2.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351500/; classtype:trojan-activity;sid:84214600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351501)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351501/; classtype:trojan-activity;sid:84214601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351502)"; flow:established,from_client; content:"GET"; http_method; content:"/dxjs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351502/; classtype:trojan-activity;sid:84214602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351499)"; flow:established,from_client; content:"GET"; http_method; content:"/startuppp.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351499/; classtype:trojan-activity;sid:84214599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351497)"; flow:established,from_client; content:"GET"; http_method; content:"/c80vbsa7ymf8pytvsa/c80vbsa7ymf8pytvsa_pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351497/; classtype:trojan-activity;sid:84214597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351498)"; flow:established,from_client; content:"GET"; http_method; content:"/orsa9mks6hjsvbsa/orsa9mks6hjsvbsa_pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351498/; classtype:trojan-activity;sid:84214598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351493)"; flow:established,from_client; content:"GET"; http_method; content:"/new.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351493/; classtype:trojan-activity;sid:84214593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351494)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351494/; classtype:trojan-activity;sid:84214594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351495)"; flow:established,from_client; content:"GET"; http_method; content:"/pws1.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351495/; classtype:trojan-activity;sid:84214595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351496)"; flow:established,from_client; content:"GET"; http_method; content:"/pws.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"desired-equally-delete-choir.trycloudflare.com"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351496/; classtype:trojan-activity;sid:84214596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.161.0.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351492/; classtype:trojan-activity;sid:84214592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.92.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351491/; classtype:trojan-activity;sid:84214591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.189.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351490/; classtype:trojan-activity;sid:84214590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.65.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351489/; classtype:trojan-activity;sid:84214589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351487)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/raw/refs/heads/main/ex.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351487/; classtype:trojan-activity;sid:84214587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351488)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/raw/refs/heads/main/uni.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351488/; classtype:trojan-activity;sid:84214588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351482)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/lmao.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351482/; classtype:trojan-activity;sid:84214582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351483/; classtype:trojan-activity;sid:84214583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351484)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351484/; classtype:trojan-activity;sid:84214584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351485)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/raw/refs/heads/main/condogenerator.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351485/; classtype:trojan-activity;sid:84214585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351486)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/raw/refs/heads/main/installer.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351486/; classtype:trojan-activity;sid:84214586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351481)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/raw/refs/heads/main/save.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351481/; classtype:trojan-activity;sid:84214581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351478)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/raw/refs/heads/main/ifiinms.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351478/; classtype:trojan-activity;sid:84214578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351479)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351479/; classtype:trojan-activity;sid:84214579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351480)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/raw/refs/heads/main/enai2.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351480/; classtype:trojan-activity;sid:84214580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351475)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/gknbisp.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351475/; classtype:trojan-activity;sid:84214575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351476)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/raw/refs/heads/main/client-built.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351476/; classtype:trojan-activity;sid:84214576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351477)"; flow:established,from_client; content:"GET"; http_method; content:"/fsabxh/sfdawsdawdaw/raw/refs/heads/main/serials_checker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351477/; classtype:trojan-activity;sid:84214577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351472)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/cnct.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351472/; classtype:trojan-activity;sid:84214572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351473)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/rcf_omfnorh.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351473/; classtype:trojan-activity;sid:84214573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351474)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/installer.exe.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351474/; classtype:trojan-activity;sid:84214574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351468)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/jignesh.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351468/; classtype:trojan-activity;sid:84214568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351469)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/raw/refs/heads/main/microsoft_hardware_launch.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351469/; classtype:trojan-activity;sid:84214569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351470)"; flow:established,from_client; content:"GET"; http_method; content:"/sesafvr/ayo/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351470/; classtype:trojan-activity;sid:84214570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351471)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/raw/refs/heads/main/example_win32_dx11.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351471/; classtype:trojan-activity;sid:84214571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351464)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/domcfbs.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351464/; classtype:trojan-activity;sid:84214564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351465)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/raw/refs/heads/main/crspoof.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351465/; classtype:trojan-activity;sid:84214565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351466)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidisigmer/fncleanerv2/raw/refs/heads/main/cleanerv2.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351466/; classtype:trojan-activity;sid:84214566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351467)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/cniasod.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351467/; classtype:trojan-activity;sid:84214567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351462)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351462/; classtype:trojan-activity;sid:84214562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.139.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351463/; classtype:trojan-activity;sid:84214563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351460)"; flow:established,from_client; content:"GET"; http_method; content:"/paketpk/trojan/raw/refs/heads/main/njsilent.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351460/; classtype:trojan-activity;sid:84214560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351461)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/iaiioja.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351461/; classtype:trojan-activity;sid:84214561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351459)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/raw/refs/heads/main/client-built.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351459/; classtype:trojan-activity;sid:84214559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351458)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/raw/refs/heads/main/svhost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351458/; classtype:trojan-activity;sid:84214558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351457)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/ckigkdc.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351457/; classtype:trojan-activity;sid:84214557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351456)"; flow:established,from_client; content:"GET"; http_method; content:"/champion2024barranquilla/fire/raw/refs/heads/main/nov1124"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351456/; classtype:trojan-activity;sid:84214556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351453)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/raw/refs/heads/main/4.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351453/; classtype:trojan-activity;sid:84214553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351454)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/apfjrdf.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351454/; classtype:trojan-activity;sid:84214554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351455)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/runtimebroker%20(2).exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351455/; classtype:trojan-activity;sid:84214555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351451)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351451/; classtype:trojan-activity;sid:84214551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.196.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351452/; classtype:trojan-activity;sid:84214552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351448)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/xxdici"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351448/; classtype:trojan-activity;sid:84214548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351449)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/idmkmnb.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351449/; classtype:trojan-activity;sid:84214549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351450)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/negarque.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351450/; classtype:trojan-activity;sid:84214550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351445)"; flow:established,from_client; content:"GET"; http_method; content:"/bormasina/test/raw/refs/heads/main/defender64.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351445/; classtype:trojan-activity;sid:84214545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351446)"; flow:established,from_client; content:"GET"; http_method; content:"/champion2024barranquilla/fire/raw/refs/heads/main/hwwwrm"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351446/; classtype:trojan-activity;sid:84214546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351447)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/1434orz.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351447/; classtype:trojan-activity;sid:84214547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.111.75.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351443/; classtype:trojan-activity;sid:84214543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351444)"; flow:established,from_client; content:"GET"; http_method; content:"/fhebngndsg/thefunny/raw/refs/heads/main/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351444/; classtype:trojan-activity;sid:84214544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351442)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"chernobyl.stressing.world"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351442/; classtype:trojan-activity;sid:84214542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351441)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedk97/xwqd21waddqwdv/raw/refs/heads/main/server.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351441/; classtype:trojan-activity;sid:84214541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351434)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"walidfiles.theworkpc.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351434/; classtype:trojan-activity;sid:84214534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351435)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/dic1"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351435/; classtype:trojan-activity;sid:84214535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351436)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/rcm_dcdedkd.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351436/; classtype:trojan-activity;sid:84214536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351437)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/bkpmdom.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351437/; classtype:trojan-activity;sid:84214537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351438)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/raw/refs/heads/main/testme.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351438/; classtype:trojan-activity;sid:84214538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351439)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/iksjbpj.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351439/; classtype:trojan-activity;sid:84214539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351440)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/executablelol.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351440/; classtype:trojan-activity;sid:84214540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351432)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/skibidi.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351432/; classtype:trojan-activity;sid:84214532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351433)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/nov13"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351433/; classtype:trojan-activity;sid:84214533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351430)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351430/; classtype:trojan-activity;sid:84214530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351431)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/smadeak.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351431/; classtype:trojan-activity;sid:84214531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351429)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/asy_dffaaep.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351429/; classtype:trojan-activity;sid:84214529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351426)"; flow:established,from_client; content:"GET"; http_method; content:"/richie213/jj/raw/refs/heads/main/npacraa.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351426/; classtype:trojan-activity;sid:84214526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351427)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatsan/fcuk/raw/refs/heads/main/client.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351427/; classtype:trojan-activity;sid:84214527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351428)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351428/; classtype:trojan-activity;sid:84214528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351425)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/joiner.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351425/; classtype:trojan-activity;sid:84214525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351422)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/raw/refs/heads/main/evetbeta.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351422/; classtype:trojan-activity;sid:84214522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.229.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351423/; classtype:trojan-activity;sid:84214523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351424)"; flow:established,from_client; content:"GET"; http_method; content:"/krevedko3221/porno/raw/refs/heads/main/mos%20ssssttttt.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351424/; classtype:trojan-activity;sid:84214524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351418)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/newest.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351418/; classtype:trojan-activity;sid:84214518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351419)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/raw/refs/heads/main/benpolatalemdar.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351419/; classtype:trojan-activity;sid:84214519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351420)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/raw/refs/heads/main/1.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351420/; classtype:trojan-activity;sid:84214520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351421)"; flow:established,from_client; content:"GET"; http_method; content:"/realgamer007/loaders/raw/refs/heads/main/dxwebsetup.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351421/; classtype:trojan-activity;sid:84214521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351417)"; flow:established,from_client; content:"GET"; http_method; content:"/monkey958/sdasd/raw/refs/heads/main/856.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351417/; classtype:trojan-activity;sid:84214517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351416)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/startup.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351416/; classtype:trojan-activity;sid:84214516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.159.206.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351415/; classtype:trojan-activity;sid:84214515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351414)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrecxxil/syndicate/raw/refs/heads/main/main.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351414/; classtype:trojan-activity;sid:84214514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351411)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/erth/raw/refs/heads/main/wenzcord.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351411/; classtype:trojan-activity;sid:84214511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351412)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/ahsfkdr.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351412/; classtype:trojan-activity;sid:84214512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351413)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/xdci"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351413/; classtype:trojan-activity;sid:84214513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351406)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351406/; classtype:trojan-activity;sid:84214506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351407)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351407/; classtype:trojan-activity;sid:84214507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351408)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351408/; classtype:trojan-activity;sid:84214508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351409)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/raw/refs/heads/main/client-built.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351409/; classtype:trojan-activity;sid:84214509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351410)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/raw/refs/heads/main/vanilla.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351410/; classtype:trojan-activity;sid:84214510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351399)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/pasrem13.txt"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351399/; classtype:trojan-activity;sid:84214499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351400)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/discord.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351400/; classtype:trojan-activity;sid:84214500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351401)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/araofkh.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351401/; classtype:trojan-activity;sid:84214501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351402)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/raw/refs/heads/main/sentil.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351402/; classtype:trojan-activity;sid:84214502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351403)"; flow:established,from_client; content:"GET"; http_method; content:"/cmaster324-cell/su/raw/refs/heads/main/client.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351403/; classtype:trojan-activity;sid:84214503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351404)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/ahkigff.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351404/; classtype:trojan-activity;sid:84214504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351405)"; flow:established,from_client; content:"GET"; http_method; content:"/zls2024/not-download/raw/refs/heads/main/discord.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351405/; classtype:trojan-activity;sid:84214505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351397)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/oahinkn.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351397/; classtype:trojan-activity;sid:84214497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351398)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/agchiki.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351398/; classtype:trojan-activity;sid:84214498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351394)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/dprnign.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351394/; classtype:trojan-activity;sid:84214494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351395)"; flow:established,from_client; content:"GET"; http_method; content:"/gmedusa135/nano/raw/refs/heads/main/mbemimm.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351395/; classtype:trojan-activity;sid:84214495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351396)"; flow:established,from_client; content:"GET"; http_method; content:"/mariolalo/myrec/raw/refs/heads/main/notallowedtocrypt.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351396/; classtype:trojan-activity;sid:84214496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351393)"; flow:established,from_client; content:"GET"; http_method; content:"/champion2024barranquilla/fire/raw/refs/heads/main/cenran"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351393/; classtype:trojan-activity;sid:84214493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351392)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/spectrum/raw/refs/heads/main/spectrum.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351392/; classtype:trojan-activity;sid:84214492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351388)"; flow:established,from_client; content:"GET"; http_method; content:"/bytrosyt/xuy/raw/refs/heads/main/minet.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351388/; classtype:trojan-activity;sid:84214488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351389)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/krkmakc.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351389/; classtype:trojan-activity;sid:84214489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351390)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/xeno"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351390/; classtype:trojan-activity;sid:84214490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351391)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/raw/refs/heads/main/webhook.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351391/; classtype:trojan-activity;sid:84214491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351386)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicxz/fnaf-1/raw/refs/heads/main/fusca%20game.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351386/; classtype:trojan-activity;sid:84214486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351387)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/raw/refs/heads/main/system.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351387/; classtype:trojan-activity;sid:84214487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351383)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351383/; classtype:trojan-activity;sid:84214483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351384)"; flow:established,from_client; content:"GET"; http_method; content:"/cavxsy/crazy.spoofer/raw/refs/heads/main/loader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351384/; classtype:trojan-activity;sid:84214484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351385)"; flow:established,from_client; content:"GET"; http_method; content:"/champion2024barranquilla/fire/raw/refs/heads/main/asco24"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351385/; classtype:trojan-activity;sid:84214485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351376)"; flow:established,from_client; content:"GET"; http_method; content:"/raz233/rgdgdrg/raw/refs/heads/main/client.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351376/; classtype:trojan-activity;sid:84214476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351377)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351377/; classtype:trojan-activity;sid:84214477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351378)"; flow:established,from_client; content:"GET"; http_method; content:"/alnyak/test/raw/refs/heads/main/testingg.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351378/; classtype:trojan-activity;sid:84214478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351379)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351379/; classtype:trojan-activity;sid:84214479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351380)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/raw/refs/heads/main/lastest.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351380/; classtype:trojan-activity;sid:84214480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351381)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/raw/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351381/; classtype:trojan-activity;sid:84214481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351382)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/xwmm_aakkhbm.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351382/; classtype:trojan-activity;sid:84214482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351375)"; flow:established,from_client; content:"GET"; http_method; content:"/impar0/tryyy/raw/refs/heads/main/client.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351375/; classtype:trojan-activity;sid:84214475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351374)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/17752004/msg.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tmpfiles.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351374/; classtype:trojan-activity;sid:84214474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.244.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351373/; classtype:trojan-activity;sid:84214473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351372/; classtype:trojan-activity;sid:84214472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351369)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/fffaemf.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351369/; classtype:trojan-activity;sid:84214469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351370)"; flow:established,from_client; content:"GET"; http_method; content:"/directx.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.234.70.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351370/; classtype:trojan-activity;sid:84214470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351371/; classtype:trojan-activity;sid:84214471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351363)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/bao.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351363/; classtype:trojan-activity;sid:84214463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351364)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/shellcode.bin"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351364/; classtype:trojan-activity;sid:84214464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351365)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/refs/heads/main/discord2.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351365/; classtype:trojan-activity;sid:84214465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351366)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/raw/refs/heads/main/aaa%20(3).exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351366/; classtype:trojan-activity;sid:84214466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351367)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/loader.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351367/; classtype:trojan-activity;sid:84214467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351368)"; flow:established,from_client; content:"GET"; http_method; content:"/litrik002/venomrat-v6.0.3-source-/raw/refs/heads/main/server.properties.resources.resources"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351368/; classtype:trojan-activity;sid:84214468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351360)"; flow:established,from_client; content:"GET"; http_method; content:"/47/ess/givenbestupdatedoingformebestthingswithgreatnewsformegive.hta"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"192.3.122.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351360/; classtype:trojan-activity;sid:84214460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351361)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/xclien.txt"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351361/; classtype:trojan-activity;sid:84214461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351362)"; flow:established,from_client; content:"GET"; http_method; content:"/lohoainam/-at/raw/refs/heads/main/xclient.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351362/; classtype:trojan-activity;sid:84214462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351358)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/asyncclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351358/; classtype:trojan-activity;sid:84214458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351359)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351359/; classtype:trojan-activity;sid:84214459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351355)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/igapsme.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351355/; classtype:trojan-activity;sid:84214455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351356)"; flow:established,from_client; content:"GET"; http_method; content:"/121/vfc/clearentirethingwithbestnoticetheeverythinggooodfrome.hta"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"192.3.122.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351356/; classtype:trojan-activity;sid:84214456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351357)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351357/; classtype:trojan-activity;sid:84214457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351354)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351354/; classtype:trojan-activity;sid:84214454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.49.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351351/; classtype:trojan-activity;sid:84214451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351352)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/cool.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351352/; classtype:trojan-activity;sid:84214452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351353)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/101.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351353/; classtype:trojan-activity;sid:84214453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351350)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/raw/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351350/; classtype:trojan-activity;sid:84214450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351345)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/mor.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351345/; classtype:trojan-activity;sid:84214445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351346)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/refs/heads/main/xclient.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351346/; classtype:trojan-activity;sid:84214446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351347)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/15m.bin"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351347/; classtype:trojan-activity;sid:84214447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.37.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351348/; classtype:trojan-activity;sid:84214448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351349)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/raw/refs/heads/main/msedge..exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351349/; classtype:trojan-activity;sid:84214449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351341)"; flow:established,from_client; content:"GET"; http_method; content:"/zefordk/ikeya/raw/refs/heads/main/shellcode64.bin"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351341/; classtype:trojan-activity;sid:84214441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351342)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/daww/raw/refs/heads/main/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351342/; classtype:trojan-activity;sid:84214442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351343)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/refs/heads/main/discordd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351343/; classtype:trojan-activity;sid:84214443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351344)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/play.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351344/; classtype:trojan-activity;sid:84214444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351338)"; flow:established,from_client; content:"GET"; http_method; content:"/xkpdyswmdfrprjhvggh213.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"212.162.149.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351338/; classtype:trojan-activity;sid:84214438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.94.33.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351339/; classtype:trojan-activity;sid:84214439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351340)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/11.bin"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351340/; classtype:trojan-activity;sid:84214440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351337)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/refs/heads/main/discord.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351337/; classtype:trojan-activity;sid:84214437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351335)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/raw/refs/heads/main/crack.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351335/; classtype:trojan-activity;sid:84214435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351336)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/raw/refs/heads/main/kali_tools.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351336/; classtype:trojan-activity;sid:84214436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351334)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/diciembre"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351334/; classtype:trojan-activity;sid:84214434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351332)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/doom.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351332/; classtype:trojan-activity;sid:84214432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351333)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/2.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351333/; classtype:trojan-activity;sid:84214433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351331)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351331/; classtype:trojan-activity;sid:84214431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351326)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/gpieisb.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351326/; classtype:trojan-activity;sid:84214426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.90.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351327/; classtype:trojan-activity;sid:84214427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351328)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/king.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351328/; classtype:trojan-activity;sid:84214428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351329)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351329/; classtype:trojan-activity;sid:84214429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351330)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/raw/refs/heads/main/java.exe"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351330/; classtype:trojan-activity;sid:84214430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351323)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/system-loader.bin"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351323/; classtype:trojan-activity;sid:84214423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351324)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/1.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351324/; classtype:trojan-activity;sid:84214424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351325)"; flow:established,from_client; content:"GET"; http_method; content:"/mis/datepicker/!help_sos.hta"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351325/; classtype:trojan-activity;sid:84214425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351322)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/test-loader.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351322/; classtype:trojan-activity;sid:84214422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351321)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/key.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351321/; classtype:trojan-activity;sid:84214421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351320)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351320/; classtype:trojan-activity;sid:84214420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351318)"; flow:established,from_client; content:"GET"; http_method; content:"/ozcanpng/backd00r/raw/refs/heads/main/backd00rhome.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351318/; classtype:trojan-activity;sid:84214418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351319)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/perviy.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351319/; classtype:trojan-activity;sid:84214419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351314)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351314/; classtype:trojan-activity;sid:84214414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351315)"; flow:established,from_client; content:"GET"; http_method; content:"/seed.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"web3-electrum.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351315/; classtype:trojan-activity;sid:84214415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351316)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/3.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351316/; classtype:trojan-activity;sid:84214416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351317/; classtype:trojan-activity;sid:84214417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351310)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/thong.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351310/; classtype:trojan-activity;sid:84214410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351311)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/raw/refs/heads/main/msedge.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351311/; classtype:trojan-activity;sid:84214411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351312)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/sil.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351312/; classtype:trojan-activity;sid:84214412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351313)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/uesr-loader.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351313/; classtype:trojan-activity;sid:84214413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351303)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"t-me.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351303/; classtype:trojan-activity;sid:84214403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351304)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/jaadkfh.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351304/; classtype:trojan-activity;sid:84214404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351305)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/dhomsjm.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351305/; classtype:trojan-activity;sid:84214405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351306)"; flow:established,from_client; content:"GET"; http_method; content:"/gmedusa135/nano/raw/refs/heads/main/ikammam.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351306/; classtype:trojan-activity;sid:84214406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351307)"; flow:established,from_client; content:"GET"; http_method; content:"/orlskusmdcrnj231.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"212.162.149.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351307/; classtype:trojan-activity;sid:84214407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351308)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/vtoroy.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351308/; classtype:trojan-activity;sid:84214408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351309)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/raw/refs/heads/main/tcp.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351309/; classtype:trojan-activity;sid:84214409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351300)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/raw/refs/heads/main/anne.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351300/; classtype:trojan-activity;sid:84214400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351301)"; flow:established,from_client; content:"GET"; http_method; content:"/h4ck3dv0d4/terminal-test/raw/refs/heads/main/terminal_9235.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351301/; classtype:trojan-activity;sid:84214401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351302)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351302/; classtype:trojan-activity;sid:84214402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.84.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351298/; classtype:trojan-activity;sid:84214398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351299)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/raw/refs/heads/main/temp.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351299/; classtype:trojan-activity;sid:84214399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351296)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351296/; classtype:trojan-activity;sid:84214396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351297)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/raw/refs/heads/main/shellcode.bin"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351297/; classtype:trojan-activity;sid:84214397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351294)"; flow:established,from_client; content:"GET"; http_method; content:"/krishnatherock9673/krishna22/raw/refs/heads/main/krishna33.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351294/; classtype:trojan-activity;sid:84214394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351295)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/raw/refs/heads/main/program-loader.bin"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351295/; classtype:trojan-activity;sid:84214395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351291)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dokkaebi.netlify.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351291/; classtype:trojan-activity;sid:84214391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351292)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/raw/refs/heads/main/com%20surrogate.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351292/; classtype:trojan-activity;sid:84214392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351293)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351293/; classtype:trojan-activity;sid:84214393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351288)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351288/; classtype:trojan-activity;sid:84214388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351289/; classtype:trojan-activity;sid:84214389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351290)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/raw/refs/heads/main/crspoofer.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351290/; classtype:trojan-activity;sid:84214390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351287)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/rmspas.txt"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351287/; classtype:trojan-activity;sid:84214387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351283)"; flow:established,from_client; content:"GET"; http_method; content:"/champion2024barranquilla/fire/raw/refs/heads/main/sv1rmc"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351283/; classtype:trojan-activity;sid:84214383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.15.254.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351284/; classtype:trojan-activity;sid:84214384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351285)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/rooahio.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351285/; classtype:trojan-activity;sid:84214385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351286)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/piiosim.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351286/; classtype:trojan-activity;sid:84214386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351280)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/mera.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351280/; classtype:trojan-activity;sid:84214380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351281)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/raw/refs/heads/main/thunn.bin"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351281/; classtype:trojan-activity;sid:84214381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351282)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/mhkhrkc.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351282/; classtype:trojan-activity;sid:84214382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351276)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/raw/refs/heads/main/client.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351276/; classtype:trojan-activity;sid:84214376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351277)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/raw/refs/heads/main/oneving.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351277/; classtype:trojan-activity;sid:84214377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351278)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/raw/refs/heads/main/need.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351278/; classtype:trojan-activity;sid:84214378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351279)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/raw/refs/heads/main/discord3.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351279/; classtype:trojan-activity;sid:84214379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351268)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/myone.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351268/; classtype:trojan-activity;sid:84214368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351269)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/tretiy.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351269/; classtype:trojan-activity;sid:84214369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351270)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/exe/raw/refs/heads/main/solara_protect.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351270/; classtype:trojan-activity;sid:84214370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351271)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/raw/refs/heads/main/fern_wifi_recon%252.34.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351271/; classtype:trojan-activity;sid:84214371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351272)"; flow:established,from_client; content:"GET"; http_method; content:"/ducminh23/ddosv1/raw/refs/heads/main/ddosziller.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351272/; classtype:trojan-activity;sid:84214372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351273)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/raw/refs/heads/main/shell.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351273/; classtype:trojan-activity;sid:84214373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351274)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/raw/refs/heads/main/asyncclient.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351274/; classtype:trojan-activity;sid:84214374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351275)"; flow:established,from_client; content:"GET"; http_method; content:"/iamgelogger233/imagelogger/raw/refs/heads/main/imagelogger.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351275/; classtype:trojan-activity;sid:84214375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351264)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"t-me.cloud"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351264/; classtype:trojan-activity;sid:84214364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351265)"; flow:established,from_client; content:"GET"; http_method; content:"/williamreport/lwpath/raw/refs/heads/main/main.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351265/; classtype:trojan-activity;sid:84214365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351266)"; flow:established,from_client; content:"GET"; http_method; content:"/mhemon404/project01/raw/refs/heads/main/system404.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351266/; classtype:trojan-activity;sid:84214366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351267)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/raw/refs/heads/main/no.pdf"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351267/; classtype:trojan-activity;sid:84214367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351259)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/raw/refs/heads/main/shellcode.bin"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351259/; classtype:trojan-activity;sid:84214359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351260)"; flow:established,from_client; content:"GET"; http_method; content:"/qkduqqfqgsxkbjbbhsmtnm90.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"154.216.17.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351260/; classtype:trojan-activity;sid:84214360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351261)"; flow:established,from_client; content:"GET"; http_method; content:"/venkovisual/loli-mod/raw/refs/heads/main/asyncclient.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351261/; classtype:trojan-activity;sid:84214361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351262)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/raw/refs/heads/main/client.pdf"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351262/; classtype:trojan-activity;sid:84214362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351263/; classtype:trojan-activity;sid:84214363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351254)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351254/; classtype:trojan-activity;sid:84214354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351255)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351255/; classtype:trojan-activity;sid:84214355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351256)"; flow:established,from_client; content:"GET"; http_method; content:"/mis/calendar/_notes/!help_sos.hta"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351256/; classtype:trojan-activity;sid:84214356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351257)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351257/; classtype:trojan-activity;sid:84214357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.255.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351258/; classtype:trojan-activity;sid:84214358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351253)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351253/; classtype:trojan-activity;sid:84214353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.91.180.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351252/; classtype:trojan-activity;sid:84214352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351250)"; flow:established,from_client; content:"GET"; http_method; content:"/electrum.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"elektrum.world"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351250/; classtype:trojan-activity;sid:84214350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351249)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/raw/refs/heads/main/java32.exe"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351249/; classtype:trojan-activity;sid:84214349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351247)"; flow:established,from_client; content:"GET"; http_method; content:"/endity123/fivem-spoofer/raw/refs/heads/main/reaper%20cfx%20spoofer%20v2.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351247/; classtype:trojan-activity;sid:84214347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351248)"; flow:established,from_client; content:"GET"; http_method; content:"/jaaaaaaaaaaaaaaaaa/im-not-hosting-malware-here/raw/refs/heads/main/client-built.exe"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351248/; classtype:trojan-activity;sid:84214348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351243)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351243/; classtype:trojan-activity;sid:84214343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351244)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351244/; classtype:trojan-activity;sid:84214344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351245)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.169.4.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351245/; classtype:trojan-activity;sid:84214345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351246)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/raw/refs/heads/main/asyncclient.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351246/; classtype:trojan-activity;sid:84214346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351242)"; flow:established,from_client; content:"GET"; http_method; content:"/vdsvb43vdf/sdv32vc/raw/refs/heads/main/launcher.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351242/; classtype:trojan-activity;sid:84214342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351240)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"booking-5721.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351240/; classtype:trojan-activity;sid:84214340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351241)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"booking.fashion"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351241/; classtype:trojan-activity;sid:84214341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351239)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"telegram-autification.lol"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351239/; classtype:trojan-activity;sid:84214339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351234)"; flow:established,from_client; content:"GET"; http_method; content:"/resp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"adobe-acrobat.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351234/; classtype:trojan-activity;sid:84214334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351235)"; flow:established,from_client; content:"GET"; http_method; content:"/frnd1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adobe-acrobat.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351235/; classtype:trojan-activity;sid:84214335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351236)"; flow:established,from_client; content:"GET"; http_method; content:"/duschno.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"adobe-acrobat.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351236/; classtype:trojan-activity;sid:84214336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351237)"; flow:established,from_client; content:"GET"; http_method; content:"/frnd.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"adobe-acrobat.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351237/; classtype:trojan-activity;sid:84214337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351238)"; flow:established,from_client; content:"GET"; http_method; content:"/hellres.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"adobe-acrobat.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351238/; classtype:trojan-activity;sid:84214338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351233)"; flow:established,from_client; content:"GET"; http_method; content:"/12kav.json"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"9x9o.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351233/; classtype:trojan-activity;sid:84214333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351231)"; flow:established,from_client; content:"GET"; http_method; content:"/kvnw1412.py"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"9x9o.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351231/; classtype:trojan-activity;sid:84214331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351232)"; flow:established,from_client; content:"GET"; http_method; content:"/ma1208.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"9x9o.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351232/; classtype:trojan-activity;sid:84214332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.85.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351230/; classtype:trojan-activity;sid:84214330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.46.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351229/; classtype:trojan-activity;sid:84214329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.0.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351228/; classtype:trojan-activity;sid:84214328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.70.180.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351227/; classtype:trojan-activity;sid:84214327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.15.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351226/; classtype:trojan-activity;sid:84214326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.186.55.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351225/; classtype:trojan-activity;sid:84214325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.191.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351224/; classtype:trojan-activity;sid:84214324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.196.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351223/; classtype:trojan-activity;sid:84214323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.229.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351222/; classtype:trojan-activity;sid:84214322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.159.206.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351221/; classtype:trojan-activity;sid:84214321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.186.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351220/; classtype:trojan-activity;sid:84214320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351217/; classtype:trojan-activity;sid:84214317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351218/; classtype:trojan-activity;sid:84214318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.108.76.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351219/; classtype:trojan-activity;sid:84214319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.85.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351216/; classtype:trojan-activity;sid:84214316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351215/; classtype:trojan-activity;sid:84214315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.9.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351214/; classtype:trojan-activity;sid:84214314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.109.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351213/; classtype:trojan-activity;sid:84214313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.122.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351212/; classtype:trojan-activity;sid:84214312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.46.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351211/; classtype:trojan-activity;sid:84214311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.186.55.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351210/; classtype:trojan-activity;sid:84214310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.92.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351209/; classtype:trojan-activity;sid:84214309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351208/; classtype:trojan-activity;sid:84214308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.238.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351207/; classtype:trojan-activity;sid:84214307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.186.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351206/; classtype:trojan-activity;sid:84214306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.40.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351205/; classtype:trojan-activity;sid:84214305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351204/; classtype:trojan-activity;sid:84214304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.71.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351203/; classtype:trojan-activity;sid:84214303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.114.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351202/; classtype:trojan-activity;sid:84214302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.1.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351201/; classtype:trojan-activity;sid:84214301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.206.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351200/; classtype:trojan-activity;sid:84214300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.12.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351198/; classtype:trojan-activity;sid:84214298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.109.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351199/; classtype:trojan-activity;sid:84214299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351197/; classtype:trojan-activity;sid:84214297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.24.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351196/; classtype:trojan-activity;sid:84214296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.178.175.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351195/; classtype:trojan-activity;sid:84214295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.93.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351194/; classtype:trojan-activity;sid:84214294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.235.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351193/; classtype:trojan-activity;sid:84214293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.73.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351191/; classtype:trojan-activity;sid:84214291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.238.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351192/; classtype:trojan-activity;sid:84214292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.10.195"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351190/; classtype:trojan-activity;sid:84214290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.32.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351189/; classtype:trojan-activity;sid:84214289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.114.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351188/; classtype:trojan-activity;sid:84214288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.4.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351187/; classtype:trojan-activity;sid:84214287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.253.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351186/; classtype:trojan-activity;sid:84214286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351184/; classtype:trojan-activity;sid:84214284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351185/; classtype:trojan-activity;sid:84214285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.238.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351183/; classtype:trojan-activity;sid:84214283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351182/; classtype:trojan-activity;sid:84214282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.110.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351181/; classtype:trojan-activity;sid:84214281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.211.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351180/; classtype:trojan-activity;sid:84214280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.235.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351179/; classtype:trojan-activity;sid:84214279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.86.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351178/; classtype:trojan-activity;sid:84214278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.126.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351177/; classtype:trojan-activity;sid:84214277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.178.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351176/; classtype:trojan-activity;sid:84214276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.11.62.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351175/; classtype:trojan-activity;sid:84214275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.225.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351174/; classtype:trojan-activity;sid:84214274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.80.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351173/; classtype:trojan-activity;sid:84214273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.32.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351172/; classtype:trojan-activity;sid:84214272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.33.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351171/; classtype:trojan-activity;sid:84214271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351170/; classtype:trojan-activity;sid:84214270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351168/; classtype:trojan-activity;sid:84214268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.123.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351169/; classtype:trojan-activity;sid:84214269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351167/; classtype:trojan-activity;sid:84214267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.126.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351166/; classtype:trojan-activity;sid:84214266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.21.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351165/; classtype:trojan-activity;sid:84214265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.243.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351162/; classtype:trojan-activity;sid:84214262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.178.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351163/; classtype:trojan-activity;sid:84214263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351164/; classtype:trojan-activity;sid:84214264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.68.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351161/; classtype:trojan-activity;sid:84214261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.62.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351160/; classtype:trojan-activity;sid:84214260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.11.62.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351159/; classtype:trojan-activity;sid:84214259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.80.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351158/; classtype:trojan-activity;sid:84214258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.224.84.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351157/; classtype:trojan-activity;sid:84214257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.174.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351156/; classtype:trojan-activity;sid:84214256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.225.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351155/; classtype:trojan-activity;sid:84214255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.44.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351154/; classtype:trojan-activity;sid:84214254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.191.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351153/; classtype:trojan-activity;sid:84214253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.110.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351152/; classtype:trojan-activity;sid:84214252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.200.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351151/; classtype:trojan-activity;sid:84214251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.61.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351150/; classtype:trojan-activity;sid:84214250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.21.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351149/; classtype:trojan-activity;sid:84214249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351148/; classtype:trojan-activity;sid:84214248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.138.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351147/; classtype:trojan-activity;sid:84214247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.62.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351146/; classtype:trojan-activity;sid:84214246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.84.213.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351145/; classtype:trojan-activity;sid:84214245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.233.33.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351143/; classtype:trojan-activity;sid:84214243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.168.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351144/; classtype:trojan-activity;sid:84214244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.21.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351142/; classtype:trojan-activity;sid:84214242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.7.243"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351141/; classtype:trojan-activity;sid:84214241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.183.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351139/; classtype:trojan-activity;sid:84214239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.126.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351140/; classtype:trojan-activity;sid:84214240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.80.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351138/; classtype:trojan-activity;sid:84214238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351137/; classtype:trojan-activity;sid:84214237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351136/; classtype:trojan-activity;sid:84214236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.236.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351135/; classtype:trojan-activity;sid:84214235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.9.151.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351134/; classtype:trojan-activity;sid:84214234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.245.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351133/; classtype:trojan-activity;sid:84214233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.161.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351132/; classtype:trojan-activity;sid:84214232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.151.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351131/; classtype:trojan-activity;sid:84214231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351130/; classtype:trojan-activity;sid:84214230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351128/; classtype:trojan-activity;sid:84214228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.240.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351129/; classtype:trojan-activity;sid:84214229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.138.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351127/; classtype:trojan-activity;sid:84214227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.125.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351126/; classtype:trojan-activity;sid:84214226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.118.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351125/; classtype:trojan-activity;sid:84214225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.114.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351124/; classtype:trojan-activity;sid:84214224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.126.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351123/; classtype:trojan-activity;sid:84214223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.84.213.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351122/; classtype:trojan-activity;sid:84214222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.233.33.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351121/; classtype:trojan-activity;sid:84214221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.236.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351120/; classtype:trojan-activity;sid:84214220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.147.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351119/; classtype:trojan-activity;sid:84214219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351118/; classtype:trojan-activity;sid:84214218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.230.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351117/; classtype:trojan-activity;sid:84214217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.221.45.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351116/; classtype:trojan-activity;sid:84214216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.139.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351115/; classtype:trojan-activity;sid:84214215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.197.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351114/; classtype:trojan-activity;sid:84214214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.161.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351113/; classtype:trojan-activity;sid:84214213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351112/; classtype:trojan-activity;sid:84214212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.114.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351111/; classtype:trojan-activity;sid:84214211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.39.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351110/; classtype:trojan-activity;sid:84214210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.123.219.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351109/; classtype:trojan-activity;sid:84214209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.104.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351108/; classtype:trojan-activity;sid:84214208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.121.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351107/; classtype:trojan-activity;sid:84214207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.13.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351106/; classtype:trojan-activity;sid:84214206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.187.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351105/; classtype:trojan-activity;sid:84214205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351104/; classtype:trojan-activity;sid:84214204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.13.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351103/; classtype:trojan-activity;sid:84214203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.197.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351102/; classtype:trojan-activity;sid:84214202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.93.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351101/; classtype:trojan-activity;sid:84214201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.104.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351100/; classtype:trojan-activity;sid:84214200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.180.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351099/; classtype:trojan-activity;sid:84214199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.139.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351098/; classtype:trojan-activity;sid:84214198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.219.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351097/; classtype:trojan-activity;sid:84214197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.232.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351096/; classtype:trojan-activity;sid:84214196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351095/; classtype:trojan-activity;sid:84214195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.254.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351094/; classtype:trojan-activity;sid:84214194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.117.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351093/; classtype:trojan-activity;sid:84214193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.144.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351092/; classtype:trojan-activity;sid:84214192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351091)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.63.187.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351091/; classtype:trojan-activity;sid:84214191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.237.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351088/; classtype:trojan-activity;sid:84214188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.134.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351089/; classtype:trojan-activity;sid:84214189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.68.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351090/; classtype:trojan-activity;sid:84214190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351087/; classtype:trojan-activity;sid:84214187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351086/; classtype:trojan-activity;sid:84214186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.20.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351085/; classtype:trojan-activity;sid:84214185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.219.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351084/; classtype:trojan-activity;sid:84214184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351083)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.100.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351083/; classtype:trojan-activity;sid:84214183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.187.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351082/; classtype:trojan-activity;sid:84214182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.180.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351080/; classtype:trojan-activity;sid:84214180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.242.216.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351081/; classtype:trojan-activity;sid:84214181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.185.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351079/; classtype:trojan-activity;sid:84214179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.180.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351077/; classtype:trojan-activity;sid:84214177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.59.6.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351078/; classtype:trojan-activity;sid:84214178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.108.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351076/; classtype:trojan-activity;sid:84214176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.171.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351075/; classtype:trojan-activity;sid:84214175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351074)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.135.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351074/; classtype:trojan-activity;sid:84214174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351072/; classtype:trojan-activity;sid:84214172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.212.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351073/; classtype:trojan-activity;sid:84214173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.221.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351071/; classtype:trojan-activity;sid:84214171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.229.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351070/; classtype:trojan-activity;sid:84214170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351069/; classtype:trojan-activity;sid:84214169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.153.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351068/; classtype:trojan-activity;sid:84214168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.210.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351067/; classtype:trojan-activity;sid:84214167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.162.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351066/; classtype:trojan-activity;sid:84214166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.116.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351065/; classtype:trojan-activity;sid:84214165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.46.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351064/; classtype:trojan-activity;sid:84214164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.215.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351063/; classtype:trojan-activity;sid:84214163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.87.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351061/; classtype:trojan-activity;sid:84214161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.150.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351062/; classtype:trojan-activity;sid:84214162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351060/; classtype:trojan-activity;sid:84214160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.187.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351059/; classtype:trojan-activity;sid:84214159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.45.79.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351058/; classtype:trojan-activity;sid:84214158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.162.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351057/; classtype:trojan-activity;sid:84214157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.235.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351056/; classtype:trojan-activity;sid:84214156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351055/; classtype:trojan-activity;sid:84214155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.58.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351054/; classtype:trojan-activity;sid:84214154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.71.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351053/; classtype:trojan-activity;sid:84214153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351052/; classtype:trojan-activity;sid:84214152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.38.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351051/; classtype:trojan-activity;sid:84214151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.104.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351050/; classtype:trojan-activity;sid:84214150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.116.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351049/; classtype:trojan-activity;sid:84214149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.63.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351048/; classtype:trojan-activity;sid:84214148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.85.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351047/; classtype:trojan-activity;sid:84214147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.207.39.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351046/; classtype:trojan-activity;sid:84214146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.104.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351044/; classtype:trojan-activity;sid:84214144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.16.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351045/; classtype:trojan-activity;sid:84214145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351042/; classtype:trojan-activity;sid:84214142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351043/; classtype:trojan-activity;sid:84214143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351041/; classtype:trojan-activity;sid:84214141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.23.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351040/; classtype:trojan-activity;sid:84214140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.87.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351039/; classtype:trojan-activity;sid:84214139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.102.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351038/; classtype:trojan-activity;sid:84214138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.85.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351037/; classtype:trojan-activity;sid:84214137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.65.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351036/; classtype:trojan-activity;sid:84214136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.84.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351035/; classtype:trojan-activity;sid:84214135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.97.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351034/; classtype:trojan-activity;sid:84214134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.20.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351033/; classtype:trojan-activity;sid:84214133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351031/; classtype:trojan-activity;sid:84214131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.175.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351032/; classtype:trojan-activity;sid:84214132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.200.168.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351030/; classtype:trojan-activity;sid:84214130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.59.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351029/; classtype:trojan-activity;sid:84214129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.128.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351028/; classtype:trojan-activity;sid:84214128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351027/; classtype:trojan-activity;sid:84214127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.45.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351026/; classtype:trojan-activity;sid:84214126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.38.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351023/; classtype:trojan-activity;sid:84214123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351024)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nughk.riders.50kfor50years.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351024/; classtype:trojan-activity;sid:84214124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.173.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351025/; classtype:trojan-activity;sid:84214125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.125.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351022/; classtype:trojan-activity;sid:84214122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.68.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351021/; classtype:trojan-activity;sid:84214121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.159.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351020/; classtype:trojan-activity;sid:84214120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.83.55.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351019/; classtype:trojan-activity;sid:84214119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351018/; classtype:trojan-activity;sid:84214118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351017/; classtype:trojan-activity;sid:84214117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.150.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351016/; classtype:trojan-activity;sid:84214116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351015/; classtype:trojan-activity;sid:84214115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.244.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351014/; classtype:trojan-activity;sid:84214114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.175.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351013/; classtype:trojan-activity;sid:84214113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.90.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351012/; classtype:trojan-activity;sid:84214112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.77.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351011/; classtype:trojan-activity;sid:84214111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.59.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351010/; classtype:trojan-activity;sid:84214110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351009/; classtype:trojan-activity;sid:84214109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.229.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351008/; classtype:trojan-activity;sid:84214108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.47.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351007/; classtype:trojan-activity;sid:84214107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.253.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351006/; classtype:trojan-activity;sid:84214106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.125.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351005/; classtype:trojan-activity;sid:84214105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.173.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351004/; classtype:trojan-activity;sid:84214104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.200.168.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351003/; classtype:trojan-activity;sid:84214103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.159.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351002/; classtype:trojan-activity;sid:84214102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.61.230.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351001/; classtype:trojan-activity;sid:84214101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.121.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351000/; classtype:trojan-activity;sid:84214100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.195.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350999/; classtype:trojan-activity;sid:84214099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.231.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350998/; classtype:trojan-activity;sid:84214098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.90.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350997/; classtype:trojan-activity;sid:84214097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.175.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350996/; classtype:trojan-activity;sid:84214096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.121.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350995/; classtype:trojan-activity;sid:84214095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.82.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350994/; classtype:trojan-activity;sid:84214094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350993)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.173.73.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350993/; classtype:trojan-activity;sid:84214093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.239.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350992/; classtype:trojan-activity;sid:84214092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.168.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350991/; classtype:trojan-activity;sid:84214091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.125.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350990/; classtype:trojan-activity;sid:84214090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.163.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350989/; classtype:trojan-activity;sid:84214089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.247.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350988/; classtype:trojan-activity;sid:84214088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.91.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350987/; classtype:trojan-activity;sid:84214087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.181.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350986/; classtype:trojan-activity;sid:84214086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350985/; classtype:trojan-activity;sid:84214085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.116.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350984/; classtype:trojan-activity;sid:84214084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.2.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350981/; classtype:trojan-activity;sid:84214081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.3.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350982/; classtype:trojan-activity;sid:84214082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.176.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350983/; classtype:trojan-activity;sid:84214083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.10.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350980/; classtype:trojan-activity;sid:84214080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.194.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350979/; classtype:trojan-activity;sid:84214079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.91.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350978/; classtype:trojan-activity;sid:84214078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.11.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350977/; classtype:trojan-activity;sid:84214077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.16.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350976/; classtype:trojan-activity;sid:84214076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.125.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350975/; classtype:trojan-activity;sid:84214075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350974/; classtype:trojan-activity;sid:84214074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.145.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350973/; classtype:trojan-activity;sid:84214073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.79.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350972/; classtype:trojan-activity;sid:84214072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350971/; classtype:trojan-activity;sid:84214071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350970/; classtype:trojan-activity;sid:84214070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350969/; classtype:trojan-activity;sid:84214069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.241.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350968/; classtype:trojan-activity;sid:84214068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.181.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350967/; classtype:trojan-activity;sid:84214067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.4.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350966/; classtype:trojan-activity;sid:84214066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.170.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350965/; classtype:trojan-activity;sid:84214065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350964)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.26.236.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350964/; classtype:trojan-activity;sid:84214064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.11.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350963/; classtype:trojan-activity;sid:84214063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.201.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350962/; classtype:trojan-activity;sid:84214062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.144.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350961/; classtype:trojan-activity;sid:84214061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350960)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.26.236.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350960/; classtype:trojan-activity;sid:84214060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.110.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350959/; classtype:trojan-activity;sid:84214059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350958)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.136.41.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350958/; classtype:trojan-activity;sid:84214058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350957)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.136.41.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350957/; classtype:trojan-activity;sid:84214057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350956/; classtype:trojan-activity;sid:84214056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.19.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350955/; classtype:trojan-activity;sid:84214055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350954/; classtype:trojan-activity;sid:84214054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350953/; classtype:trojan-activity;sid:84214053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350952/; classtype:trojan-activity;sid:84214052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350951)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.29.142.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350951/; classtype:trojan-activity;sid:84214051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350950)"; flow:established,from_client; content:"GET"; http_method; content:"/oefj64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lol.eye-network.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350950/; classtype:trojan-activity;sid:84214050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.241.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350949/; classtype:trojan-activity;sid:84214049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.4.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350948/; classtype:trojan-activity;sid:84214048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.138.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350947/; classtype:trojan-activity;sid:84214047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350946/; classtype:trojan-activity;sid:84214046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.156.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350945/; classtype:trojan-activity;sid:84214045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.72.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350944/; classtype:trojan-activity;sid:84214044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.109.167.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350943/; classtype:trojan-activity;sid:84214043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350942/; classtype:trojan-activity;sid:84214042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.99.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350941/; classtype:trojan-activity;sid:84214041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.134.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350940/; classtype:trojan-activity;sid:84214040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.154.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350939/; classtype:trojan-activity;sid:84214039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.76.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350938/; classtype:trojan-activity;sid:84214038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.239.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350936/; classtype:trojan-activity;sid:84214036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.206.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350937/; classtype:trojan-activity;sid:84214037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.212.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350935/; classtype:trojan-activity;sid:84214035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.138.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350934/; classtype:trojan-activity;sid:84214034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.165.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350932/; classtype:trojan-activity;sid:84214032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350933/; classtype:trojan-activity;sid:84214033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.27.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350931/; classtype:trojan-activity;sid:84214031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350930/; classtype:trojan-activity;sid:84214030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350929/; classtype:trojan-activity;sid:84214029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350928/; classtype:trojan-activity;sid:84214028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.125.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350927/; classtype:trojan-activity;sid:84214027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350924/; classtype:trojan-activity;sid:84214024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350925/; classtype:trojan-activity;sid:84214025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.144.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350926/; classtype:trojan-activity;sid:84214026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.161.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350923/; classtype:trojan-activity;sid:84214023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350922/; classtype:trojan-activity;sid:84214022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.117.12.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350921/; classtype:trojan-activity;sid:84214021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350920/; classtype:trojan-activity;sid:84214020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350918/; classtype:trojan-activity;sid:84214018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.158.158.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350919/; classtype:trojan-activity;sid:84214019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.204.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350917/; classtype:trojan-activity;sid:84214017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.174.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350916/; classtype:trojan-activity;sid:84214016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.154.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350915/; classtype:trojan-activity;sid:84214015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.156.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3350914/; classtype:trojan-activity;sid:84214014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.239.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350912/; classtype:trojan-activity;sid:84214012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.236.75.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350913/; classtype:trojan-activity;sid:84214013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.193.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350911/; classtype:trojan-activity;sid:84214011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.245.192.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350910/; classtype:trojan-activity;sid:84214010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.84.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350909/; classtype:trojan-activity;sid:84214009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.63.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350908/; classtype:trojan-activity;sid:84214008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.84.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350907/; classtype:trojan-activity;sid:84214007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.102.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350906/; classtype:trojan-activity;sid:84214006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.150.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350905/; classtype:trojan-activity;sid:84214005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.85.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350904/; classtype:trojan-activity;sid:84214004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350903/; classtype:trojan-activity;sid:84214003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.27.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350902/; classtype:trojan-activity;sid:84214002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.125.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350901/; classtype:trojan-activity;sid:84214001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.85.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350899/; classtype:trojan-activity;sid:84213999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.154.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350900/; classtype:trojan-activity;sid:84214000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.191.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350898/; classtype:trojan-activity;sid:84213998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.191.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350897/; classtype:trojan-activity;sid:84213997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.62.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350896/; classtype:trojan-activity;sid:84213996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.235.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350895/; classtype:trojan-activity;sid:84213995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.157.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350894/; classtype:trojan-activity;sid:84213994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.90.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350893/; classtype:trojan-activity;sid:84213993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.236.75.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350892/; classtype:trojan-activity;sid:84213992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.127.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350891/; classtype:trojan-activity;sid:84213991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.102.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350890/; classtype:trojan-activity;sid:84213990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350889/; classtype:trojan-activity;sid:84213989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.23.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350888/; classtype:trojan-activity;sid:84213988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.47.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350887/; classtype:trojan-activity;sid:84213987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.235.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350886/; classtype:trojan-activity;sid:84213986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.102.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350885/; classtype:trojan-activity;sid:84213985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350884)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.183.25.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350884/; classtype:trojan-activity;sid:84213984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.16.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350883/; classtype:trojan-activity;sid:84213983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.110.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350882/; classtype:trojan-activity;sid:84213982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.236.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350881/; classtype:trojan-activity;sid:84213981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.173.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350879/; classtype:trojan-activity;sid:84213979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.113.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350880/; classtype:trojan-activity;sid:84213980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.9.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350878/; classtype:trojan-activity;sid:84213978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350877/; classtype:trojan-activity;sid:84213977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.228.76.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350876/; classtype:trojan-activity;sid:84213976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350875/; classtype:trojan-activity;sid:84213975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.164.229.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350874/; classtype:trojan-activity;sid:84213974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.156.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350873/; classtype:trojan-activity;sid:84213973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.47.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350872/; classtype:trojan-activity;sid:84213972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350871/; classtype:trojan-activity;sid:84213971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.242.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350870/; classtype:trojan-activity;sid:84213970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350869/; classtype:trojan-activity;sid:84213969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.22.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350868/; classtype:trojan-activity;sid:84213968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.110.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350867/; classtype:trojan-activity;sid:84213967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.201.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350865/; classtype:trojan-activity;sid:84213965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.15.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350866/; classtype:trojan-activity;sid:84213966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.71.61.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350864/; classtype:trojan-activity;sid:84213964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.24.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350863/; classtype:trojan-activity;sid:84213963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.123.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350862/; classtype:trojan-activity;sid:84213962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350861)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.161.71.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350861/; classtype:trojan-activity;sid:84213961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350860/; classtype:trojan-activity;sid:84213960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350859/; classtype:trojan-activity;sid:84213959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350858/; classtype:trojan-activity;sid:84213958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.223.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350857/; classtype:trojan-activity;sid:84213957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.164.229.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350856/; classtype:trojan-activity;sid:84213956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.160.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350855/; classtype:trojan-activity;sid:84213955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.202.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350854/; classtype:trojan-activity;sid:84213954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.244.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350853/; classtype:trojan-activity;sid:84213953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.68.49.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350852/; classtype:trojan-activity;sid:84213952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.37.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350851/; classtype:trojan-activity;sid:84213951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.88.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350850/; classtype:trojan-activity;sid:84213950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.223.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350849/; classtype:trojan-activity;sid:84213949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.35.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350848/; classtype:trojan-activity;sid:84213948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.44.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350847/; classtype:trojan-activity;sid:84213947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.213.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350845/; classtype:trojan-activity;sid:84213945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.172.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350846/; classtype:trojan-activity;sid:84213946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.159.71.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350844/; classtype:trojan-activity;sid:84213944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.0.112"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350843/; classtype:trojan-activity;sid:84213943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.123.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350842/; classtype:trojan-activity;sid:84213942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.91.105.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350841/; classtype:trojan-activity;sid:84213941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.224.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350839/; classtype:trojan-activity;sid:84213939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.37.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350840/; classtype:trojan-activity;sid:84213940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.88.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350838/; classtype:trojan-activity;sid:84213938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.0.112"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350837/; classtype:trojan-activity;sid:84213937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.45.79.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350836/; classtype:trojan-activity;sid:84213936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.22.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350835/; classtype:trojan-activity;sid:84213935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.71.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350834/; classtype:trojan-activity;sid:84213934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.137.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350833/; classtype:trojan-activity;sid:84213933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.30.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350832/; classtype:trojan-activity;sid:84213932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.48.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350831/; classtype:trojan-activity;sid:84213931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.238.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350829/; classtype:trojan-activity;sid:84213929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.194.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350830/; classtype:trojan-activity;sid:84213930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.200.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350828/; classtype:trojan-activity;sid:84213928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.52.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350827/; classtype:trojan-activity;sid:84213927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.49.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350826/; classtype:trojan-activity;sid:84213926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.63.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350825/; classtype:trojan-activity;sid:84213925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.168.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350824/; classtype:trojan-activity;sid:84213924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.234.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350823/; classtype:trojan-activity;sid:84213923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.171.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350822/; classtype:trojan-activity;sid:84213922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.202.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350821/; classtype:trojan-activity;sid:84213921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.125.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350820/; classtype:trojan-activity;sid:84213920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.195.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350819/; classtype:trojan-activity;sid:84213919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.200.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350818/; classtype:trojan-activity;sid:84213918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.3.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350817/; classtype:trojan-activity;sid:84213917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.206.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350816/; classtype:trojan-activity;sid:84213916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.204.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350809/; classtype:trojan-activity;sid:84213909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350810/; classtype:trojan-activity;sid:84213910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350811/; classtype:trojan-activity;sid:84213911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350812/; classtype:trojan-activity;sid:84213912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.112"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350813/; classtype:trojan-activity;sid:84213913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.192.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350814/; classtype:trojan-activity;sid:84213914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.16.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350815/; classtype:trojan-activity;sid:84213915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350808/; classtype:trojan-activity;sid:84213908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350807/; classtype:trojan-activity;sid:84213907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.247.52.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350806/; classtype:trojan-activity;sid:84213906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.183.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350805/; classtype:trojan-activity;sid:84213905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.87.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350803/; classtype:trojan-activity;sid:84213903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.34.255.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350804/; classtype:trojan-activity;sid:84213904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.245.60.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350799/; classtype:trojan-activity;sid:84213899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350800/; classtype:trojan-activity;sid:84213900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.202.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350801/; classtype:trojan-activity;sid:84213901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.243.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350802/; classtype:trojan-activity;sid:84213902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.233.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350798/; classtype:trojan-activity;sid:84213898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.104.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350797/; classtype:trojan-activity;sid:84213897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.255.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350796/; classtype:trojan-activity;sid:84213896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.234.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350795/; classtype:trojan-activity;sid:84213895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.82.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350794/; classtype:trojan-activity;sid:84213894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.95.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350793/; classtype:trojan-activity;sid:84213893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.127.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350792/; classtype:trojan-activity;sid:84213892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.8.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350791/; classtype:trojan-activity;sid:84213891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.206.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350790/; classtype:trojan-activity;sid:84213890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.100.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350789/; classtype:trojan-activity;sid:84213889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350788/; classtype:trojan-activity;sid:84213888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350787)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.151.72.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350787/; classtype:trojan-activity;sid:84213887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.4.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350786/; classtype:trojan-activity;sid:84213886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.78.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350785/; classtype:trojan-activity;sid:84213885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.19.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350782/; classtype:trojan-activity;sid:84213882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.93.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350783/; classtype:trojan-activity;sid:84213883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.233.169.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350784/; classtype:trojan-activity;sid:84213884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.82.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350781/; classtype:trojan-activity;sid:84213881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.29.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350780/; classtype:trojan-activity;sid:84213880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350775)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.78.65.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350775/; classtype:trojan-activity;sid:84213875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350776)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.78.65.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350776/; classtype:trojan-activity;sid:84213876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350777)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.78.65.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350777/; classtype:trojan-activity;sid:84213877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350778)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.78.65.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350778/; classtype:trojan-activity;sid:84213878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350779)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"147.78.65.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350779/; classtype:trojan-activity;sid:84213879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350774)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.78.65.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350774/; classtype:trojan-activity;sid:84213874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.205.94.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350773/; classtype:trojan-activity;sid:84213873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.100.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350772/; classtype:trojan-activity;sid:84213872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.71.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350771/; classtype:trojan-activity;sid:84213871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.97.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350770/; classtype:trojan-activity;sid:84213870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.7.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350769/; classtype:trojan-activity;sid:84213869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.157.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350768/; classtype:trojan-activity;sid:84213868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.138.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350766/; classtype:trojan-activity;sid:84213866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.17.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350767/; classtype:trojan-activity;sid:84213867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.9.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350765/; classtype:trojan-activity;sid:84213865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.195.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350764/; classtype:trojan-activity;sid:84213864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.45.56.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350763/; classtype:trojan-activity;sid:84213863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.73.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350762/; classtype:trojan-activity;sid:84213862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.10.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350761/; classtype:trojan-activity;sid:84213861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.32.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350760/; classtype:trojan-activity;sid:84213860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.2.47.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350759/; classtype:trojan-activity;sid:84213859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.177.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350758/; classtype:trojan-activity;sid:84213858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.170.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350757/; classtype:trojan-activity;sid:84213857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350753)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%90%d0%bd%d0%ba%d0%b5%d1%82%d0%b0_202412836.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"185.158.248.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350753/; classtype:trojan-activity;sid:84213853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.200.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350754/; classtype:trojan-activity;sid:84213854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350755)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%90%d0%bd%d0%ba%d0%b5%d1%82%d0%b0_202412836.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"tax.diia.me"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350755/; classtype:trojan-activity;sid:84213855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.182.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350756/; classtype:trojan-activity;sid:84213856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.20.56"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350752/; classtype:trojan-activity;sid:84213852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.111.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350751/; classtype:trojan-activity;sid:84213851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350750/; classtype:trojan-activity;sid:84213850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.191.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350749/; classtype:trojan-activity;sid:84213849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.166.62.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350748/; classtype:trojan-activity;sid:84213848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.109.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350747/; classtype:trojan-activity;sid:84213847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350746)"; flow:established,from_client; content:"GET"; http_method; content:"/hs483kf/start.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"document.diiap.me"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350746/; classtype:trojan-activity;sid:84213846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350745)"; flow:established,from_client; content:"GET"; http_method; content:"/hs483kf/front.jpg"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"document.diiap.me"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350745/; classtype:trojan-activity;sid:84213845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.177.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350744/; classtype:trojan-activity;sid:84213844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.161.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350743/; classtype:trojan-activity;sid:84213843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.170.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350742/; classtype:trojan-activity;sid:84213842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350740)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350740/; classtype:trojan-activity;sid:84213840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350741)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350741/; classtype:trojan-activity;sid:84213841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.10.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350739/; classtype:trojan-activity;sid:84213839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350731)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350731/; classtype:trojan-activity;sid:84213831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350732)"; flow:established,from_client; content:"GET"; http_method; content:"/nscmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350732/; classtype:trojan-activity;sid:84213832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350733)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350733/; classtype:trojan-activity;sid:84213833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350734)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350734/; classtype:trojan-activity;sid:84213834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350735)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350735/; classtype:trojan-activity;sid:84213835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.12.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350736/; classtype:trojan-activity;sid:84213836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350737)"; flow:established,from_client; content:"GET"; http_method; content:"/nscmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350737/; classtype:trojan-activity;sid:84213837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350738)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350738/; classtype:trojan-activity;sid:84213838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350729)"; flow:established,from_client; content:"GET"; http_method; content:"/1734097981_d97596c24c29fc1a36c1ce90e50957d9/firmware.safe.armv4l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350729/; classtype:trojan-activity;sid:84213829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350730)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350730/; classtype:trojan-activity;sid:84213830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350710)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350710/; classtype:trojan-activity;sid:84213810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350711)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350711/; classtype:trojan-activity;sid:84213811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350712)"; flow:established,from_client; content:"GET"; http_method; content:"/1734097981_d97596c24c29fc1a36c1ce90e50957d9/firmware.safe.armv6l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350712/; classtype:trojan-activity;sid:84213812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350713)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350713/; classtype:trojan-activity;sid:84213813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350714)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350714/; classtype:trojan-activity;sid:84213814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350715)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350715/; classtype:trojan-activity;sid:84213815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350716)"; flow:established,from_client; content:"GET"; http_method; content:"/1734097981_d97596c24c29fc1a36c1ce90e50957d9/firmware.safe.armv5l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350716/; classtype:trojan-activity;sid:84213816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350717)"; flow:established,from_client; content:"GET"; http_method; content:"/1734098101_6870776c394d0a60c26fdfe429a9cb11/firmware.safe.mips64"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350717/; classtype:trojan-activity;sid:84213817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350718)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w1lubbbv3y9pak91gnenniuvsths7ijfzc"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350718/; classtype:trojan-activity;sid:84213818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350719)"; flow:established,from_client; content:"GET"; http_method; content:"/1734097981_d97596c24c29fc1a36c1ce90e50957d9/firmware.safe.armv7l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350719/; classtype:trojan-activity;sid:84213819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350720)"; flow:established,from_client; content:"GET"; http_method; content:"/1734098101_6870776c394d0a60c26fdfe429a9cb11/firmware.safe.mipsel"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350720/; classtype:trojan-activity;sid:84213820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350721)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350721/; classtype:trojan-activity;sid:84213821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350722)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350722/; classtype:trojan-activity;sid:84213822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350723)"; flow:established,from_client; content:"GET"; http_method; content:"/1734098101_6870776c394d0a60c26fdfe429a9cb11/firmware.safe.mips.dbg"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350723/; classtype:trojan-activity;sid:84213823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350724)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350724/; classtype:trojan-activity;sid:84213824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350725)"; flow:established,from_client; content:"GET"; http_method; content:"/1734098101_6870776c394d0a60c26fdfe429a9cb11/firmware.safe.mips"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350725/; classtype:trojan-activity;sid:84213825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350726)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.111.101.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350726/; classtype:trojan-activity;sid:84213826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350727)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/j0qj68qza4re7dnf7a5j2gefd5qua53i41"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350727/; classtype:trojan-activity;sid:84213827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350728)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/42w2xdgcmdw7nhsvebaysuh9gfuxqmvcgt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350728/; classtype:trojan-activity;sid:84213828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350699)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dvtmhdoqxoj7nflkzpucxvlxickbmxd1fw"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350699/; classtype:trojan-activity;sid:84213799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0cblpqcxkpt8uux3sumzkrxp56vnqzgwid"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350700/; classtype:trojan-activity;sid:84213800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ceobx6qptquvfql29mmftove0jacmhenug"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350701/; classtype:trojan-activity;sid:84213801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/qogm0jgavgx3pwnbrc8j2pl0lxuynbh4k3"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350702/; classtype:trojan-activity;sid:84213802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/87egsypnyo3cxf3uobdu0utqhtq3mjasrn"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350703/; classtype:trojan-activity;sid:84213803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/e6zziygjesx6jndz39ldcrmio0mjtbiqce"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350704/; classtype:trojan-activity;sid:84213804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rztzt9oekxa5gyn2abvb0gni3ygli0p9uc"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350705/; classtype:trojan-activity;sid:84213805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350706)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/05hvyyzhvfl8tviiow1fkl8qbzr0jbx8js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350706/; classtype:trojan-activity;sid:84213806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350707)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ttetntthjwojzhx61qkvqjwxwcl5k3deuh"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350707/; classtype:trojan-activity;sid:84213807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lcaeof26y8uh5ua3rbvmdly16xlccvvsps"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350708/; classtype:trojan-activity;sid:84213808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ndru9uj0x5v4syr2tboatutrmtq8tsnwwr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350709/; classtype:trojan-activity;sid:84213809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350698/; classtype:trojan-activity;sid:84213798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.146.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350697/; classtype:trojan-activity;sid:84213797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350696/; classtype:trojan-activity;sid:84213796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.47.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350695/; classtype:trojan-activity;sid:84213795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350690)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"t-me.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350690/; classtype:trojan-activity;sid:84213790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350691)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"t-me.lol"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350691/; classtype:trojan-activity;sid:84213791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.20.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350692/; classtype:trojan-activity;sid:84213792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350693)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"t-me.cloud"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350693/; classtype:trojan-activity;sid:84213793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.200.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350694/; classtype:trojan-activity;sid:84213794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.41.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350689/; classtype:trojan-activity;sid:84213789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.9.170.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350688/; classtype:trojan-activity;sid:84213788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.165.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350687/; classtype:trojan-activity;sid:84213787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.182.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350686/; classtype:trojan-activity;sid:84213786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.132.113.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350685/; classtype:trojan-activity;sid:84213785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.36.41.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350684/; classtype:trojan-activity;sid:84213784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.161.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350683/; classtype:trojan-activity;sid:84213783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.207.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350681/; classtype:trojan-activity;sid:84213781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350682/; classtype:trojan-activity;sid:84213782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.43.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350680/; classtype:trojan-activity;sid:84213780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350679/; classtype:trojan-activity;sid:84213779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350678/; classtype:trojan-activity;sid:84213778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.165.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350677/; classtype:trojan-activity;sid:84213777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.16.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350676/; classtype:trojan-activity;sid:84213776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.2.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350675/; classtype:trojan-activity;sid:84213775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.190.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350674/; classtype:trojan-activity;sid:84213774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.183.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350673/; classtype:trojan-activity;sid:84213773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.130.95.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350672/; classtype:trojan-activity;sid:84213772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.41.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350670/; classtype:trojan-activity;sid:84213770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.164.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350671/; classtype:trojan-activity;sid:84213771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.201.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350669/; classtype:trojan-activity;sid:84213769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.92.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350668/; classtype:trojan-activity;sid:84213768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.201.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350667/; classtype:trojan-activity;sid:84213767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.126.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350666/; classtype:trojan-activity;sid:84213766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.78.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350665/; classtype:trojan-activity;sid:84213765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.207.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350664/; classtype:trojan-activity;sid:84213764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.140.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350662/; classtype:trojan-activity;sid:84213762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.95.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350663/; classtype:trojan-activity;sid:84213763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350651)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350651/; classtype:trojan-activity;sid:84213751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350652)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350652/; classtype:trojan-activity;sid:84213752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350653)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350653/; classtype:trojan-activity;sid:84213753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350654)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350654/; classtype:trojan-activity;sid:84213754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350655)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350655/; classtype:trojan-activity;sid:84213755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350656)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350656/; classtype:trojan-activity;sid:84213756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350657)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350657/; classtype:trojan-activity;sid:84213757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350658)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350658/; classtype:trojan-activity;sid:84213758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350659)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350659/; classtype:trojan-activity;sid:84213759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350660)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350660/; classtype:trojan-activity;sid:84213760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350661)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/bot.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350661/; classtype:trojan-activity;sid:84213761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350650)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350650/; classtype:trojan-activity;sid:84213750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350648)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350648/; classtype:trojan-activity;sid:84213748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350649)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350649/; classtype:trojan-activity;sid:84213749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350645)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350645/; classtype:trojan-activity;sid:84213745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350646)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350646/; classtype:trojan-activity;sid:84213746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350647)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350647/; classtype:trojan-activity;sid:84213747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350641/; classtype:trojan-activity;sid:84213741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350642)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350642/; classtype:trojan-activity;sid:84213742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350643)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350643/; classtype:trojan-activity;sid:84213743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350644)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350644/; classtype:trojan-activity;sid:84213744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350640)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.42.234.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350640/; classtype:trojan-activity;sid:84213740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.43.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350639/; classtype:trojan-activity;sid:84213739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.78.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350638/; classtype:trojan-activity;sid:84213738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.52.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350637/; classtype:trojan-activity;sid:84213737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.92.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350636/; classtype:trojan-activity;sid:84213736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350635/; classtype:trojan-activity;sid:84213735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.56.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350634/; classtype:trojan-activity;sid:84213734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.95.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350633/; classtype:trojan-activity;sid:84213733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.218.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350631/; classtype:trojan-activity;sid:84213731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.153.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350632/; classtype:trojan-activity;sid:84213732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350630)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/gknbisp.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350630/; classtype:trojan-activity;sid:84213730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350628)"; flow:established,from_client; content:"GET"; http_method; content:"/work/yyy.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lamartesana.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350628/; classtype:trojan-activity;sid:84213728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350629)"; flow:established,from_client; content:"GET"; http_method; content:"/work/yyy.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gxgsxy.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350629/; classtype:trojan-activity;sid:84213729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350626)"; flow:established,from_client; content:"GET"; http_method; content:"/work/yyy.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"homeservicephiladelphia.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350626/; classtype:trojan-activity;sid:84213726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350627)"; flow:established,from_client; content:"GET"; http_method; content:"/work/yyy.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"poucette.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350627/; classtype:trojan-activity;sid:84213727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.164.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350625/; classtype:trojan-activity;sid:84213725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350624)"; flow:established,from_client; content:"GET"; http_method; content:"/work/yyy.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nilsenfk.biz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350624/; classtype:trojan-activity;sid:84213724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350623)"; flow:established,from_client; content:"GET"; http_method; content:"/work/yyy.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"prajapatisamaj.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350623/; classtype:trojan-activity;sid:84213723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.140.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350622/; classtype:trojan-activity;sid:84213722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.225.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350621/; classtype:trojan-activity;sid:84213721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.236.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350620/; classtype:trojan-activity;sid:84213720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.202.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350619/; classtype:trojan-activity;sid:84213719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.95.89"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350618/; classtype:trojan-activity;sid:84213718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.99.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350617/; classtype:trojan-activity;sid:84213717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350616)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350616/; classtype:trojan-activity;sid:84213716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350611)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350611/; classtype:trojan-activity;sid:84213711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350612)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350612/; classtype:trojan-activity;sid:84213712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350613)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350613/; classtype:trojan-activity;sid:84213713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350614)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350614/; classtype:trojan-activity;sid:84213714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350615)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350615/; classtype:trojan-activity;sid:84213715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350610)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350610/; classtype:trojan-activity;sid:84213710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.190.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350609/; classtype:trojan-activity;sid:84213709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350597)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350597/; classtype:trojan-activity;sid:84213697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350598)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350598/; classtype:trojan-activity;sid:84213698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350599)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350599/; classtype:trojan-activity;sid:84213699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350600)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350600/; classtype:trojan-activity;sid:84213700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350601)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350601/; classtype:trojan-activity;sid:84213701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350602)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350602/; classtype:trojan-activity;sid:84213702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350603)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350603/; classtype:trojan-activity;sid:84213703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350604)"; flow:established,from_client; content:"GET"; http_method; content:"/load.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350604/; classtype:trojan-activity;sid:84213704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350605)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350605/; classtype:trojan-activity;sid:84213705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350606)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350606/; classtype:trojan-activity;sid:84213706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350607)"; flow:established,from_client; content:"GET"; http_method; content:"/load.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350607/; classtype:trojan-activity;sid:84213707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350608)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350608/; classtype:trojan-activity;sid:84213708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350595)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350595/; classtype:trojan-activity;sid:84213695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350596)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"atendimento-pj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350596/; classtype:trojan-activity;sid:84213696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350592)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350592/; classtype:trojan-activity;sid:84213692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350593)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350593/; classtype:trojan-activity;sid:84213693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350594)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350594/; classtype:trojan-activity;sid:84213694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350582)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350582/; classtype:trojan-activity;sid:84213682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350583)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350583/; classtype:trojan-activity;sid:84213683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350584)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350584/; classtype:trojan-activity;sid:84213684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350585)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350585/; classtype:trojan-activity;sid:84213685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350586)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350586/; classtype:trojan-activity;sid:84213686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350587)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350587/; classtype:trojan-activity;sid:84213687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350588)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350588/; classtype:trojan-activity;sid:84213688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350589)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350589/; classtype:trojan-activity;sid:84213689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350590)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350590/; classtype:trojan-activity;sid:84213690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350591)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"t.hxhk.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350591/; classtype:trojan-activity;sid:84213691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350581/; classtype:trojan-activity;sid:84213681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.73.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350580/; classtype:trojan-activity;sid:84213680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.186.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350578/; classtype:trojan-activity;sid:84213678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.205.166.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350579/; classtype:trojan-activity;sid:84213679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350577)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.226.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350577/; classtype:trojan-activity;sid:84213677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.33.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350576/; classtype:trojan-activity;sid:84213676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.45.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350575/; classtype:trojan-activity;sid:84213675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.7.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350574/; classtype:trojan-activity;sid:84213674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.56.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350573/; classtype:trojan-activity;sid:84213673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.13.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350572/; classtype:trojan-activity;sid:84213672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.228.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350571/; classtype:trojan-activity;sid:84213671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.190.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350570/; classtype:trojan-activity;sid:84213670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.149.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350569/; classtype:trojan-activity;sid:84213669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.86.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350568/; classtype:trojan-activity;sid:84213668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.65.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350567/; classtype:trojan-activity;sid:84213667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.5.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350566/; classtype:trojan-activity;sid:84213666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350565/; classtype:trojan-activity;sid:84213665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.224.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350564/; classtype:trojan-activity;sid:84213664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350563/; classtype:trojan-activity;sid:84213663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.228.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350562/; classtype:trojan-activity;sid:84213662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.231.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350561/; classtype:trojan-activity;sid:84213661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350560/; classtype:trojan-activity;sid:84213660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.173.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350559/; classtype:trojan-activity;sid:84213659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350558/; classtype:trojan-activity;sid:84213658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.210.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350557/; classtype:trojan-activity;sid:84213657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350556/; classtype:trojan-activity;sid:84213656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.0.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350555/; classtype:trojan-activity;sid:84213655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.72.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350553/; classtype:trojan-activity;sid:84213653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.125.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350554/; classtype:trojan-activity;sid:84213654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.54.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350552/; classtype:trojan-activity;sid:84213652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.44.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350550/; classtype:trojan-activity;sid:84213650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.186.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350551/; classtype:trojan-activity;sid:84213651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350549/; classtype:trojan-activity;sid:84213649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.231.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350548/; classtype:trojan-activity;sid:84213648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.51.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350547/; classtype:trojan-activity;sid:84213647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.132.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350546/; classtype:trojan-activity;sid:84213646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.244.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350545/; classtype:trojan-activity;sid:84213645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.12.98.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350544/; classtype:trojan-activity;sid:84213644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.216.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350543/; classtype:trojan-activity;sid:84213643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350533)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350533/; classtype:trojan-activity;sid:84213633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350534)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350534/; classtype:trojan-activity;sid:84213634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350535)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350535/; classtype:trojan-activity;sid:84213635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350536)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350536/; classtype:trojan-activity;sid:84213636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350537)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350537/; classtype:trojan-activity;sid:84213637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350538)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350538/; classtype:trojan-activity;sid:84213638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350539)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350539/; classtype:trojan-activity;sid:84213639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350540)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350540/; classtype:trojan-activity;sid:84213640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350541)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350541/; classtype:trojan-activity;sid:84213641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350542)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350542/; classtype:trojan-activity;sid:84213642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350532)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.109.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350532/; classtype:trojan-activity;sid:84213632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.125.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350531/; classtype:trojan-activity;sid:84213631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.116.71.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350530/; classtype:trojan-activity;sid:84213630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.138.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350529/; classtype:trojan-activity;sid:84213629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.57.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350528/; classtype:trojan-activity;sid:84213628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350527/; classtype:trojan-activity;sid:84213627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.210.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350526/; classtype:trojan-activity;sid:84213626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.254.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350524/; classtype:trojan-activity;sid:84213624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350525/; classtype:trojan-activity;sid:84213625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350523)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.224.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350523/; classtype:trojan-activity;sid:84213623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.252.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350520/; classtype:trojan-activity;sid:84213620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.38.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350521/; classtype:trojan-activity;sid:84213621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.10.195"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350522/; classtype:trojan-activity;sid:84213622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350519/; classtype:trojan-activity;sid:84213619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.80.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350518/; classtype:trojan-activity;sid:84213618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.216.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350516/; classtype:trojan-activity;sid:84213616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.125.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350517/; classtype:trojan-activity;sid:84213617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.32.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350515/; classtype:trojan-activity;sid:84213615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.32.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350514/; classtype:trojan-activity;sid:84213614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350513/; classtype:trojan-activity;sid:84213613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.8.173.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350512/; classtype:trojan-activity;sid:84213612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.67.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350511/; classtype:trojan-activity;sid:84213611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.75.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350510/; classtype:trojan-activity;sid:84213610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.254.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350509/; classtype:trojan-activity;sid:84213609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.227.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350508/; classtype:trojan-activity;sid:84213608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.114.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350507/; classtype:trojan-activity;sid:84213607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.252.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350506/; classtype:trojan-activity;sid:84213606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.84.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350503/; classtype:trojan-activity;sid:84213603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.230.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350504/; classtype:trojan-activity;sid:84213604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.241.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350505/; classtype:trojan-activity;sid:84213605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.211.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350502/; classtype:trojan-activity;sid:84213602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.58.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350501/; classtype:trojan-activity;sid:84213601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350500/; classtype:trojan-activity;sid:84213600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.32.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350499/; classtype:trojan-activity;sid:84213599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.67.224"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350498/; classtype:trojan-activity;sid:84213598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.191.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350497/; classtype:trojan-activity;sid:84213597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.114.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350496/; classtype:trojan-activity;sid:84213596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350495/; classtype:trojan-activity;sid:84213595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.97.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350494/; classtype:trojan-activity;sid:84213594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.67.224"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350493/; classtype:trojan-activity;sid:84213593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.58.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350492/; classtype:trojan-activity;sid:84213592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.6.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350491/; classtype:trojan-activity;sid:84213591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.211.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350490/; classtype:trojan-activity;sid:84213590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.240.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350489/; classtype:trojan-activity;sid:84213589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.75.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350488/; classtype:trojan-activity;sid:84213588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.154.195.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350487/; classtype:trojan-activity;sid:84213587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350485)"; flow:established,from_client; content:"GET"; http_method; content:"/gxvuok.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350485/; classtype:trojan-activity;sid:84213585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350486)"; flow:established,from_client; content:"GET"; http_method; content:"/4s7rrv.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350486/; classtype:trojan-activity;sid:84213586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350484)"; flow:established,from_client; content:"GET"; http_method; content:"/im55wn.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350484/; classtype:trojan-activity;sid:84213584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350483)"; flow:established,from_client; content:"GET"; http_method; content:"/vnqstl.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350483/; classtype:trojan-activity;sid:84213583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350482)"; flow:established,from_client; content:"GET"; http_method; content:"/xyzg86.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350482/; classtype:trojan-activity;sid:84213582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350481)"; flow:established,from_client; content:"GET"; http_method; content:"/0qvg3h.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350481/; classtype:trojan-activity;sid:84213581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350477)"; flow:established,from_client; content:"GET"; http_method; content:"/t1imjw.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350477/; classtype:trojan-activity;sid:84213577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350478)"; flow:established,from_client; content:"GET"; http_method; content:"/60vd9p.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350478/; classtype:trojan-activity;sid:84213578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350479)"; flow:established,from_client; content:"GET"; http_method; content:"/uvhkzz.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350479/; classtype:trojan-activity;sid:84213579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350480)"; flow:established,from_client; content:"GET"; http_method; content:"/5jyv2o.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350480/; classtype:trojan-activity;sid:84213580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350474)"; flow:established,from_client; content:"GET"; http_method; content:"/6kstk4.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350474/; classtype:trojan-activity;sid:84213574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350475)"; flow:established,from_client; content:"GET"; http_method; content:"/r6v8z5.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350475/; classtype:trojan-activity;sid:84213575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350476)"; flow:established,from_client; content:"GET"; http_method; content:"/yv37ht.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350476/; classtype:trojan-activity;sid:84213576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350472)"; flow:established,from_client; content:"GET"; http_method; content:"/35834x.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350472/; classtype:trojan-activity;sid:84213572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350473)"; flow:established,from_client; content:"GET"; http_method; content:"/kl7uf0.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350473/; classtype:trojan-activity;sid:84213573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350471)"; flow:established,from_client; content:"GET"; http_method; content:"/nkjehn.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350471/; classtype:trojan-activity;sid:84213571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350470)"; flow:established,from_client; content:"GET"; http_method; content:"/05yo79.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350470/; classtype:trojan-activity;sid:84213570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.67.224"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350469/; classtype:trojan-activity;sid:84213569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.250.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350468/; classtype:trojan-activity;sid:84213568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.200.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350467/; classtype:trojan-activity;sid:84213567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350466/; classtype:trojan-activity;sid:84213566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.82.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350465/; classtype:trojan-activity;sid:84213565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.113.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350464/; classtype:trojan-activity;sid:84213564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.128.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350463/; classtype:trojan-activity;sid:84213563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.248.224.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350462/; classtype:trojan-activity;sid:84213562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.97.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350461/; classtype:trojan-activity;sid:84213561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.240.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350460/; classtype:trojan-activity;sid:84213560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.103.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350459/; classtype:trojan-activity;sid:84213559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.154.195.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350458/; classtype:trojan-activity;sid:84213558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.103.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350457/; classtype:trojan-activity;sid:84213557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.146.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350456/; classtype:trojan-activity;sid:84213556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.158.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350455/; classtype:trojan-activity;sid:84213555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.11.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350454/; classtype:trojan-activity;sid:84213554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.36.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350453/; classtype:trojan-activity;sid:84213553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.47.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350452/; classtype:trojan-activity;sid:84213552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.232.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350451/; classtype:trojan-activity;sid:84213551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.102.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350450/; classtype:trojan-activity;sid:84213550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.103.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350449/; classtype:trojan-activity;sid:84213549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.143.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350448/; classtype:trojan-activity;sid:84213548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.6.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350447/; classtype:trojan-activity;sid:84213547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350446/; classtype:trojan-activity;sid:84213546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.225.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350445/; classtype:trojan-activity;sid:84213545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.28.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350444/; classtype:trojan-activity;sid:84213544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.224.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350443/; classtype:trojan-activity;sid:84213543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.196.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350442/; classtype:trojan-activity;sid:84213542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.128.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350441/; classtype:trojan-activity;sid:84213541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.96.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350439/; classtype:trojan-activity;sid:84213539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.114.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350440/; classtype:trojan-activity;sid:84213540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350438)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1317230589354446939/1317610463793643641/bootstrapperv1.23_1.exe|3f|ex=675f4fde|7c|26|7c|is=675dfe5e|7c|26|7c|hm=5ed97ac04061b6aac812f644ccea9943c66f77cc6f4c84d81aef04bcb001932f|7c|26|7c|"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350438/; classtype:trojan-activity;sid:84213538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350437)"; flow:established,from_client; content:"GET"; http_method; content:"/cgl8of.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350437/; classtype:trojan-activity;sid:84213537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.143.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350436/; classtype:trojan-activity;sid:84213536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.28.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350435/; classtype:trojan-activity;sid:84213535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.113.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350434/; classtype:trojan-activity;sid:84213534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.202.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350433/; classtype:trojan-activity;sid:84213533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.214.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350432/; classtype:trojan-activity;sid:84213532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.176.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350431/; classtype:trojan-activity;sid:84213531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.96.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350430/; classtype:trojan-activity;sid:84213530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.72.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350429/; classtype:trojan-activity;sid:84213529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.111.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350428/; classtype:trojan-activity;sid:84213528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350427)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.204.97.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350427/; classtype:trojan-activity;sid:84213527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.37.232.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350425/; classtype:trojan-activity;sid:84213525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350426)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.204.97.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350426/; classtype:trojan-activity;sid:84213526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350424/; classtype:trojan-activity;sid:84213524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.125.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350423/; classtype:trojan-activity;sid:84213523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.240.39.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350422/; classtype:trojan-activity;sid:84213522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.176.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350421/; classtype:trojan-activity;sid:84213521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.141.115.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350420/; classtype:trojan-activity;sid:84213520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.208.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350419/; classtype:trojan-activity;sid:84213519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350418)"; flow:established,from_client; content:"GET"; http_method; content:"/gay/spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350418/; classtype:trojan-activity;sid:84213518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350416)"; flow:established,from_client; content:"GET"; http_method; content:"/gay/m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350416/; classtype:trojan-activity;sid:84213516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350417)"; flow:established,from_client; content:"GET"; http_method; content:"/gay/sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350417/; classtype:trojan-activity;sid:84213517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.186.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350415/; classtype:trojan-activity;sid:84213515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.189.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350413/; classtype:trojan-activity;sid:84213513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.200.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350414/; classtype:trojan-activity;sid:84213514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.176.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350412/; classtype:trojan-activity;sid:84213512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/qnkrqiaylojkl08pmdxqoxxjaujni7a70k"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350404/; classtype:trojan-activity;sid:84213504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/msvasy4b84q8omde416ygfoeavgs2vuzod"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350405/; classtype:trojan-activity;sid:84213505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yidhqzqjcacm5d1e9cssahddoxu0iwssen"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350406/; classtype:trojan-activity;sid:84213506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ajtuduvutafvhbxyc4k0cryz0ayiwuyk9k"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350407/; classtype:trojan-activity;sid:84213507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/u089ku1ecdph1x3xnootjmfoarbc5sbr6q"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350408/; classtype:trojan-activity;sid:84213508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/l7d3n4y6k0invitx0lle5gzqkfoq8ww1la"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350409/; classtype:trojan-activity;sid:84213509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/9rixdnwhbpy2znapcp162iowdxkkvrjp9p"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350410/; classtype:trojan-activity;sid:84213510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/noicbbtyvt6uw4voo8cfyxoarxpcj1rtht"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350411/; classtype:trojan-activity;sid:84213511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/d0vdtfthnni3vsd6x2ohpkvj1jpguw4pqq"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350399/; classtype:trojan-activity;sid:84213499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ydenxaxbkxrz5tu0nfwyerxtsqqj84x6g9"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350400/; classtype:trojan-activity;sid:84213500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0tvtojn8080zrusven5pevq827c9rcukku"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350401/; classtype:trojan-activity;sid:84213501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bzyjyodpop9cfyiytizk3xhrp5ziote7qv"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350402/; classtype:trojan-activity;sid:84213502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/heokajjuyphswuv3rmk3gw0qz55n7fdyss"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"conn.masjesu.zip"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350403/; classtype:trojan-activity;sid:84213503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.204.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350398/; classtype:trojan-activity;sid:84213498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.111.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350397/; classtype:trojan-activity;sid:84213497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.141.115.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350396/; classtype:trojan-activity;sid:84213496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350395)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv4eb"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350395/; classtype:trojan-activity;sid:84213495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350389)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350389/; classtype:trojan-activity;sid:84213489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350390)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/b/armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350390/; classtype:trojan-activity;sid:84213490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350391)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/mips64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350391/; classtype:trojan-activity;sid:84213491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350392)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/armv4eb"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350392/; classtype:trojan-activity;sid:84213492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350393)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/b/armv4eb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350393/; classtype:trojan-activity;sid:84213493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350394)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/riscv32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350394/; classtype:trojan-activity;sid:84213494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350365)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350365/; classtype:trojan-activity;sid:84213465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350366)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350366/; classtype:trojan-activity;sid:84213466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350367)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350367/; classtype:trojan-activity;sid:84213467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350368)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350368/; classtype:trojan-activity;sid:84213468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350369)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350369/; classtype:trojan-activity;sid:84213469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350370)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/powerpc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350370/; classtype:trojan-activity;sid:84213470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350371)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/superh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350371/; classtype:trojan-activity;sid:84213471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350372)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350372/; classtype:trojan-activity;sid:84213472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350373)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/b/armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350373/; classtype:trojan-activity;sid:84213473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350374)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/powerpc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350374/; classtype:trojan-activity;sid:84213474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350375)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/b/armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350375/; classtype:trojan-activity;sid:84213475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350376)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/riscv32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350376/; classtype:trojan-activity;sid:84213476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350377)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350377/; classtype:trojan-activity;sid:84213477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350378)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/sparc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350378/; classtype:trojan-activity;sid:84213478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350379)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/mipsel"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350379/; classtype:trojan-activity;sid:84213479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350380)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/b/armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350380/; classtype:trojan-activity;sid:84213480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350381)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/mipsel"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350381/; classtype:trojan-activity;sid:84213481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350382)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/i686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350382/; classtype:trojan-activity;sid:84213482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350383)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350383/; classtype:trojan-activity;sid:84213483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350384)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/sparc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350384/; classtype:trojan-activity;sid:84213484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350385)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350385/; classtype:trojan-activity;sid:84213485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350386)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/arc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350386/; classtype:trojan-activity;sid:84213486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350387)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350387/; classtype:trojan-activity;sid:84213487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350388)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/mips64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350388/; classtype:trojan-activity;sid:84213488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350362)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350362/; classtype:trojan-activity;sid:84213462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350363)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/arc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350363/; classtype:trojan-activity;sid:84213463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350364)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350364/; classtype:trojan-activity;sid:84213464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350357)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350357/; classtype:trojan-activity;sid:84213457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.86.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350358/; classtype:trojan-activity;sid:84213458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350359)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv4eb"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350359/; classtype:trojan-activity;sid:84213459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350360)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350360/; classtype:trojan-activity;sid:84213460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350361)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"o0s.cc"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350361/; classtype:trojan-activity;sid:84213461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350355/; classtype:trojan-activity;sid:84213455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.152.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350354/; classtype:trojan-activity;sid:84213454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.20.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350353/; classtype:trojan-activity;sid:84213453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.151.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350352/; classtype:trojan-activity;sid:84213452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.177.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350351/; classtype:trojan-activity;sid:84213451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.184.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350350/; classtype:trojan-activity;sid:84213450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.232.173.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350349/; classtype:trojan-activity;sid:84213449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.151.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350347/; classtype:trojan-activity;sid:84213447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.71.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350348/; classtype:trojan-activity;sid:84213448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.148.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350344/; classtype:trojan-activity;sid:84213444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.152.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350345/; classtype:trojan-activity;sid:84213445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.119.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350346/; classtype:trojan-activity;sid:84213446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350343)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1315756106508931112/1315756165275193364/bootstrapperv1.23_1.exe|3f|ex=675f286b|7c|26|7c|is=675dd6eb|7c|26|7c|hm=6df2b4bb603571546b6f391d4d27edee911d9f390b3328034fc60c7bea158ec4|7c|26|7c|"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350343/; classtype:trojan-activity;sid:84213443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350342)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.173.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350342/; classtype:trojan-activity;sid:84213442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.45.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350341/; classtype:trojan-activity;sid:84213441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.225.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350340/; classtype:trojan-activity;sid:84213440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350339)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1317527247959232523/1317572448970997820/bootstrapperv1.23_1.exe|3f|ex=675fd537|7c|26|7c|is=675e83b7|7c|26|7c|hm=491734cb2e091af480993f403297320f30458aafe4d0a8106dfce115afd4b829|7c|26|7c|"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350339/; classtype:trojan-activity;sid:84213439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.86.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350338/; classtype:trojan-activity;sid:84213438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.178.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350337/; classtype:trojan-activity;sid:84213437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.23.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350336/; classtype:trojan-activity;sid:84213436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.23.39"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350335/; classtype:trojan-activity;sid:84213435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.73.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350334/; classtype:trojan-activity;sid:84213434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.39.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350332/; classtype:trojan-activity;sid:84213432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350333)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.100.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350333/; classtype:trojan-activity;sid:84213433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.190.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350331/; classtype:trojan-activity;sid:84213431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.83.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350330/; classtype:trojan-activity;sid:84213430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.115.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350329/; classtype:trojan-activity;sid:84213429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.235.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350328/; classtype:trojan-activity;sid:84213428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.120.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350327/; classtype:trojan-activity;sid:84213427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.255.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350326/; classtype:trojan-activity;sid:84213426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350325)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.204.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350325/; classtype:trojan-activity;sid:84213425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.158.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350324/; classtype:trojan-activity;sid:84213424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350323/; classtype:trojan-activity;sid:84213423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.11.62.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350322/; classtype:trojan-activity;sid:84213422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350321/; classtype:trojan-activity;sid:84213421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350320/; classtype:trojan-activity;sid:84213420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.91.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350319/; classtype:trojan-activity;sid:84213419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.83.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350318/; classtype:trojan-activity;sid:84213418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.179.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350317/; classtype:trojan-activity;sid:84213417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.219.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350316/; classtype:trojan-activity;sid:84213416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.46.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350315/; classtype:trojan-activity;sid:84213415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.49.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350314/; classtype:trojan-activity;sid:84213414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.253.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350313/; classtype:trojan-activity;sid:84213413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.253.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350312/; classtype:trojan-activity;sid:84213412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.83.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350311/; classtype:trojan-activity;sid:84213411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.63.86.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350310/; classtype:trojan-activity;sid:84213410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350309)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350309/; classtype:trojan-activity;sid:84213409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350289)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350289/; classtype:trojan-activity;sid:84213389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350290)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350290/; classtype:trojan-activity;sid:84213390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350291)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/arc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350291/; classtype:trojan-activity;sid:84213391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350292)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350292/; classtype:trojan-activity;sid:84213392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350293)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/superh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350293/; classtype:trojan-activity;sid:84213393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350294)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/riscv32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350294/; classtype:trojan-activity;sid:84213394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350295)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/mipsel"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350295/; classtype:trojan-activity;sid:84213395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350296)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350296/; classtype:trojan-activity;sid:84213396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350297)"; flow:established,from_client; content:"GET"; http_method; content:"/s"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350297/; classtype:trojan-activity;sid:84213397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350298)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv4eb"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350298/; classtype:trojan-activity;sid:84213398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350299)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350299/; classtype:trojan-activity;sid:84213399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350300)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/mipsel64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350300/; classtype:trojan-activity;sid:84213400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350301)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/i686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350301/; classtype:trojan-activity;sid:84213401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350302)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350302/; classtype:trojan-activity;sid:84213402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350303)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350303/; classtype:trojan-activity;sid:84213403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350304)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/sparc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350304/; classtype:trojan-activity;sid:84213404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350305)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/powerpc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350305/; classtype:trojan-activity;sid:84213405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350306)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/wget"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350306/; classtype:trojan-activity;sid:84213406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350307)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350307/; classtype:trojan-activity;sid:84213407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350308)"; flow:established,from_client; content:"GET"; http_method; content:"/ss/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.125.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350308/; classtype:trojan-activity;sid:84213408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.112.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350287/; classtype:trojan-activity;sid:84213387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350286/; classtype:trojan-activity;sid:84213386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350284/; classtype:trojan-activity;sid:84213384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350285/; classtype:trojan-activity;sid:84213385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.19.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350282/; classtype:trojan-activity;sid:84213382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.53.54.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350283/; classtype:trojan-activity;sid:84213383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.93.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350281/; classtype:trojan-activity;sid:84213381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350280/; classtype:trojan-activity;sid:84213380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350279/; classtype:trojan-activity;sid:84213379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.247.52.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350278/; classtype:trojan-activity;sid:84213378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.177.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350277/; classtype:trojan-activity;sid:84213377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.195.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350276/; classtype:trojan-activity;sid:84213376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.219.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350275/; classtype:trojan-activity;sid:84213375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.78.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350274/; classtype:trojan-activity;sid:84213374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.156.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350273/; classtype:trojan-activity;sid:84213373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.253.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350272/; classtype:trojan-activity;sid:84213372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.120.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350271/; classtype:trojan-activity;sid:84213371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.62.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350270/; classtype:trojan-activity;sid:84213370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.39.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350269/; classtype:trojan-activity;sid:84213369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.83.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350268/; classtype:trojan-activity;sid:84213368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.253.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350267/; classtype:trojan-activity;sid:84213367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350266)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350266/; classtype:trojan-activity;sid:84213366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350265)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350265/; classtype:trojan-activity;sid:84213365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350239)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350239/; classtype:trojan-activity;sid:84213339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350240)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350240/; classtype:trojan-activity;sid:84213340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350241)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350241/; classtype:trojan-activity;sid:84213341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350242)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350242/; classtype:trojan-activity;sid:84213342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350243)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350243/; classtype:trojan-activity;sid:84213343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350244)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350244/; classtype:trojan-activity;sid:84213344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350245)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350245/; classtype:trojan-activity;sid:84213345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350246)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350246/; classtype:trojan-activity;sid:84213346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350247)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350247/; classtype:trojan-activity;sid:84213347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350248)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350248/; classtype:trojan-activity;sid:84213348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350249)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350249/; classtype:trojan-activity;sid:84213349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350250)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350250/; classtype:trojan-activity;sid:84213350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350251)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350251/; classtype:trojan-activity;sid:84213351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350252)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350252/; classtype:trojan-activity;sid:84213352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350253)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350253/; classtype:trojan-activity;sid:84213353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350254)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350254/; classtype:trojan-activity;sid:84213354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350255)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350255/; classtype:trojan-activity;sid:84213355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350256)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350256/; classtype:trojan-activity;sid:84213356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350257)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350257/; classtype:trojan-activity;sid:84213357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350258)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350258/; classtype:trojan-activity;sid:84213358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350259)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350259/; classtype:trojan-activity;sid:84213359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350260)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350260/; classtype:trojan-activity;sid:84213360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350261)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350261/; classtype:trojan-activity;sid:84213361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350262)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350262/; classtype:trojan-activity;sid:84213362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350263)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350263/; classtype:trojan-activity;sid:84213363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350264)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350264/; classtype:trojan-activity;sid:84213364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350237)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350237/; classtype:trojan-activity;sid:84213337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350238)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350238/; classtype:trojan-activity;sid:84213338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350202)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350202/; classtype:trojan-activity;sid:84213302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350203)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350203/; classtype:trojan-activity;sid:84213303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350204)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350204/; classtype:trojan-activity;sid:84213304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350205)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350205/; classtype:trojan-activity;sid:84213305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350206)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350206/; classtype:trojan-activity;sid:84213306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350207)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350207/; classtype:trojan-activity;sid:84213307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350208)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350208/; classtype:trojan-activity;sid:84213308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350209)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350209/; classtype:trojan-activity;sid:84213309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350210)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350210/; classtype:trojan-activity;sid:84213310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350211)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350211/; classtype:trojan-activity;sid:84213311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350212)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350212/; classtype:trojan-activity;sid:84213312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350213)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350213/; classtype:trojan-activity;sid:84213313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350214)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350214/; classtype:trojan-activity;sid:84213314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350215)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350215/; classtype:trojan-activity;sid:84213315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350216)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350216/; classtype:trojan-activity;sid:84213316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350217)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350217/; classtype:trojan-activity;sid:84213317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350218)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350218/; classtype:trojan-activity;sid:84213318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350219)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350219/; classtype:trojan-activity;sid:84213319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350220)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350220/; classtype:trojan-activity;sid:84213320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350221)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350221/; classtype:trojan-activity;sid:84213321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350222)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350222/; classtype:trojan-activity;sid:84213322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350223)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350223/; classtype:trojan-activity;sid:84213323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350224)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350224/; classtype:trojan-activity;sid:84213324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350225)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350225/; classtype:trojan-activity;sid:84213325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350226)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350226/; classtype:trojan-activity;sid:84213326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350227)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350227/; classtype:trojan-activity;sid:84213327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350228)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350228/; classtype:trojan-activity;sid:84213328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350229)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350229/; classtype:trojan-activity;sid:84213329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350230)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350230/; classtype:trojan-activity;sid:84213330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350231)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350231/; classtype:trojan-activity;sid:84213331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350232)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350232/; classtype:trojan-activity;sid:84213332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350233)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350233/; classtype:trojan-activity;sid:84213333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350234)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350234/; classtype:trojan-activity;sid:84213334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350235)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350235/; classtype:trojan-activity;sid:84213335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350236)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350236/; classtype:trojan-activity;sid:84213336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.168.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350201/; classtype:trojan-activity;sid:84213301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.241.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350200/; classtype:trojan-activity;sid:84213300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350199)"; flow:established,from_client; content:"GET"; http_method; content:"/stelin/gosjeufon.cpl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.125.67.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350199/; classtype:trojan-activity;sid:84213299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350198)"; flow:established,from_client; content:"GET"; http_method; content:"/stelin/rwcla.cpl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.125.67.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350198/; classtype:trojan-activity;sid:84213298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.195.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350197/; classtype:trojan-activity;sid:84213297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.54.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350196/; classtype:trojan-activity;sid:84213296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.78.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350195/; classtype:trojan-activity;sid:84213295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350194/; classtype:trojan-activity;sid:84213294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.146.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350055/; classtype:trojan-activity;sid:84213155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.54.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350054/; classtype:trojan-activity;sid:84213154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.1.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350053/; classtype:trojan-activity;sid:84213153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.6.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350052/; classtype:trojan-activity;sid:84213152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.250.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350051/; classtype:trojan-activity;sid:84213151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.168.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350050/; classtype:trojan-activity;sid:84213150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.173.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350049/; classtype:trojan-activity;sid:84213149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.66.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350048/; classtype:trojan-activity;sid:84213148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.252.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350047/; classtype:trojan-activity;sid:84213147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.229.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350046/; classtype:trojan-activity;sid:84213146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.233.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350045/; classtype:trojan-activity;sid:84213145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.199.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350044/; classtype:trojan-activity;sid:84213144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.177.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350042/; classtype:trojan-activity;sid:84213142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350043/; classtype:trojan-activity;sid:84213143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350041/; classtype:trojan-activity;sid:84213141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350036)"; flow:established,from_client; content:"GET"; http_method; content:"/frnd.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.45.47.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350036/; classtype:trojan-activity;sid:84213136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350037)"; flow:established,from_client; content:"GET"; http_method; content:"/hellres.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.45.47.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350037/; classtype:trojan-activity;sid:84213137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350038)"; flow:established,from_client; content:"GET"; http_method; content:"/duschno.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.45.47.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350038/; classtype:trojan-activity;sid:84213138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350039)"; flow:established,from_client; content:"GET"; http_method; content:"/resp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.45.47.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350039/; classtype:trojan-activity;sid:84213139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350040)"; flow:established,from_client; content:"GET"; http_method; content:"/frnd1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.47.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350040/; classtype:trojan-activity;sid:84213140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.208.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350035/; classtype:trojan-activity;sid:84213135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.137.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350034/; classtype:trojan-activity;sid:84213134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350033/; classtype:trojan-activity;sid:84213133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350032/; classtype:trojan-activity;sid:84213132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350031/; classtype:trojan-activity;sid:84213131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.111.131.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350030/; classtype:trojan-activity;sid:84213130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.252.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350029/; classtype:trojan-activity;sid:84213129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350028/; classtype:trojan-activity;sid:84213128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.165.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350026/; classtype:trojan-activity;sid:84213126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.62.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350027/; classtype:trojan-activity;sid:84213127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.66.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350025/; classtype:trojan-activity;sid:84213125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.68.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350024/; classtype:trojan-activity;sid:84213124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.40.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350023/; classtype:trojan-activity;sid:84213123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.199.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350022/; classtype:trojan-activity;sid:84213122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350021/; classtype:trojan-activity;sid:84213121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.75.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350020/; classtype:trojan-activity;sid:84213120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.247.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350018/; classtype:trojan-activity;sid:84213118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.26.56.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350019/; classtype:trojan-activity;sid:84213119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.21.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350017/; classtype:trojan-activity;sid:84213117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.28.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350015/; classtype:trojan-activity;sid:84213115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350016/; classtype:trojan-activity;sid:84213116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350014)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.238.33.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350014/; classtype:trojan-activity;sid:84213114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.156.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350011/; classtype:trojan-activity;sid:84213111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.21.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350012/; classtype:trojan-activity;sid:84213112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.7.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350013/; classtype:trojan-activity;sid:84213113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350009)"; flow:established,from_client; content:"GET"; http_method; content:"/igz/igz.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350009/; classtype:trojan-activity;sid:84213109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350010)"; flow:established,from_client; content:"GET"; http_method; content:"/igz/igz.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350010/; classtype:trojan-activity;sid:84213110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350005)"; flow:established,from_client; content:"GET"; http_method; content:"/igz/igz.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350005/; classtype:trojan-activity;sid:84213105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350006)"; flow:established,from_client; content:"GET"; http_method; content:"/igz/igz.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350006/; classtype:trojan-activity;sid:84213106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350007)"; flow:established,from_client; content:"GET"; http_method; content:"/igz/igz.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350007/; classtype:trojan-activity;sid:84213107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350008)"; flow:established,from_client; content:"GET"; http_method; content:"/igz/igz.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350008/; classtype:trojan-activity;sid:84213108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350000)"; flow:established,from_client; content:"GET"; http_method; content:"/igz/igz.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350000/; classtype:trojan-activity;sid:84213100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350001)"; flow:established,from_client; content:"GET"; http_method; content:"/igz/igz.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350001/; classtype:trojan-activity;sid:84213101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350002)"; flow:established,from_client; content:"GET"; http_method; content:"/igz/igz.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350002/; classtype:trojan-activity;sid:84213102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350003)"; flow:established,from_client; content:"GET"; http_method; content:"/igz/igz.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350003/; classtype:trojan-activity;sid:84213103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3350004)"; flow:established,from_client; content:"GET"; http_method; content:"/igz/igz.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3350004/; classtype:trojan-activity;sid:84213104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349999)"; flow:established,from_client; content:"GET"; http_method; content:"/oblivion121.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349999/; classtype:trojan-activity;sid:84213099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.200.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349998/; classtype:trojan-activity;sid:84213098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349996/; classtype:trojan-activity;sid:84213096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.255.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349997/; classtype:trojan-activity;sid:84213097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349995/; classtype:trojan-activity;sid:84213095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349994/; classtype:trojan-activity;sid:84213094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349993/; classtype:trojan-activity;sid:84213093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.144.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349991/; classtype:trojan-activity;sid:84213091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.28.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349992/; classtype:trojan-activity;sid:84213092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349990/; classtype:trojan-activity;sid:84213090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.41.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349989/; classtype:trojan-activity;sid:84213089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.153.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349988/; classtype:trojan-activity;sid:84213088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.43.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349987/; classtype:trojan-activity;sid:84213087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.34.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349986/; classtype:trojan-activity;sid:84213086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.115.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349984/; classtype:trojan-activity;sid:84213084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.146.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349985/; classtype:trojan-activity;sid:84213085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.166.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349983/; classtype:trojan-activity;sid:84213083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.144.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349982/; classtype:trojan-activity;sid:84213082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349981/; classtype:trojan-activity;sid:84213081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.1.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349980/; classtype:trojan-activity;sid:84213080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.115.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349979/; classtype:trojan-activity;sid:84213079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.104.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349978/; classtype:trojan-activity;sid:84213078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349977/; classtype:trojan-activity;sid:84213077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.153.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349976/; classtype:trojan-activity;sid:84213076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.43.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349973/; classtype:trojan-activity;sid:84213073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.93.171.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349974/; classtype:trojan-activity;sid:84213074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.122.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349975/; classtype:trojan-activity;sid:84213075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349972)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349972/; classtype:trojan-activity;sid:84213072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.94.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349971/; classtype:trojan-activity;sid:84213071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349958)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.baidunc.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349958/; classtype:trojan-activity;sid:84213058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349959)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.baidunc.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349959/; classtype:trojan-activity;sid:84213059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349960)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.baidunc.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349960/; classtype:trojan-activity;sid:84213060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349961)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.baidunc.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349961/; classtype:trojan-activity;sid:84213061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349962)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botnet.baidunc.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349962/; classtype:trojan-activity;sid:84213062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349963)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.baidunc.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349963/; classtype:trojan-activity;sid:84213063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349964)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.baidunc.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349964/; classtype:trojan-activity;sid:84213064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349965)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.baidunc.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349965/; classtype:trojan-activity;sid:84213065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349966)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"134.122.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349966/; classtype:trojan-activity;sid:84213066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.10.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349967/; classtype:trojan-activity;sid:84213067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349968)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.baidunc.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349968/; classtype:trojan-activity;sid:84213068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349969)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.baidunc.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349969/; classtype:trojan-activity;sid:84213069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349970)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.baidunc.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349970/; classtype:trojan-activity;sid:84213070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349957)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"134.122.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349957/; classtype:trojan-activity;sid:84213057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.23.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349956/; classtype:trojan-activity;sid:84213056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349948)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349948/; classtype:trojan-activity;sid:84213048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349949)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349949/; classtype:trojan-activity;sid:84213049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349950)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"134.122.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349950/; classtype:trojan-activity;sid:84213050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349951)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"134.122.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349951/; classtype:trojan-activity;sid:84213051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349952)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349952/; classtype:trojan-activity;sid:84213052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349953)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349953/; classtype:trojan-activity;sid:84213053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349954)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349954/; classtype:trojan-activity;sid:84213054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349955)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"134.122.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349955/; classtype:trojan-activity;sid:84213055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349947/; classtype:trojan-activity;sid:84213047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349946/; classtype:trojan-activity;sid:84213046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.5.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349945/; classtype:trojan-activity;sid:84213045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349940)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"166.88.225.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349940/; classtype:trojan-activity;sid:84213040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349941)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"166.88.225.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349941/; classtype:trojan-activity;sid:84213041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349942)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.225.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349942/; classtype:trojan-activity;sid:84213042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349943)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"166.88.225.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349943/; classtype:trojan-activity;sid:84213043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349944)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"166.88.225.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349944/; classtype:trojan-activity;sid:84213044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349939)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.225.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349939/; classtype:trojan-activity;sid:84213039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349935)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"166.88.225.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349935/; classtype:trojan-activity;sid:84213035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349936)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"166.88.225.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349936/; classtype:trojan-activity;sid:84213036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349937)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"166.88.225.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349937/; classtype:trojan-activity;sid:84213037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349938)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"166.88.225.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349938/; classtype:trojan-activity;sid:84213038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.166.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349934/; classtype:trojan-activity;sid:84213034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.11.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349933/; classtype:trojan-activity;sid:84213033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349932/; classtype:trojan-activity;sid:84213032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.43.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349931/; classtype:trojan-activity;sid:84213031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.6.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349930/; classtype:trojan-activity;sid:84213030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.93.171.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349929/; classtype:trojan-activity;sid:84213029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.172.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349927/; classtype:trojan-activity;sid:84213027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.84.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349928/; classtype:trojan-activity;sid:84213028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.83.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349926/; classtype:trojan-activity;sid:84213026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349925/; classtype:trojan-activity;sid:84213025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349924/; classtype:trojan-activity;sid:84213024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.23.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349923/; classtype:trojan-activity;sid:84213023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.97.246"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349922/; classtype:trojan-activity;sid:84213022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.199.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349921/; classtype:trojan-activity;sid:84213021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.14.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349920/; classtype:trojan-activity;sid:84213020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.128.95.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349919/; classtype:trojan-activity;sid:84213019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349918/; classtype:trojan-activity;sid:84213018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.67.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349917/; classtype:trojan-activity;sid:84213017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349916/; classtype:trojan-activity;sid:84213016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349915/; classtype:trojan-activity;sid:84213015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.151.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349914/; classtype:trojan-activity;sid:84213014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.200.85.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349913/; classtype:trojan-activity;sid:84213013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349912/; classtype:trojan-activity;sid:84213012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.153.99.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349911/; classtype:trojan-activity;sid:84213011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349910/; classtype:trojan-activity;sid:84213010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349908/; classtype:trojan-activity;sid:84213008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.55.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349909/; classtype:trojan-activity;sid:84213009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349907/; classtype:trojan-activity;sid:84213007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.172.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349906/; classtype:trojan-activity;sid:84213006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349905/; classtype:trojan-activity;sid:84213005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.175.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349904/; classtype:trojan-activity;sid:84213004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349903/; classtype:trojan-activity;sid:84213003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.212.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349902/; classtype:trojan-activity;sid:84213002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.86.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349901/; classtype:trojan-activity;sid:84213001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.15.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349900/; classtype:trojan-activity;sid:84213000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.10.153.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349899/; classtype:trojan-activity;sid:84212999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.84.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349898/; classtype:trojan-activity;sid:84212998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349897/; classtype:trojan-activity;sid:84212997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.239.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349896/; classtype:trojan-activity;sid:84212996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349895/; classtype:trojan-activity;sid:84212995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349894/; classtype:trojan-activity;sid:84212994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349893/; classtype:trojan-activity;sid:84212993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.64.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349892/; classtype:trojan-activity;sid:84212992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.209.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349890/; classtype:trojan-activity;sid:84212990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.151.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349891/; classtype:trojan-activity;sid:84212991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.183.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349889/; classtype:trojan-activity;sid:84212989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.10.153.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349888/; classtype:trojan-activity;sid:84212988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.15.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349887/; classtype:trojan-activity;sid:84212987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.126.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349886/; classtype:trojan-activity;sid:84212986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349885/; classtype:trojan-activity;sid:84212985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.172.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349884/; classtype:trojan-activity;sid:84212984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.70.185.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349882/; classtype:trojan-activity;sid:84212982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.200.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349883/; classtype:trojan-activity;sid:84212983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.243.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349881/; classtype:trojan-activity;sid:84212981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.81.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349880/; classtype:trojan-activity;sid:84212980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.125.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349879/; classtype:trojan-activity;sid:84212979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.60.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349878/; classtype:trojan-activity;sid:84212978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.67.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349877/; classtype:trojan-activity;sid:84212977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.70.185.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349876/; classtype:trojan-activity;sid:84212976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.121.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349875/; classtype:trojan-activity;sid:84212975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.177.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349874/; classtype:trojan-activity;sid:84212974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.196.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349873/; classtype:trojan-activity;sid:84212973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349872)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349872/; classtype:trojan-activity;sid:84212972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.195.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349871/; classtype:trojan-activity;sid:84212971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349870/; classtype:trojan-activity;sid:84212970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349869/; classtype:trojan-activity;sid:84212969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.76.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349867/; classtype:trojan-activity;sid:84212967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.239.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349868/; classtype:trojan-activity;sid:84212968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.185.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349866/; classtype:trojan-activity;sid:84212966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.86.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349865/; classtype:trojan-activity;sid:84212965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.154.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349864/; classtype:trojan-activity;sid:84212964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.158.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349863/; classtype:trojan-activity;sid:84212963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.170.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349862/; classtype:trojan-activity;sid:84212962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.121.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349861/; classtype:trojan-activity;sid:84212961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.60.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349860/; classtype:trojan-activity;sid:84212960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349858)"; flow:established,from_client; content:"GET"; http_method; content:"/work/original.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"prajapatisamaj.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349858/; classtype:trojan-activity;sid:84212958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349859)"; flow:established,from_client; content:"GET"; http_method; content:"/work/index.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"prajapatisamaj.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349859/; classtype:trojan-activity;sid:84212959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.195.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349857/; classtype:trojan-activity;sid:84212957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.123.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349856/; classtype:trojan-activity;sid:84212956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.208.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349854/; classtype:trojan-activity;sid:84212954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.196.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349855/; classtype:trojan-activity;sid:84212955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.81.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349853/; classtype:trojan-activity;sid:84212953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.119.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349852/; classtype:trojan-activity;sid:84212952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.228.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349851/; classtype:trojan-activity;sid:84212951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.194.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349850/; classtype:trojan-activity;sid:84212950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.2.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349849/; classtype:trojan-activity;sid:84212949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.194.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349848/; classtype:trojan-activity;sid:84212948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349847/; classtype:trojan-activity;sid:84212947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.76.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349846/; classtype:trojan-activity;sid:84212946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.206.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349845/; classtype:trojan-activity;sid:84212945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.177.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349844/; classtype:trojan-activity;sid:84212944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.86.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349843/; classtype:trojan-activity;sid:84212943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.221.45.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349842/; classtype:trojan-activity;sid:84212942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.9.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349841/; classtype:trojan-activity;sid:84212941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.5.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349840/; classtype:trojan-activity;sid:84212940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.78.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349839/; classtype:trojan-activity;sid:84212939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.228.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349838/; classtype:trojan-activity;sid:84212938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.100.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349837/; classtype:trojan-activity;sid:84212937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.87.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349836/; classtype:trojan-activity;sid:84212936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349835/; classtype:trojan-activity;sid:84212935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349834/; classtype:trojan-activity;sid:84212934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.209.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349833/; classtype:trojan-activity;sid:84212933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.101.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349832/; classtype:trojan-activity;sid:84212932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.206.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349831/; classtype:trojan-activity;sid:84212931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.182.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349830/; classtype:trojan-activity;sid:84212930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.146.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349827/; classtype:trojan-activity;sid:84212927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.5.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349828/; classtype:trojan-activity;sid:84212928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.167.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349829/; classtype:trojan-activity;sid:84212929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349826/; classtype:trojan-activity;sid:84212926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.49.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349825/; classtype:trojan-activity;sid:84212925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.143.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349824/; classtype:trojan-activity;sid:84212924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.216.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349823/; classtype:trojan-activity;sid:84212923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349822/; classtype:trojan-activity;sid:84212922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.156.77.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349821/; classtype:trojan-activity;sid:84212921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.3.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349820/; classtype:trojan-activity;sid:84212920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.91.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349819/; classtype:trojan-activity;sid:84212919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.142.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349818/; classtype:trojan-activity;sid:84212918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.181.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349817/; classtype:trojan-activity;sid:84212917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.101.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349816/; classtype:trojan-activity;sid:84212916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.20.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349815/; classtype:trojan-activity;sid:84212915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.90.3.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349814/; classtype:trojan-activity;sid:84212914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.92.240.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349813/; classtype:trojan-activity;sid:84212913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.143.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349812/; classtype:trojan-activity;sid:84212912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.144.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349811/; classtype:trojan-activity;sid:84212911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.97.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349810/; classtype:trojan-activity;sid:84212910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.13.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349808/; classtype:trojan-activity;sid:84212908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.151.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349809/; classtype:trojan-activity;sid:84212909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.157.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349807/; classtype:trojan-activity;sid:84212907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.237.121.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349806/; classtype:trojan-activity;sid:84212906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.91.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349805/; classtype:trojan-activity;sid:84212905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.20.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349804/; classtype:trojan-activity;sid:84212904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.13.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349803/; classtype:trojan-activity;sid:84212903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.90.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349802/; classtype:trojan-activity;sid:84212902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.29.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349801/; classtype:trojan-activity;sid:84212901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.186.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349800/; classtype:trojan-activity;sid:84212900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.107.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349799/; classtype:trojan-activity;sid:84212899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349798/; classtype:trojan-activity;sid:84212898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.159.247.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349797/; classtype:trojan-activity;sid:84212897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.132.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349796/; classtype:trojan-activity;sid:84212896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349794/; classtype:trojan-activity;sid:84212894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.177.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349795/; classtype:trojan-activity;sid:84212895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.221.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349793/; classtype:trojan-activity;sid:84212893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349792/; classtype:trojan-activity;sid:84212892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.118.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349791/; classtype:trojan-activity;sid:84212891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.153.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349790/; classtype:trojan-activity;sid:84212890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.157.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349789/; classtype:trojan-activity;sid:84212889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.95.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349788/; classtype:trojan-activity;sid:84212888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.186.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349787/; classtype:trojan-activity;sid:84212887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.201.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349786/; classtype:trojan-activity;sid:84212886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.100.164.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349785/; classtype:trojan-activity;sid:84212885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.49.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349784/; classtype:trojan-activity;sid:84212884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.237.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349783/; classtype:trojan-activity;sid:84212883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349782/; classtype:trojan-activity;sid:84212882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.226.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349781/; classtype:trojan-activity;sid:84212881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349780/; classtype:trojan-activity;sid:84212880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.151.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349779/; classtype:trojan-activity;sid:84212879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.108.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349778/; classtype:trojan-activity;sid:84212878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.64.155.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349777/; classtype:trojan-activity;sid:84212877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.143.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349776/; classtype:trojan-activity;sid:84212876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.177.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349774/; classtype:trojan-activity;sid:84212874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349775)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.41.30.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349775/; classtype:trojan-activity;sid:84212875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.91.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349772/; classtype:trojan-activity;sid:84212872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349773/; classtype:trojan-activity;sid:84212873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.29.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349770/; classtype:trojan-activity;sid:84212870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.195.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349771/; classtype:trojan-activity;sid:84212871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.221.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349769/; classtype:trojan-activity;sid:84212869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.207.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349768/; classtype:trojan-activity;sid:84212868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.65.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349767/; classtype:trojan-activity;sid:84212867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.205.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349766/; classtype:trojan-activity;sid:84212866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.190.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349765/; classtype:trojan-activity;sid:84212865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349764/; classtype:trojan-activity;sid:84212864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349763/; classtype:trojan-activity;sid:84212863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.226.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349762/; classtype:trojan-activity;sid:84212862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.30.105"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349761/; classtype:trojan-activity;sid:84212861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.7.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349760/; classtype:trojan-activity;sid:84212860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.44.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349759/; classtype:trojan-activity;sid:84212859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.190.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349758/; classtype:trojan-activity;sid:84212858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.3.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349757/; classtype:trojan-activity;sid:84212857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.153.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349756/; classtype:trojan-activity;sid:84212856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349755)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"wcjp.riders.50kfor50years.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349755/; classtype:trojan-activity;sid:84212855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.67.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349754/; classtype:trojan-activity;sid:84212854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.142.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349753/; classtype:trojan-activity;sid:84212853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.161.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349751/; classtype:trojan-activity;sid:84212851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.64.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349752/; classtype:trojan-activity;sid:84212852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.230.160.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349749/; classtype:trojan-activity;sid:84212849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.170.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349750/; classtype:trojan-activity;sid:84212850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.207.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349748/; classtype:trojan-activity;sid:84212848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.212.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349747/; classtype:trojan-activity;sid:84212847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.244.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349746/; classtype:trojan-activity;sid:84212846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.45.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349745/; classtype:trojan-activity;sid:84212845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.213.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349744/; classtype:trojan-activity;sid:84212844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.91.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349742/; classtype:trojan-activity;sid:84212842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.90.3.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349743/; classtype:trojan-activity;sid:84212843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.205.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349741/; classtype:trojan-activity;sid:84212841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.8.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349740/; classtype:trojan-activity;sid:84212840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.207.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349739/; classtype:trojan-activity;sid:84212839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.108.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349738/; classtype:trojan-activity;sid:84212838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.119.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349737/; classtype:trojan-activity;sid:84212837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349736/; classtype:trojan-activity;sid:84212836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.146.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349735/; classtype:trojan-activity;sid:84212835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.75.33.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349734/; classtype:trojan-activity;sid:84212834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.132.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349733/; classtype:trojan-activity;sid:84212833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.132.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349732/; classtype:trojan-activity;sid:84212832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.161.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349731/; classtype:trojan-activity;sid:84212831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.23.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349730/; classtype:trojan-activity;sid:84212830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.64.155.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349729/; classtype:trojan-activity;sid:84212829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.212.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349728/; classtype:trojan-activity;sid:84212828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.21.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349727/; classtype:trojan-activity;sid:84212827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.241.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349726/; classtype:trojan-activity;sid:84212826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349724/; classtype:trojan-activity;sid:84212824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.187.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349725/; classtype:trojan-activity;sid:84212825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.248.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349723/; classtype:trojan-activity;sid:84212823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.177.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349721/; classtype:trojan-activity;sid:84212821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.11.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349722/; classtype:trojan-activity;sid:84212822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.122.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349720/; classtype:trojan-activity;sid:84212820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.119.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349719/; classtype:trojan-activity;sid:84212819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.75.33.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349718/; classtype:trojan-activity;sid:84212818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349716/; classtype:trojan-activity;sid:84212816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.86.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349717/; classtype:trojan-activity;sid:84212817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.252.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349715/; classtype:trojan-activity;sid:84212815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.170.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349714/; classtype:trojan-activity;sid:84212814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.90.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349713/; classtype:trojan-activity;sid:84212813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.40.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349712/; classtype:trojan-activity;sid:84212812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.171.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349709/; classtype:trojan-activity;sid:84212809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349710/; classtype:trojan-activity;sid:84212810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.64.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349711/; classtype:trojan-activity;sid:84212811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.165.26.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349708/; classtype:trojan-activity;sid:84212808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349707/; classtype:trojan-activity;sid:84212807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349706/; classtype:trojan-activity;sid:84212806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.30.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349705/; classtype:trojan-activity;sid:84212805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.104.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349704/; classtype:trojan-activity;sid:84212804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.198.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349703/; classtype:trojan-activity;sid:84212803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.252.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349702/; classtype:trojan-activity;sid:84212802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349700/; classtype:trojan-activity;sid:84212800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.26.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349701/; classtype:trojan-activity;sid:84212801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349699/; classtype:trojan-activity;sid:84212799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349698/; classtype:trojan-activity;sid:84212798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349697)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.236.244.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349697/; classtype:trojan-activity;sid:84212797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.184.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349696/; classtype:trojan-activity;sid:84212796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.39.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349695/; classtype:trojan-activity;sid:84212795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349694/; classtype:trojan-activity;sid:84212794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.172.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349693/; classtype:trojan-activity;sid:84212793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.60.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349691/; classtype:trojan-activity;sid:84212791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.215.74.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349692/; classtype:trojan-activity;sid:84212792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349690/; classtype:trojan-activity;sid:84212790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.96.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349689/; classtype:trojan-activity;sid:84212789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.76.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349688/; classtype:trojan-activity;sid:84212788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.80.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349687/; classtype:trojan-activity;sid:84212787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.147.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349685/; classtype:trojan-activity;sid:84212785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.163.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349686/; classtype:trojan-activity;sid:84212786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.254.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349683/; classtype:trojan-activity;sid:84212783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.126.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349684/; classtype:trojan-activity;sid:84212784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.197.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349682/; classtype:trojan-activity;sid:84212782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.48.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349681/; classtype:trojan-activity;sid:84212781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349680/; classtype:trojan-activity;sid:84212780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349679/; classtype:trojan-activity;sid:84212779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.184.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349677/; classtype:trojan-activity;sid:84212777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.11.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349678/; classtype:trojan-activity;sid:84212778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.198.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349676/; classtype:trojan-activity;sid:84212776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349675/; classtype:trojan-activity;sid:84212775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.225.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349674/; classtype:trojan-activity;sid:84212774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.44.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349673/; classtype:trojan-activity;sid:84212773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.124.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349672/; classtype:trojan-activity;sid:84212772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.180.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349671/; classtype:trojan-activity;sid:84212771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.181.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349670/; classtype:trojan-activity;sid:84212770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.119.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349668/; classtype:trojan-activity;sid:84212768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.194.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349669/; classtype:trojan-activity;sid:84212769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.76.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349667/; classtype:trojan-activity;sid:84212767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.147.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349666/; classtype:trojan-activity;sid:84212766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349665/; classtype:trojan-activity;sid:84212765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.96.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349664/; classtype:trojan-activity;sid:84212764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.244.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349663/; classtype:trojan-activity;sid:84212763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.60.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349662/; classtype:trojan-activity;sid:84212762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.175.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349661/; classtype:trojan-activity;sid:84212761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.237.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349660/; classtype:trojan-activity;sid:84212760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.215.74.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349659/; classtype:trojan-activity;sid:84212759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.48.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349658/; classtype:trojan-activity;sid:84212758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349657/; classtype:trojan-activity;sid:84212757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.63.106.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349656/; classtype:trojan-activity;sid:84212756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.86.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349655/; classtype:trojan-activity;sid:84212755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.162.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349654/; classtype:trojan-activity;sid:84212754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.232.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349653/; classtype:trojan-activity;sid:84212753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349652/; classtype:trojan-activity;sid:84212752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.64.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349651/; classtype:trojan-activity;sid:84212751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349649/; classtype:trojan-activity;sid:84212749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.41.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349650/; classtype:trojan-activity;sid:84212750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.122.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349648/; classtype:trojan-activity;sid:84212748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.170.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349647/; classtype:trojan-activity;sid:84212747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.226.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349646/; classtype:trojan-activity;sid:84212746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349645/; classtype:trojan-activity;sid:84212745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.38.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349644/; classtype:trojan-activity;sid:84212744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349643/; classtype:trojan-activity;sid:84212743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.73.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349642/; classtype:trojan-activity;sid:84212742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.117.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349641/; classtype:trojan-activity;sid:84212741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.175.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349640/; classtype:trojan-activity;sid:84212740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.125.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349639/; classtype:trojan-activity;sid:84212739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.63.106.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349638/; classtype:trojan-activity;sid:84212738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.47.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349637/; classtype:trojan-activity;sid:84212737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.134.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349636/; classtype:trojan-activity;sid:84212736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349635/; classtype:trojan-activity;sid:84212735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.248.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349634/; classtype:trojan-activity;sid:84212734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349633/; classtype:trojan-activity;sid:84212733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.14.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349632/; classtype:trojan-activity;sid:84212732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349631/; classtype:trojan-activity;sid:84212731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.148.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349629/; classtype:trojan-activity;sid:84212729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.180.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349630/; classtype:trojan-activity;sid:84212730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.29.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349628/; classtype:trojan-activity;sid:84212728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.225.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349627/; classtype:trojan-activity;sid:84212727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.104.169.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349626/; classtype:trojan-activity;sid:84212726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349625/; classtype:trojan-activity;sid:84212725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.207.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349624/; classtype:trojan-activity;sid:84212724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.117.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349623/; classtype:trojan-activity;sid:84212723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.207.137.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349622/; classtype:trojan-activity;sid:84212722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349621/; classtype:trojan-activity;sid:84212721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.195.182.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349620/; classtype:trojan-activity;sid:84212720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.79.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349619/; classtype:trojan-activity;sid:84212719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.225.163.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349617/; classtype:trojan-activity;sid:84212717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.170.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349618/; classtype:trojan-activity;sid:84212718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.148.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349616/; classtype:trojan-activity;sid:84212716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.227.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349615/; classtype:trojan-activity;sid:84212715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.111.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349614/; classtype:trojan-activity;sid:84212714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.64.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349613/; classtype:trojan-activity;sid:84212713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.152.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349612/; classtype:trojan-activity;sid:84212712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.212.176.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349611/; classtype:trojan-activity;sid:84212711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.230.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349610/; classtype:trojan-activity;sid:84212710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.203.225.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349609/; classtype:trojan-activity;sid:84212709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.50.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349608/; classtype:trojan-activity;sid:84212708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.199.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349607/; classtype:trojan-activity;sid:84212707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.107.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349606/; classtype:trojan-activity;sid:84212706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.145.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349605/; classtype:trojan-activity;sid:84212705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.65.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349604/; classtype:trojan-activity;sid:84212704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.207.137.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349603/; classtype:trojan-activity;sid:84212703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.225.163.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349602/; classtype:trojan-activity;sid:84212702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.56.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349601/; classtype:trojan-activity;sid:84212701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.123.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349600/; classtype:trojan-activity;sid:84212700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.79.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349599/; classtype:trojan-activity;sid:84212699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.121.0.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349596/; classtype:trojan-activity;sid:84212696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.236.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349597/; classtype:trojan-activity;sid:84212697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.170.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349598/; classtype:trojan-activity;sid:84212698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.227.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349595/; classtype:trojan-activity;sid:84212695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.141.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349594/; classtype:trojan-activity;sid:84212694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.225.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349593/; classtype:trojan-activity;sid:84212693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.185.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349591/; classtype:trojan-activity;sid:84212691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.183.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349592/; classtype:trojan-activity;sid:84212692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.56.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349590/; classtype:trojan-activity;sid:84212690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.34.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349588/; classtype:trojan-activity;sid:84212688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.92.221"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349589/; classtype:trojan-activity;sid:84212689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.47.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349587/; classtype:trojan-activity;sid:84212687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.50.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349586/; classtype:trojan-activity;sid:84212686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.134.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349585/; classtype:trojan-activity;sid:84212685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.145.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349584/; classtype:trojan-activity;sid:84212684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.196.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349583/; classtype:trojan-activity;sid:84212683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.65.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349582/; classtype:trojan-activity;sid:84212682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.97.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349581/; classtype:trojan-activity;sid:84212681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.61.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349580/; classtype:trojan-activity;sid:84212680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.118.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349579/; classtype:trojan-activity;sid:84212679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.105.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349578/; classtype:trojan-activity;sid:84212678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.224.84.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349577/; classtype:trojan-activity;sid:84212677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.236.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349576/; classtype:trojan-activity;sid:84212676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.47.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349574/; classtype:trojan-activity;sid:84212674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.205.166.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349575/; classtype:trojan-activity;sid:84212675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.54.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349572/; classtype:trojan-activity;sid:84212672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.141.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349573/; classtype:trojan-activity;sid:84212673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349570/; classtype:trojan-activity;sid:84212670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.18.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349571/; classtype:trojan-activity;sid:84212671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349569/; classtype:trojan-activity;sid:84212669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.241.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349567/; classtype:trojan-activity;sid:84212667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.27.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349568/; classtype:trojan-activity;sid:84212668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.34.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349565/; classtype:trojan-activity;sid:84212665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.215.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349566/; classtype:trojan-activity;sid:84212666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.253.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349564/; classtype:trojan-activity;sid:84212664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.96.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349563/; classtype:trojan-activity;sid:84212663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.193.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349562/; classtype:trojan-activity;sid:84212662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.24.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349561/; classtype:trojan-activity;sid:84212661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.180.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349560/; classtype:trojan-activity;sid:84212660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.70.185.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349559/; classtype:trojan-activity;sid:84212659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.41.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349558/; classtype:trojan-activity;sid:84212658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.39.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349557/; classtype:trojan-activity;sid:84212657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349556/; classtype:trojan-activity;sid:84212656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.174.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349555/; classtype:trojan-activity;sid:84212655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.12.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349554/; classtype:trojan-activity;sid:84212654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349553)"; flow:established,from_client; content:"GET"; http_method; content:"/make.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"menitalnewways.webredirect.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349553/; classtype:trojan-activity;sid:84212653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349552)"; flow:established,from_client; content:"GET"; http_method; content:"/make.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.202.35.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349552/; classtype:trojan-activity;sid:84212652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349551/; classtype:trojan-activity;sid:84212651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.47.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349549/; classtype:trojan-activity;sid:84212649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.253.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349550/; classtype:trojan-activity;sid:84212650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.71.61.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349548/; classtype:trojan-activity;sid:84212648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.151.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349547/; classtype:trojan-activity;sid:84212647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.97.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349545/; classtype:trojan-activity;sid:84212645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.11.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349546/; classtype:trojan-activity;sid:84212646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.243.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349544/; classtype:trojan-activity;sid:84212644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.63.86.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349543/; classtype:trojan-activity;sid:84212643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.199.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349542/; classtype:trojan-activity;sid:84212642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.210.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349541/; classtype:trojan-activity;sid:84212641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349540)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hbuv.riders.50kfor50years.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349540/; classtype:trojan-activity;sid:84212640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.105.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349539/; classtype:trojan-activity;sid:84212639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349538/; classtype:trojan-activity;sid:84212638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349532)"; flow:established,from_client; content:"GET"; http_method; content:"/no_dropper.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193-143-1-211.plesk.page"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349532/; classtype:trojan-activity;sid:84212632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349533)"; flow:established,from_client; content:"GET"; http_method; content:"/no_dropper.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"busy-clarke.193-143-1-211.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349533/; classtype:trojan-activity;sid:84212633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349534)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193-143-1-211.plesk.page"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349534/; classtype:trojan-activity;sid:84212634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349535)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"festive-chebyshev.193-143-1-211.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349535/; classtype:trojan-activity;sid:84212635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349536)"; flow:established,from_client; content:"GET"; http_method; content:"/no_dropper.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"festive-chebyshev.193-143-1-211.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349536/; classtype:trojan-activity;sid:84212636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349537)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"busy-clarke.193-143-1-211.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349537/; classtype:trojan-activity;sid:84212637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349530)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"great-keldysh.193-143-1-211.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349530/; classtype:trojan-activity;sid:84212630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349531)"; flow:established,from_client; content:"GET"; http_method; content:"/no_dropper.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"great-keldysh.193-143-1-211.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349531/; classtype:trojan-activity;sid:84212631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349529)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"clever-meitner.193-143-1-211.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349529/; classtype:trojan-activity;sid:84212629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349528)"; flow:established,from_client; content:"GET"; http_method; content:"/no_dropper.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"clever-meitner.193-143-1-211.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349528/; classtype:trojan-activity;sid:84212628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.153.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349527/; classtype:trojan-activity;sid:84212627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349526)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mta132.bentonwhite.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349526/; classtype:trojan-activity;sid:84212626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349524)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"com-animus.app"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349524/; classtype:trojan-activity;sid:84212624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349525)"; flow:established,from_client; content:"GET"; http_method; content:"/no_dropper.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mta132.bentonwhite.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349525/; classtype:trojan-activity;sid:84212625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349523)"; flow:established,from_client; content:"GET"; http_method; content:"/no_dropper.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mondiale-relaissupport.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349523/; classtype:trojan-activity;sid:84212623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349521)"; flow:established,from_client; content:"GET"; http_method; content:"/no_dropper.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"com-animus.app"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349521/; classtype:trojan-activity;sid:84212621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349522)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349522/; classtype:trojan-activity;sid:84212622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349520)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mondiale-relaissupport.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349520/; classtype:trojan-activity;sid:84212620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349519)"; flow:established,from_client; content:"GET"; http_method; content:"/no_dropper.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.143.1.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349519/; classtype:trojan-activity;sid:84212619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349518/; classtype:trojan-activity;sid:84212618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.221.45.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349516/; classtype:trojan-activity;sid:84212616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.191.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349517/; classtype:trojan-activity;sid:84212617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.150.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349515/; classtype:trojan-activity;sid:84212615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.18.129"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349514/; classtype:trojan-activity;sid:84212614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.199.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349513/; classtype:trojan-activity;sid:84212613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.59.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349512/; classtype:trojan-activity;sid:84212612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.150.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349511/; classtype:trojan-activity;sid:84212611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.56.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349508/; classtype:trojan-activity;sid:84212608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.61.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349509/; classtype:trojan-activity;sid:84212609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.171.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349510/; classtype:trojan-activity;sid:84212610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.180.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349507/; classtype:trojan-activity;sid:84212607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.11.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349506/; classtype:trojan-activity;sid:84212606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.192.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349505/; classtype:trojan-activity;sid:84212605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.225.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349504/; classtype:trojan-activity;sid:84212604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.243.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349503/; classtype:trojan-activity;sid:84212603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.157.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349501/; classtype:trojan-activity;sid:84212601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.100.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349502/; classtype:trojan-activity;sid:84212602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.124.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349500/; classtype:trojan-activity;sid:84212600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.248.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349499/; classtype:trojan-activity;sid:84212599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.118.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349498/; classtype:trojan-activity;sid:84212598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.78.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349495/; classtype:trojan-activity;sid:84212595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349496/; classtype:trojan-activity;sid:84212596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349497/; classtype:trojan-activity;sid:84212597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349493/; classtype:trojan-activity;sid:84212593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349494/; classtype:trojan-activity;sid:84212594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.223.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349492/; classtype:trojan-activity;sid:84212592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349491/; classtype:trojan-activity;sid:84212591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349488/; classtype:trojan-activity;sid:84212588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.77.74.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349489/; classtype:trojan-activity;sid:84212589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.171.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349490/; classtype:trojan-activity;sid:84212590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.27.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349487/; classtype:trojan-activity;sid:84212587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.240.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349486/; classtype:trojan-activity;sid:84212586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.3.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349485/; classtype:trojan-activity;sid:84212585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.56.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349484/; classtype:trojan-activity;sid:84212584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.237.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349483/; classtype:trojan-activity;sid:84212583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.136.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349482/; classtype:trojan-activity;sid:84212582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.99.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349481/; classtype:trojan-activity;sid:84212581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.224.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349480/; classtype:trojan-activity;sid:84212580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349479/; classtype:trojan-activity;sid:84212579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349477/; classtype:trojan-activity;sid:84212577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.224.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349478/; classtype:trojan-activity;sid:84212578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.66.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349475/; classtype:trojan-activity;sid:84212575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.61.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349476/; classtype:trojan-activity;sid:84212576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349474/; classtype:trojan-activity;sid:84212574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.123.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349473/; classtype:trojan-activity;sid:84212573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349472/; classtype:trojan-activity;sid:84212572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.211.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349471/; classtype:trojan-activity;sid:84212571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.195.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349470/; classtype:trojan-activity;sid:84212570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.66.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349469/; classtype:trojan-activity;sid:84212569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.104.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349468/; classtype:trojan-activity;sid:84212568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.255.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349467/; classtype:trojan-activity;sid:84212567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349466/; classtype:trojan-activity;sid:84212566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.170.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349465/; classtype:trojan-activity;sid:84212565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.195.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349464/; classtype:trojan-activity;sid:84212564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.124.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349463/; classtype:trojan-activity;sid:84212563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.74.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349462/; classtype:trojan-activity;sid:84212562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.136.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349461/; classtype:trojan-activity;sid:84212561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.240.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349460/; classtype:trojan-activity;sid:84212560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.96.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349458/; classtype:trojan-activity;sid:84212558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.225.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349459/; classtype:trojan-activity;sid:84212559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349457/; classtype:trojan-activity;sid:84212557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.15.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349456/; classtype:trojan-activity;sid:84212556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.72.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349455/; classtype:trojan-activity;sid:84212555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.66.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349454/; classtype:trojan-activity;sid:84212554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.255.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349453/; classtype:trojan-activity;sid:84212553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.211.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349452/; classtype:trojan-activity;sid:84212552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.2.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349451/; classtype:trojan-activity;sid:84212551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349450/; classtype:trojan-activity;sid:84212550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.32.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349449/; classtype:trojan-activity;sid:84212549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349448/; classtype:trojan-activity;sid:84212548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.112.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349447/; classtype:trojan-activity;sid:84212547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.193.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349446/; classtype:trojan-activity;sid:84212546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.72.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349445/; classtype:trojan-activity;sid:84212545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.15.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349444/; classtype:trojan-activity;sid:84212544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.197.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349443/; classtype:trojan-activity;sid:84212543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.131.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349442/; classtype:trojan-activity;sid:84212542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.224.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349441/; classtype:trojan-activity;sid:84212541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.76.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349440/; classtype:trojan-activity;sid:84212540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.57.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349438/; classtype:trojan-activity;sid:84212538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.25.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349439/; classtype:trojan-activity;sid:84212539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349437/; classtype:trojan-activity;sid:84212537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.207.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349435/; classtype:trojan-activity;sid:84212535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.150.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349436/; classtype:trojan-activity;sid:84212536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.186.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349434/; classtype:trojan-activity;sid:84212534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.235.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349433/; classtype:trojan-activity;sid:84212533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.87.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349432/; classtype:trojan-activity;sid:84212532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349431/; classtype:trojan-activity;sid:84212531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.109.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349430/; classtype:trojan-activity;sid:84212530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.193.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349429/; classtype:trojan-activity;sid:84212529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.201.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349428/; classtype:trojan-activity;sid:84212528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.76.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349427/; classtype:trojan-activity;sid:84212527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.33.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349426/; classtype:trojan-activity;sid:84212526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.195.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349425/; classtype:trojan-activity;sid:84212525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.215.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349424/; classtype:trojan-activity;sid:84212524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349423/; classtype:trojan-activity;sid:84212523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.23.157.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349422/; classtype:trojan-activity;sid:84212522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.233.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349421/; classtype:trojan-activity;sid:84212521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.131.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349420/; classtype:trojan-activity;sid:84212520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.20.189.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349419/; classtype:trojan-activity;sid:84212519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349418/; classtype:trojan-activity;sid:84212518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.81.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349417/; classtype:trojan-activity;sid:84212517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.146.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349416/; classtype:trojan-activity;sid:84212516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.109.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349415/; classtype:trojan-activity;sid:84212515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.57.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349414/; classtype:trojan-activity;sid:84212514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.201.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349413/; classtype:trojan-activity;sid:84212513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.2.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349412/; classtype:trojan-activity;sid:84212512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.246.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349411/; classtype:trojan-activity;sid:84212511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.114.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349410/; classtype:trojan-activity;sid:84212510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.118.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349409/; classtype:trojan-activity;sid:84212509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.195.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349408/; classtype:trojan-activity;sid:84212508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.195.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349407/; classtype:trojan-activity;sid:84212507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.208.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349406/; classtype:trojan-activity;sid:84212506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349405/; classtype:trojan-activity;sid:84212505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.121.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349404/; classtype:trojan-activity;sid:84212504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.81.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349402/; classtype:trojan-activity;sid:84212502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.146.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349403/; classtype:trojan-activity;sid:84212503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349401)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/puclhgu65e9r37o3vcp9m/yutighh.zip|3f|rlkey=csgz30n1xx1twdk9ue4m4p16s"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349401/; classtype:trojan-activity;sid:84212501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.61.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349400/; classtype:trojan-activity;sid:84212500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.15.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349399/; classtype:trojan-activity;sid:84212499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.118.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349396/; classtype:trojan-activity;sid:84212496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349395)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vhxhm.riders.50kfor50years.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349395/; classtype:trojan-activity;sid:84212495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.137.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349392/; classtype:trojan-activity;sid:84212492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.12.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349393/; classtype:trojan-activity;sid:84212493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.153.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349394/; classtype:trojan-activity;sid:84212494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.189.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349391/; classtype:trojan-activity;sid:84212491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349390/; classtype:trojan-activity;sid:84212490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.187.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349389/; classtype:trojan-activity;sid:84212489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349388/; classtype:trojan-activity;sid:84212488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349387/; classtype:trojan-activity;sid:84212487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.113.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349386/; classtype:trojan-activity;sid:84212486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.52.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349385/; classtype:trojan-activity;sid:84212485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.249.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349384/; classtype:trojan-activity;sid:84212484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.165.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349383/; classtype:trojan-activity;sid:84212483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.109.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349382/; classtype:trojan-activity;sid:84212482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349381/; classtype:trojan-activity;sid:84212481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.47.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349378/; classtype:trojan-activity;sid:84212478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.193.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349379/; classtype:trojan-activity;sid:84212479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349380/; classtype:trojan-activity;sid:84212480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.161.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349377/; classtype:trojan-activity;sid:84212477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.209.78.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349376/; classtype:trojan-activity;sid:84212476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.240.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349375/; classtype:trojan-activity;sid:84212475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.4.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349374/; classtype:trojan-activity;sid:84212474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349368/; classtype:trojan-activity;sid:84212468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.142.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349369/; classtype:trojan-activity;sid:84212469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349370/; classtype:trojan-activity;sid:84212470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349371/; classtype:trojan-activity;sid:84212471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.1.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349372/; classtype:trojan-activity;sid:84212472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.94.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349373/; classtype:trojan-activity;sid:84212473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.51.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349366/; classtype:trojan-activity;sid:84212466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349367/; classtype:trojan-activity;sid:84212467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.153.237.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349365/; classtype:trojan-activity;sid:84212465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.239.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349364/; classtype:trojan-activity;sid:84212464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.122.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349363/; classtype:trojan-activity;sid:84212463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349361/; classtype:trojan-activity;sid:84212461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349362/; classtype:trojan-activity;sid:84212462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.57.189.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349360/; classtype:trojan-activity;sid:84212460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.200.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349358/; classtype:trojan-activity;sid:84212458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.25.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349359/; classtype:trojan-activity;sid:84212459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349357/; classtype:trojan-activity;sid:84212457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.144.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349356/; classtype:trojan-activity;sid:84212456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.121.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349355/; classtype:trojan-activity;sid:84212455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.113.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349352/; classtype:trojan-activity;sid:84212452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349351)"; flow:established,from_client; content:"GET"; http_method; content:"/finaflow.pdf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.58.56.243"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349351/; classtype:trojan-activity;sid:84212451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.31.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349350/; classtype:trojan-activity;sid:84212450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.84.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349349/; classtype:trojan-activity;sid:84212449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.158.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349348/; classtype:trojan-activity;sid:84212448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.235.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349347/; classtype:trojan-activity;sid:84212447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.93.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349346/; classtype:trojan-activity;sid:84212446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.164.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349345/; classtype:trojan-activity;sid:84212445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349344)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/puclhgu65e9r37o3vcp9m/yutighh.zip|3f|rlkey=csgz30n1xx1twdk9ue4m4p16s|7c|26|7c|st=nll27ti7|7c|26|7c|dl=1"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349344/; classtype:trojan-activity;sid:84212444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.52.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349343/; classtype:trojan-activity;sid:84212443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.59.153.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349342/; classtype:trojan-activity;sid:84212442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.177.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349341/; classtype:trojan-activity;sid:84212441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349340/; classtype:trojan-activity;sid:84212440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349339/; classtype:trojan-activity;sid:84212439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.151.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349338/; classtype:trojan-activity;sid:84212438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.121.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349337/; classtype:trojan-activity;sid:84212437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.81.226.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349336/; classtype:trojan-activity;sid:84212436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.31.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349335/; classtype:trojan-activity;sid:84212435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.156.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349334/; classtype:trojan-activity;sid:84212434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.84.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349333/; classtype:trojan-activity;sid:84212433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.84.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349332/; classtype:trojan-activity;sid:84212432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.158.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349331/; classtype:trojan-activity;sid:84212431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.143.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349330/; classtype:trojan-activity;sid:84212430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349329/; classtype:trojan-activity;sid:84212429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.153.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349328/; classtype:trojan-activity;sid:84212428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.68.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349327/; classtype:trojan-activity;sid:84212427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.143.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349326/; classtype:trojan-activity;sid:84212426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.59.154.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349325/; classtype:trojan-activity;sid:84212425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.211.61.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349324/; classtype:trojan-activity;sid:84212424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.31.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349323/; classtype:trojan-activity;sid:84212423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.109.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349322/; classtype:trojan-activity;sid:84212422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.7.114"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349321/; classtype:trojan-activity;sid:84212421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349320/; classtype:trojan-activity;sid:84212420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.177.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349319/; classtype:trojan-activity;sid:84212419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349318/; classtype:trojan-activity;sid:84212418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.81.226.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349317/; classtype:trojan-activity;sid:84212417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.175.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349316/; classtype:trojan-activity;sid:84212416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.22.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349315/; classtype:trojan-activity;sid:84212415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.93.55.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349314/; classtype:trojan-activity;sid:84212414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349313)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.86.188"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349313/; classtype:trojan-activity;sid:84212413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349312/; classtype:trojan-activity;sid:84212412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.195.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349311/; classtype:trojan-activity;sid:84212411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349310/; classtype:trojan-activity;sid:84212410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.154.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349309/; classtype:trojan-activity;sid:84212409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.200.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349308/; classtype:trojan-activity;sid:84212408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.123.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349307/; classtype:trojan-activity;sid:84212407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.153.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349306/; classtype:trojan-activity;sid:84212406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.190.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349305/; classtype:trojan-activity;sid:84212405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.107.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349304/; classtype:trojan-activity;sid:84212404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349303/; classtype:trojan-activity;sid:84212403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.73.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349302/; classtype:trojan-activity;sid:84212402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349300/; classtype:trojan-activity;sid:84212400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.53.54.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349301/; classtype:trojan-activity;sid:84212401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.236.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349299/; classtype:trojan-activity;sid:84212399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.64.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349298/; classtype:trojan-activity;sid:84212398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.190.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349297/; classtype:trojan-activity;sid:84212397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.123.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349296/; classtype:trojan-activity;sid:84212396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.158.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349295/; classtype:trojan-activity;sid:84212395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.135.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349294/; classtype:trojan-activity;sid:84212394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.203.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349293/; classtype:trojan-activity;sid:84212393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.203.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349292/; classtype:trojan-activity;sid:84212392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349291/; classtype:trojan-activity;sid:84212391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.73.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349290/; classtype:trojan-activity;sid:84212390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.53.54.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349289/; classtype:trojan-activity;sid:84212389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.147.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349288/; classtype:trojan-activity;sid:84212388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349287/; classtype:trojan-activity;sid:84212387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.4.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349286/; classtype:trojan-activity;sid:84212386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.233.169.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349285/; classtype:trojan-activity;sid:84212385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.75.153.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349284/; classtype:trojan-activity;sid:84212384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.220.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349283/; classtype:trojan-activity;sid:84212383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.203.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349282/; classtype:trojan-activity;sid:84212382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.229.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349281/; classtype:trojan-activity;sid:84212381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.55.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349280/; classtype:trojan-activity;sid:84212380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.153.83.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349279/; classtype:trojan-activity;sid:84212379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.234.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349278/; classtype:trojan-activity;sid:84212378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.153.83.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349277/; classtype:trojan-activity;sid:84212377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.151.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349276/; classtype:trojan-activity;sid:84212376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349275/; classtype:trojan-activity;sid:84212375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.13.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349274/; classtype:trojan-activity;sid:84212374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.229.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349273/; classtype:trojan-activity;sid:84212373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349272/; classtype:trojan-activity;sid:84212372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.233.169.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349271/; classtype:trojan-activity;sid:84212371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.52.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349270/; classtype:trojan-activity;sid:84212370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349268/; classtype:trojan-activity;sid:84212368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.186.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349269/; classtype:trojan-activity;sid:84212369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.55.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349267/; classtype:trojan-activity;sid:84212367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.200.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349266/; classtype:trojan-activity;sid:84212366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.33.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349265/; classtype:trojan-activity;sid:84212365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.74.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349263/; classtype:trojan-activity;sid:84212363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.25.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349264/; classtype:trojan-activity;sid:84212364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.82.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349261/; classtype:trojan-activity;sid:84212361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.126.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349262/; classtype:trojan-activity;sid:84212362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.31.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349260/; classtype:trojan-activity;sid:84212360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.124.138.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349259/; classtype:trojan-activity;sid:84212359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.32.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349258/; classtype:trojan-activity;sid:84212358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.176.172.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349256/; classtype:trojan-activity;sid:84212356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.199.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349257/; classtype:trojan-activity;sid:84212357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.213.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349255/; classtype:trojan-activity;sid:84212355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.128.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349253/; classtype:trojan-activity;sid:84212353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.47.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349254/; classtype:trojan-activity;sid:84212354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.25.103.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349252/; classtype:trojan-activity;sid:84212352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.25.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349251/; classtype:trojan-activity;sid:84212351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.17.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349250/; classtype:trojan-activity;sid:84212350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.52.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349249/; classtype:trojan-activity;sid:84212349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.179.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349248/; classtype:trojan-activity;sid:84212348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349247)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/agchiki.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349247/; classtype:trojan-activity;sid:84212347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349246)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/dhomsjm.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349246/; classtype:trojan-activity;sid:84212346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.148.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349245/; classtype:trojan-activity;sid:84212345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.103.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349244/; classtype:trojan-activity;sid:84212344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.73.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349243/; classtype:trojan-activity;sid:84212343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.24.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349242/; classtype:trojan-activity;sid:84212342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.233.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349241/; classtype:trojan-activity;sid:84212341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.25.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349240/; classtype:trojan-activity;sid:84212340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.145.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349239/; classtype:trojan-activity;sid:84212339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349238/; classtype:trojan-activity;sid:84212338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.209.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349236/; classtype:trojan-activity;sid:84212336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.250.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349237/; classtype:trojan-activity;sid:84212337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349235)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349235/; classtype:trojan-activity;sid:84212335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349226)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349226/; classtype:trojan-activity;sid:84212326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349227)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349227/; classtype:trojan-activity;sid:84212327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349228)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349228/; classtype:trojan-activity;sid:84212328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349229)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349229/; classtype:trojan-activity;sid:84212329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349230)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349230/; classtype:trojan-activity;sid:84212330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349231)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349231/; classtype:trojan-activity;sid:84212331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349232)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349232/; classtype:trojan-activity;sid:84212332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349233)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349233/; classtype:trojan-activity;sid:84212333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349234)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349234/; classtype:trojan-activity;sid:84212334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349214)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349214/; classtype:trojan-activity;sid:84212314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349215)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349215/; classtype:trojan-activity;sid:84212315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349216)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349216/; classtype:trojan-activity;sid:84212316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349217)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349217/; classtype:trojan-activity;sid:84212317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349218)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349218/; classtype:trojan-activity;sid:84212318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349219)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349219/; classtype:trojan-activity;sid:84212319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349220)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349220/; classtype:trojan-activity;sid:84212320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349221)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349221/; classtype:trojan-activity;sid:84212321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349222)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349222/; classtype:trojan-activity;sid:84212322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349223)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349223/; classtype:trojan-activity;sid:84212323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349224)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349224/; classtype:trojan-activity;sid:84212324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349225)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"raw.igxhost.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349225/; classtype:trojan-activity;sid:84212325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.154.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349213/; classtype:trojan-activity;sid:84212313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.24.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349212/; classtype:trojan-activity;sid:84212312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.72.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349211/; classtype:trojan-activity;sid:84212311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349210/; classtype:trojan-activity;sid:84212310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.220.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349209/; classtype:trojan-activity;sid:84212309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349208/; classtype:trojan-activity;sid:84212308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.135.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349207/; classtype:trojan-activity;sid:84212307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.190.232.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349206/; classtype:trojan-activity;sid:84212306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.24.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349205/; classtype:trojan-activity;sid:84212305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.154.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349204/; classtype:trojan-activity;sid:84212304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.255.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349203/; classtype:trojan-activity;sid:84212303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.72.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349202/; classtype:trojan-activity;sid:84212302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.122.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349201/; classtype:trojan-activity;sid:84212301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.248.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349200/; classtype:trojan-activity;sid:84212300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.109.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349199/; classtype:trojan-activity;sid:84212299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.108.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349198/; classtype:trojan-activity;sid:84212298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349197/; classtype:trojan-activity;sid:84212297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.236.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349196/; classtype:trojan-activity;sid:84212296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349195)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.30.72.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349195/; classtype:trojan-activity;sid:84212295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349194/; classtype:trojan-activity;sid:84212294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.163.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349193/; classtype:trojan-activity;sid:84212293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.210.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349192/; classtype:trojan-activity;sid:84212292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.158.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349191/; classtype:trojan-activity;sid:84212291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.252.17.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349190/; classtype:trojan-activity;sid:84212290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.73.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349189/; classtype:trojan-activity;sid:84212289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349188/; classtype:trojan-activity;sid:84212288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.169.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349187/; classtype:trojan-activity;sid:84212287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.191.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349186/; classtype:trojan-activity;sid:84212286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.161.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349185/; classtype:trojan-activity;sid:84212285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349184/; classtype:trojan-activity;sid:84212284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.139.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349183/; classtype:trojan-activity;sid:84212283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.243.188.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349182/; classtype:trojan-activity;sid:84212282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.96.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349181/; classtype:trojan-activity;sid:84212281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.173.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349180/; classtype:trojan-activity;sid:84212280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.96.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349179/; classtype:trojan-activity;sid:84212279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.186.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349177/; classtype:trojan-activity;sid:84212277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349178/; classtype:trojan-activity;sid:84212278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.215.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349176/; classtype:trojan-activity;sid:84212276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.93.55.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349174/; classtype:trojan-activity;sid:84212274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.236.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349175/; classtype:trojan-activity;sid:84212275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.66.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349173/; classtype:trojan-activity;sid:84212273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.123.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349172/; classtype:trojan-activity;sid:84212272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.54.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349171/; classtype:trojan-activity;sid:84212271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.55.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349170/; classtype:trojan-activity;sid:84212270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.173.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349169/; classtype:trojan-activity;sid:84212269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.96.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349168/; classtype:trojan-activity;sid:84212268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349167/; classtype:trojan-activity;sid:84212267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.201.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349166/; classtype:trojan-activity;sid:84212266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.247.141.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349165/; classtype:trojan-activity;sid:84212265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349164)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.183.48.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349164/; classtype:trojan-activity;sid:84212264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.240.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349163/; classtype:trojan-activity;sid:84212263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.138.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349161/; classtype:trojan-activity;sid:84212261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.46.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349162/; classtype:trojan-activity;sid:84212262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.236.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349160/; classtype:trojan-activity;sid:84212260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349158)"; flow:established,from_client; content:"GET"; http_method; content:"/hk.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.123.85.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349158/; classtype:trojan-activity;sid:84212258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349159)"; flow:established,from_client; content:"GET"; http_method; content:"/hk.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349159/; classtype:trojan-activity;sid:84212259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349156)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349156/; classtype:trojan-activity;sid:84212256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349157)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349157/; classtype:trojan-activity;sid:84212257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349155)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349155/; classtype:trojan-activity;sid:84212255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.196.169.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349153/; classtype:trojan-activity;sid:84212253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349154)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349154/; classtype:trojan-activity;sid:84212254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349152)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349152/; classtype:trojan-activity;sid:84212252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.141.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349151/; classtype:trojan-activity;sid:84212251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349150)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349150/; classtype:trojan-activity;sid:84212250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.201.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349149/; classtype:trojan-activity;sid:84212249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.64.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349148/; classtype:trojan-activity;sid:84212248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.24.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349147/; classtype:trojan-activity;sid:84212247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.33.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349146/; classtype:trojan-activity;sid:84212246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.160.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349145/; classtype:trojan-activity;sid:84212245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.33.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349144/; classtype:trojan-activity;sid:84212244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.39.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349143/; classtype:trojan-activity;sid:84212243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.120.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349142/; classtype:trojan-activity;sid:84212242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349140)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349140/; classtype:trojan-activity;sid:84212240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349141)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349141/; classtype:trojan-activity;sid:84212241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349131)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349131/; classtype:trojan-activity;sid:84212231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349132)"; flow:established,from_client; content:"GET"; http_method; content:"/dc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349132/; classtype:trojan-activity;sid:84212232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349133)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349133/; classtype:trojan-activity;sid:84212233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349134)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349134/; classtype:trojan-activity;sid:84212234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349135)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349135/; classtype:trojan-activity;sid:84212235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349136)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349136/; classtype:trojan-activity;sid:84212236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349137)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349137/; classtype:trojan-activity;sid:84212237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349138)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349138/; classtype:trojan-activity;sid:84212238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349139)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349139/; classtype:trojan-activity;sid:84212239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349129)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349129/; classtype:trojan-activity;sid:84212229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349130)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"84.200.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349130/; classtype:trojan-activity;sid:84212230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.117.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349128/; classtype:trojan-activity;sid:84212228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.64.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349127/; classtype:trojan-activity;sid:84212227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349125)"; flow:established,from_client; content:"GET"; http_method; content:"/bot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.86.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349125/; classtype:trojan-activity;sid:84212225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349126)"; flow:established,from_client; content:"GET"; http_method; content:"/bot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"888online.asia"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349126/; classtype:trojan-activity;sid:84212226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.191.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349124/; classtype:trojan-activity;sid:84212224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.91.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349123/; classtype:trojan-activity;sid:84212223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.198.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349122/; classtype:trojan-activity;sid:84212222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349121/; classtype:trojan-activity;sid:84212221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.196.169.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349120/; classtype:trojan-activity;sid:84212220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.64.210"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349119/; classtype:trojan-activity;sid:84212219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.120.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349118/; classtype:trojan-activity;sid:84212218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.148.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349116/; classtype:trojan-activity;sid:84212216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.216.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349117/; classtype:trojan-activity;sid:84212217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.27.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349115/; classtype:trojan-activity;sid:84212215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.145.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349114/; classtype:trojan-activity;sid:84212214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.220.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349113/; classtype:trojan-activity;sid:84212213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349112/; classtype:trojan-activity;sid:84212212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.231.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349111/; classtype:trojan-activity;sid:84212211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.64.210"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349110/; classtype:trojan-activity;sid:84212210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.243.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349109/; classtype:trojan-activity;sid:84212209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.191.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349108/; classtype:trojan-activity;sid:84212208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.222.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349106/; classtype:trojan-activity;sid:84212206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.222.96.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349107/; classtype:trojan-activity;sid:84212207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.103.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349104/; classtype:trojan-activity;sid:84212204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.209.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349105/; classtype:trojan-activity;sid:84212205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.117.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349103/; classtype:trojan-activity;sid:84212203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.162.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349102/; classtype:trojan-activity;sid:84212202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.95.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349101/; classtype:trojan-activity;sid:84212201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.60.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349099/; classtype:trojan-activity;sid:84212199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.156.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349100/; classtype:trojan-activity;sid:84212200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.18.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349098/; classtype:trojan-activity;sid:84212198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349097)"; flow:established,from_client; content:"GET"; http_method; content:"/lordapanzro/vx_eft/releases/download/eft/eft_vx_full_2024.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349097/; classtype:trojan-activity;sid:84212197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.116.71.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349096/; classtype:trojan-activity;sid:84212196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.129.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349095/; classtype:trojan-activity;sid:84212195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.93.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349094/; classtype:trojan-activity;sid:84212194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.60.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349093/; classtype:trojan-activity;sid:84212193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.80.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349092/; classtype:trojan-activity;sid:84212192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.95.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349091/; classtype:trojan-activity;sid:84212191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349090/; classtype:trojan-activity;sid:84212190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.100.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349089/; classtype:trojan-activity;sid:84212189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.116.71.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349088/; classtype:trojan-activity;sid:84212188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.156.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349087/; classtype:trojan-activity;sid:84212187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.161.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349086/; classtype:trojan-activity;sid:84212186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.173.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349085/; classtype:trojan-activity;sid:84212185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349084)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.31.47.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349084/; classtype:trojan-activity;sid:84212184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lespim"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.86.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349083/; classtype:trojan-activity;sid:84212183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k86m"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.86.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349081/; classtype:trojan-activity;sid:84212181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spim"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.86.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349082/; classtype:trojan-activity;sid:84212182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349078)"; flow:established,from_client; content:"GET"; http_method; content:"/spim"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.86.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349078/; classtype:trojan-activity;sid:84212178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/686i"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.86.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349079/; classtype:trojan-activity;sid:84212179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.86.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349080/; classtype:trojan-activity;sid:84212180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.100.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349077/; classtype:trojan-activity;sid:84212177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349075)"; flow:established,from_client; content:"GET"; http_method; content:"/exgdhfyjhydsfjhysdgjf/styhagdhgttjwtqwrgwerwg/docjfsdfkndsjghdskfgsdfjghg/sfbuild.doc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"stipamana.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349075/; classtype:trojan-activity;sid:84212175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349076)"; flow:established,from_client; content:"GET"; http_method; content:"/exgdhfyjhydsfjhysdgjf/styhagdhgttjwtqwrgwerwg/docjfsdfkndsjghdskfgsdfjghg/sfbuild.doc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"stipamana.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349076/; classtype:trojan-activity;sid:84212176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349073)"; flow:established,from_client; content:"GET"; http_method; content:"/exgdhfyjhydsfjhysdgjf/styhagdhgttjwtqwrgwerwg/docjfsdfkndsjghdskfgsdfjghg/sfbuild.doc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.stipamana.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349073/; classtype:trojan-activity;sid:84212173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349074)"; flow:established,from_client; content:"GET"; http_method; content:"/exgdhfyjhydsfjhysdgjf/styhagdhgttjwtqwrgwerwg/docjfsdfkndsjghdskfgsdfjghg/sfbuild.doc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.121.86.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349074/; classtype:trojan-activity;sid:84212174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349072)"; flow:established,from_client; content:"GET"; http_method; content:"/exgdhfyjhydsfjhysdgjf/styhagdhgttjwtqwrgwerwg/vbsfjzbdkjsbgfzskldfbgs/cfhxdfhgjsxgfhxz.vbs"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"www.stipamana.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349072/; classtype:trojan-activity;sid:84212172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349069)"; flow:established,from_client; content:"GET"; http_method; content:"/exgdhfyjhydsfjhysdgjf/styhagdhgttjwtqwrgwerwg/vbsfjzbdkjsbgfzskldfbgs/cfhxdfhgjsxgfhxz.vbs"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.121.86.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349069/; classtype:trojan-activity;sid:84212169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349070)"; flow:established,from_client; content:"GET"; http_method; content:"/exgdhfyjhydsfjhysdgjf/styhagdhgttjwtqwrgwerwg/vbsfjzbdkjsbgfzskldfbgs/cfhxdfhgjsxgfhxz.vbs"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"stipamana.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349070/; classtype:trojan-activity;sid:84212170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349071)"; flow:established,from_client; content:"GET"; http_method; content:"/exgdhfyjhydsfjhysdgjf/styhagdhgttjwtqwrgwerwg/vbsfjzbdkjsbgfzskldfbgs/cfhxdfhgjsxgfhxz.vbs"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"stipamana.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349071/; classtype:trojan-activity;sid:84212171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.121.3.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349068/; classtype:trojan-activity;sid:84212168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349067)"; flow:established,from_client; content:"GET"; http_method; content:"/exgdhfyjhydsfjhysdgjf/styhagdhgttjwtqwrgwerwg/docjfsdfkndsjghdskfgsdfjghg/sfbuild.doc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.stipamana.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349067/; classtype:trojan-activity;sid:84212167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349066/; classtype:trojan-activity;sid:84212166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.31.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349065/; classtype:trojan-activity;sid:84212165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.81.131.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349064/; classtype:trojan-activity;sid:84212164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349063)"; flow:established,from_client; content:"GET"; http_method; content:"/dzakc3wag/raw/upload/v1734112417/uploaded_textfile"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349063/; classtype:trojan-activity;sid:84212163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349062)"; flow:established,from_client; content:"GET"; http_method; content:"/exgdhfyjhydsfjhysdgjf/styhagdhgttjwtqwrgwerwg/vbsfjzbdkjsbgfzskldfbgs/cfhxdfhgjsxgfhxz.vbs"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"www.stipamana.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349062/; classtype:trojan-activity;sid:84212162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349061)"; flow:established,from_client; content:"GET"; http_method; content:"/stelin/gosjeufon.cpl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"kiltone.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349061/; classtype:trojan-activity;sid:84212161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349060)"; flow:established,from_client; content:"GET"; http_method; content:"/stelin/rwcla.cpl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kiltone.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349060/; classtype:trojan-activity;sid:84212160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.174.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349059/; classtype:trojan-activity;sid:84212159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.9.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349057/; classtype:trojan-activity;sid:84212157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.4.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349058/; classtype:trojan-activity;sid:84212158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.30.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349056/; classtype:trojan-activity;sid:84212156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349055/; classtype:trojan-activity;sid:84212155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.10.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349053/; classtype:trojan-activity;sid:84212153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349054/; classtype:trojan-activity;sid:84212154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.174.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349052/; classtype:trojan-activity;sid:84212152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.40.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349051/; classtype:trojan-activity;sid:84212151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349050/; classtype:trojan-activity;sid:84212150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.53.7.45"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349049/; classtype:trojan-activity;sid:84212149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.8.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349048/; classtype:trojan-activity;sid:84212148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.235.238.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349047/; classtype:trojan-activity;sid:84212147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.241.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349046/; classtype:trojan-activity;sid:84212146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349040/; classtype:trojan-activity;sid:84212140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.51.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349041/; classtype:trojan-activity;sid:84212141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.113.101.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349042/; classtype:trojan-activity;sid:84212142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349043/; classtype:trojan-activity;sid:84212143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.138.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349044/; classtype:trojan-activity;sid:84212144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.231.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349045/; classtype:trojan-activity;sid:84212145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349039/; classtype:trojan-activity;sid:84212139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349038/; classtype:trojan-activity;sid:84212138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.72.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349037/; classtype:trojan-activity;sid:84212137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.107.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349036/; classtype:trojan-activity;sid:84212136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.147.241.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349035/; classtype:trojan-activity;sid:84212135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.50.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349033/; classtype:trojan-activity;sid:84212133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349034/; classtype:trojan-activity;sid:84212134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.110.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349032/; classtype:trojan-activity;sid:84212132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349031/; classtype:trojan-activity;sid:84212131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.48.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349030/; classtype:trojan-activity;sid:84212130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.240.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349029/; classtype:trojan-activity;sid:84212129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.53.7.45"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349028/; classtype:trojan-activity;sid:84212128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.226.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349027/; classtype:trojan-activity;sid:84212127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.181.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349026/; classtype:trojan-activity;sid:84212126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349025/; classtype:trojan-activity;sid:84212125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.115.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349024/; classtype:trojan-activity;sid:84212124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.156.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349023/; classtype:trojan-activity;sid:84212123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.84.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349022/; classtype:trojan-activity;sid:84212122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.102.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349019/; classtype:trojan-activity;sid:84212119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.97.158"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349020/; classtype:trojan-activity;sid:84212120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349021)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.97.243.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349021/; classtype:trojan-activity;sid:84212121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.74.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349017/; classtype:trojan-activity;sid:84212117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.222.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349018/; classtype:trojan-activity;sid:84212118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.0.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349016/; classtype:trojan-activity;sid:84212116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.156.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349015/; classtype:trojan-activity;sid:84212115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.216.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349014/; classtype:trojan-activity;sid:84212114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349013/; classtype:trojan-activity;sid:84212113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.208.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349012/; classtype:trojan-activity;sid:84212112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.59.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349011/; classtype:trojan-activity;sid:84212111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.107.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349010/; classtype:trojan-activity;sid:84212110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.236.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349009/; classtype:trojan-activity;sid:84212109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.84.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349008/; classtype:trojan-activity;sid:84212108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.216.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349007/; classtype:trojan-activity;sid:84212107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.254.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349006/; classtype:trojan-activity;sid:84212106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.0.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349005/; classtype:trojan-activity;sid:84212105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.33.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349004/; classtype:trojan-activity;sid:84212104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.231.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349003/; classtype:trojan-activity;sid:84212103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.81.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349002/; classtype:trojan-activity;sid:84212102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.148.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349001/; classtype:trojan-activity;sid:84212101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349000)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.m68"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349000/; classtype:trojan-activity;sid:84212100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.66.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348999/; classtype:trojan-activity;sid:84212099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348994)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4t"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348994/; classtype:trojan-activity;sid:84212094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348995)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348995/; classtype:trojan-activity;sid:84212095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348996)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348996/; classtype:trojan-activity;sid:84212096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348997)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348997/; classtype:trojan-activity;sid:84212097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348998)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348998/; classtype:trojan-activity;sid:84212098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348992)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348992/; classtype:trojan-activity;sid:84212092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348993)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348993/; classtype:trojan-activity;sid:84212093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348988)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348988/; classtype:trojan-activity;sid:84212088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348989)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348989/; classtype:trojan-activity;sid:84212089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348990/; classtype:trojan-activity;sid:84212090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348991)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348991/; classtype:trojan-activity;sid:84212091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348987)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348987/; classtype:trojan-activity;sid:84212087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.222.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348985/; classtype:trojan-activity;sid:84212085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.33.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348984/; classtype:trojan-activity;sid:84212084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.8.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348983/; classtype:trojan-activity;sid:84212083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.120.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348982/; classtype:trojan-activity;sid:84212082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.84.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348981/; classtype:trojan-activity;sid:84212081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.0.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348980/; classtype:trojan-activity;sid:84212080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.11.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348979/; classtype:trojan-activity;sid:84212079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348978/; classtype:trojan-activity;sid:84212078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.230.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348977/; classtype:trojan-activity;sid:84212077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.185.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348976/; classtype:trojan-activity;sid:84212076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348975/; classtype:trojan-activity;sid:84212075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348974/; classtype:trojan-activity;sid:84212074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348973/; classtype:trojan-activity;sid:84212073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.32.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348972/; classtype:trojan-activity;sid:84212072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.162.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348971/; classtype:trojan-activity;sid:84212071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348970/; classtype:trojan-activity;sid:84212070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.246.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348969/; classtype:trojan-activity;sid:84212069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.148.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348968/; classtype:trojan-activity;sid:84212068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.54.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348967/; classtype:trojan-activity;sid:84212067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.38.183.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348966/; classtype:trojan-activity;sid:84212066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.246.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348965/; classtype:trojan-activity;sid:84212065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.107.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348963/; classtype:trojan-activity;sid:84212063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.35.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348964/; classtype:trojan-activity;sid:84212064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.191.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348962/; classtype:trojan-activity;sid:84212062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.227.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348961/; classtype:trojan-activity;sid:84212061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.36.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348960/; classtype:trojan-activity;sid:84212060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348959)"; flow:established,from_client; content:"GET"; http_method; content:"/dhwiafiw1210/googlef_setups_vvindow_64.12.10.32.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"jbleawe56545w.oss-ap-northeast-2.aliyuncs.com"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348959/; classtype:trojan-activity;sid:84212059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.248.123.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348958/; classtype:trojan-activity;sid:84212058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.166.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348957/; classtype:trojan-activity;sid:84212057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348955/; classtype:trojan-activity;sid:84212055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348956/; classtype:trojan-activity;sid:84212056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.234.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348954/; classtype:trojan-activity;sid:84212054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.50.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348953/; classtype:trojan-activity;sid:84212053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.32.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348952/; classtype:trojan-activity;sid:84212052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348951/; classtype:trojan-activity;sid:84212051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.106.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348950/; classtype:trojan-activity;sid:84212050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.235.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348949/; classtype:trojan-activity;sid:84212049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.234.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348948/; classtype:trojan-activity;sid:84212048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.231.203.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348947/; classtype:trojan-activity;sid:84212047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.35.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348946/; classtype:trojan-activity;sid:84212046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.235.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348945/; classtype:trojan-activity;sid:84212045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.161.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348944/; classtype:trojan-activity;sid:84212044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.174.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348943/; classtype:trojan-activity;sid:84212043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.248.123.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348942/; classtype:trojan-activity;sid:84212042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348941/; classtype:trojan-activity;sid:84212041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.54.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348940/; classtype:trojan-activity;sid:84212040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348939/; classtype:trojan-activity;sid:84212039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.204.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348938/; classtype:trojan-activity;sid:84212038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.206.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348937/; classtype:trojan-activity;sid:84212037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.117.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348936/; classtype:trojan-activity;sid:84212036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.39.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348935/; classtype:trojan-activity;sid:84212035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.105.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348934/; classtype:trojan-activity;sid:84212034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348933/; classtype:trojan-activity;sid:84212033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348932/; classtype:trojan-activity;sid:84212032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348931/; classtype:trojan-activity;sid:84212031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.7.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348930/; classtype:trojan-activity;sid:84212030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.164.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348929/; classtype:trojan-activity;sid:84212029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.223.145.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348927/; classtype:trojan-activity;sid:84212027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.64.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348928/; classtype:trojan-activity;sid:84212028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.54.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348926/; classtype:trojan-activity;sid:84212026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348925/; classtype:trojan-activity;sid:84212025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.43.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348924/; classtype:trojan-activity;sid:84212024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.2.94.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348923/; classtype:trojan-activity;sid:84212023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.174.202.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348921/; classtype:trojan-activity;sid:84212021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.138.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348922/; classtype:trojan-activity;sid:84212022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348920/; classtype:trojan-activity;sid:84212020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.3.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348919/; classtype:trojan-activity;sid:84212019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.35.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348918/; classtype:trojan-activity;sid:84212018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.213.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348917/; classtype:trojan-activity;sid:84212017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.39.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348916/; classtype:trojan-activity;sid:84212016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.206.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348915/; classtype:trojan-activity;sid:84212015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.115.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348914/; classtype:trojan-activity;sid:84212014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348913/; classtype:trojan-activity;sid:84212013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.83.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348912/; classtype:trojan-activity;sid:84212012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.203.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348911/; classtype:trojan-activity;sid:84212011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348910/; classtype:trojan-activity;sid:84212010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.96.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348909/; classtype:trojan-activity;sid:84212009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.87.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348908/; classtype:trojan-activity;sid:84212008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348907/; classtype:trojan-activity;sid:84212007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.223.145.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348906/; classtype:trojan-activity;sid:84212006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.57.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348905/; classtype:trojan-activity;sid:84212005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.3.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348904/; classtype:trojan-activity;sid:84212004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348903/; classtype:trojan-activity;sid:84212003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348902/; classtype:trojan-activity;sid:84212002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.58.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348901/; classtype:trojan-activity;sid:84212001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.196.169.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348900/; classtype:trojan-activity;sid:84212000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.30.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348899/; classtype:trojan-activity;sid:84211999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.187.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348898/; classtype:trojan-activity;sid:84211998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.66.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348897/; classtype:trojan-activity;sid:84211997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.58.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348896/; classtype:trojan-activity;sid:84211996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.142.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348894/; classtype:trojan-activity;sid:84211994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.163.185.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348895/; classtype:trojan-activity;sid:84211995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.96.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348893/; classtype:trojan-activity;sid:84211993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.3.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348892/; classtype:trojan-activity;sid:84211992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.169.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348891/; classtype:trojan-activity;sid:84211991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.85.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348890/; classtype:trojan-activity;sid:84211990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.58.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348889/; classtype:trojan-activity;sid:84211989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.169.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348888/; classtype:trojan-activity;sid:84211988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.196.169.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348887/; classtype:trojan-activity;sid:84211987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.113.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348886/; classtype:trojan-activity;sid:84211986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.30.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348885/; classtype:trojan-activity;sid:84211985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.161.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348884/; classtype:trojan-activity;sid:84211984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.210.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348883/; classtype:trojan-activity;sid:84211983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.161.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348882/; classtype:trojan-activity;sid:84211982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.115.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348881/; classtype:trojan-activity;sid:84211981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.234.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348880/; classtype:trojan-activity;sid:84211980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.2.55.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348879/; classtype:trojan-activity;sid:84211979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.24.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348878/; classtype:trojan-activity;sid:84211978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348877/; classtype:trojan-activity;sid:84211977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.152.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348876/; classtype:trojan-activity;sid:84211976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.177.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348875/; classtype:trojan-activity;sid:84211975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348874)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"yxf.riders.50kfor50years.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348874/; classtype:trojan-activity;sid:84211974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.136.88.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348873/; classtype:trojan-activity;sid:84211973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.207.39.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348872/; classtype:trojan-activity;sid:84211972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.193.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348870/; classtype:trojan-activity;sid:84211970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348871/; classtype:trojan-activity;sid:84211971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.158.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348869/; classtype:trojan-activity;sid:84211969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.36.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348868/; classtype:trojan-activity;sid:84211968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.47.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348867/; classtype:trojan-activity;sid:84211967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.254.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348865/; classtype:trojan-activity;sid:84211965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.152.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348866/; classtype:trojan-activity;sid:84211966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348864/; classtype:trojan-activity;sid:84211964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.40.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348863/; classtype:trojan-activity;sid:84211963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.173.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348862/; classtype:trojan-activity;sid:84211962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.34.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348860/; classtype:trojan-activity;sid:84211960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.209.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348861/; classtype:trojan-activity;sid:84211961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.59.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348859/; classtype:trojan-activity;sid:84211959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.55.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348858/; classtype:trojan-activity;sid:84211958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.205.55.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348857/; classtype:trojan-activity;sid:84211957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.224.75.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348856/; classtype:trojan-activity;sid:84211956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.81.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348855/; classtype:trojan-activity;sid:84211955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.55.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348854/; classtype:trojan-activity;sid:84211954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.241.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348853/; classtype:trojan-activity;sid:84211953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.95.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348852/; classtype:trojan-activity;sid:84211952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.177.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348851/; classtype:trojan-activity;sid:84211951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.59.80.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348850/; classtype:trojan-activity;sid:84211950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.225.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348849/; classtype:trojan-activity;sid:84211949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.207.39.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348848/; classtype:trojan-activity;sid:84211948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.95.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348847/; classtype:trojan-activity;sid:84211947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.158.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348846/; classtype:trojan-activity;sid:84211946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.3.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348845/; classtype:trojan-activity;sid:84211945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348844/; classtype:trojan-activity;sid:84211944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.229.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348843/; classtype:trojan-activity;sid:84211943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.128.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348842/; classtype:trojan-activity;sid:84211942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348841/; classtype:trojan-activity;sid:84211941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.164.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348840/; classtype:trojan-activity;sid:84211940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.47.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348839/; classtype:trojan-activity;sid:84211939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.25.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348838/; classtype:trojan-activity;sid:84211938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348837/; classtype:trojan-activity;sid:84211937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348835/; classtype:trojan-activity;sid:84211935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348836/; classtype:trojan-activity;sid:84211936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.138.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348834/; classtype:trojan-activity;sid:84211934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348833/; classtype:trojan-activity;sid:84211933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.208.97.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348832/; classtype:trojan-activity;sid:84211932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.2.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348830/; classtype:trojan-activity;sid:84211930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.164.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348831/; classtype:trojan-activity;sid:84211931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.56.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348828/; classtype:trojan-activity;sid:84211928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.241.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348829/; classtype:trojan-activity;sid:84211929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.13.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348827/; classtype:trojan-activity;sid:84211927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348825/; classtype:trojan-activity;sid:84211925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.95.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348826/; classtype:trojan-activity;sid:84211926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.215.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348824/; classtype:trojan-activity;sid:84211924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.186.52.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348823/; classtype:trojan-activity;sid:84211923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.94.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348822/; classtype:trojan-activity;sid:84211922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.182.134.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348821/; classtype:trojan-activity;sid:84211921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.6.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348820/; classtype:trojan-activity;sid:84211920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.90.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348819/; classtype:trojan-activity;sid:84211919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348818/; classtype:trojan-activity;sid:84211918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.7.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348817/; classtype:trojan-activity;sid:84211917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.173.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348816/; classtype:trojan-activity;sid:84211916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.23.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348815/; classtype:trojan-activity;sid:84211915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.13.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348814/; classtype:trojan-activity;sid:84211914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.129.173.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348812/; classtype:trojan-activity;sid:84211912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.107.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348813/; classtype:trojan-activity;sid:84211913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.227.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348811/; classtype:trojan-activity;sid:84211911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.56.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348810/; classtype:trojan-activity;sid:84211910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.107.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348809/; classtype:trojan-activity;sid:84211909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.215.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348808/; classtype:trojan-activity;sid:84211908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.82.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348806/; classtype:trojan-activity;sid:84211906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.6.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348807/; classtype:trojan-activity;sid:84211907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.42.19.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348805/; classtype:trojan-activity;sid:84211905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.237.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348804/; classtype:trojan-activity;sid:84211904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348803/; classtype:trojan-activity;sid:84211903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.255.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348802/; classtype:trojan-activity;sid:84211902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.233.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348801/; classtype:trojan-activity;sid:84211901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.42.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348800/; classtype:trojan-activity;sid:84211900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348799/; classtype:trojan-activity;sid:84211899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.112.100.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348798/; classtype:trojan-activity;sid:84211898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.58.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348797/; classtype:trojan-activity;sid:84211897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.186.52.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348796/; classtype:trojan-activity;sid:84211896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.213.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348795/; classtype:trojan-activity;sid:84211895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.222.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348794/; classtype:trojan-activity;sid:84211894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.141.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348793/; classtype:trojan-activity;sid:84211893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.107.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348792/; classtype:trojan-activity;sid:84211892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.182.134.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348791/; classtype:trojan-activity;sid:84211891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348790/; classtype:trojan-activity;sid:84211890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348789/; classtype:trojan-activity;sid:84211889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.237.121.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348788/; classtype:trojan-activity;sid:84211888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.129.173.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348787/; classtype:trojan-activity;sid:84211887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.3.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348786/; classtype:trojan-activity;sid:84211886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.85.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348784/; classtype:trojan-activity;sid:84211884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.198.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348785/; classtype:trojan-activity;sid:84211885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.58.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348782/; classtype:trojan-activity;sid:84211882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348783/; classtype:trojan-activity;sid:84211883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.213.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348780/; classtype:trojan-activity;sid:84211880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.42.19.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348781/; classtype:trojan-activity;sid:84211881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.175.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348779/; classtype:trojan-activity;sid:84211879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.59.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348778/; classtype:trojan-activity;sid:84211878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.157.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348777/; classtype:trojan-activity;sid:84211877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348776/; classtype:trojan-activity;sid:84211876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.198.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348775/; classtype:trojan-activity;sid:84211875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.194.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348772/; classtype:trojan-activity;sid:84211872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.184.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348773/; classtype:trojan-activity;sid:84211873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.222.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348774/; classtype:trojan-activity;sid:84211874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.3.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348771/; classtype:trojan-activity;sid:84211871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348770/; classtype:trojan-activity;sid:84211870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.222.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348769/; classtype:trojan-activity;sid:84211869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348768/; classtype:trojan-activity;sid:84211868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.255.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348767/; classtype:trojan-activity;sid:84211867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.4.45.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348766/; classtype:trojan-activity;sid:84211866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.168.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348765/; classtype:trojan-activity;sid:84211865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.107.15.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348764/; classtype:trojan-activity;sid:84211864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.185.223.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348763/; classtype:trojan-activity;sid:84211863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.22.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348762/; classtype:trojan-activity;sid:84211862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348761/; classtype:trojan-activity;sid:84211861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.94.154.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348760/; classtype:trojan-activity;sid:84211860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.122.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348759/; classtype:trojan-activity;sid:84211859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348758/; classtype:trojan-activity;sid:84211858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.73.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348757/; classtype:trojan-activity;sid:84211857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348756/; classtype:trojan-activity;sid:84211856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.184.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348755/; classtype:trojan-activity;sid:84211855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.12.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348754/; classtype:trojan-activity;sid:84211854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.15.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348753/; classtype:trojan-activity;sid:84211853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.76.166.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348752/; classtype:trojan-activity;sid:84211852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.234.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348751/; classtype:trojan-activity;sid:84211851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.36.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348750/; classtype:trojan-activity;sid:84211850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.172.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348749/; classtype:trojan-activity;sid:84211849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348748/; classtype:trojan-activity;sid:84211848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.79.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348747/; classtype:trojan-activity;sid:84211847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.87.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348746/; classtype:trojan-activity;sid:84211846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348745/; classtype:trojan-activity;sid:84211845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.29.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348744/; classtype:trojan-activity;sid:84211844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.159.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348743/; classtype:trojan-activity;sid:84211843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.185.223.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348742/; classtype:trojan-activity;sid:84211842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.132.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348741/; classtype:trojan-activity;sid:84211841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348740/; classtype:trojan-activity;sid:84211840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.197.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348738/; classtype:trojan-activity;sid:84211838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.27.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348739/; classtype:trojan-activity;sid:84211839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.246.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348737/; classtype:trojan-activity;sid:84211837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.12.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348736/; classtype:trojan-activity;sid:84211836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.29.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348735/; classtype:trojan-activity;sid:84211835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.76.166.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348733/; classtype:trojan-activity;sid:84211833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.172.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348734/; classtype:trojan-activity;sid:84211834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.191.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348732/; classtype:trojan-activity;sid:84211832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.159.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348731/; classtype:trojan-activity;sid:84211831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.64.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348730/; classtype:trojan-activity;sid:84211830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.132.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348729/; classtype:trojan-activity;sid:84211829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.197.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348728/; classtype:trojan-activity;sid:84211828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.154.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348727/; classtype:trojan-activity;sid:84211827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348726/; classtype:trojan-activity;sid:84211826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348725/; classtype:trojan-activity;sid:84211825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348724/; classtype:trojan-activity;sid:84211824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.9.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348722/; classtype:trojan-activity;sid:84211822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.157.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348723/; classtype:trojan-activity;sid:84211823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.180.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348721/; classtype:trojan-activity;sid:84211821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.48.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348718/; classtype:trojan-activity;sid:84211818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.200.168.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348719/; classtype:trojan-activity;sid:84211819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.245.39.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348720/; classtype:trojan-activity;sid:84211820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348717)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348717/; classtype:trojan-activity;sid:84211817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348705)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348705/; classtype:trojan-activity;sid:84211805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348706)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348706/; classtype:trojan-activity;sid:84211806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348707)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348707/; classtype:trojan-activity;sid:84211807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348708)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348708/; classtype:trojan-activity;sid:84211808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348709)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348709/; classtype:trojan-activity;sid:84211809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348710)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348710/; classtype:trojan-activity;sid:84211810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348711)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348711/; classtype:trojan-activity;sid:84211811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348712)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348712/; classtype:trojan-activity;sid:84211812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348713)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348713/; classtype:trojan-activity;sid:84211813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348714)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348714/; classtype:trojan-activity;sid:84211814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348715)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348715/; classtype:trojan-activity;sid:84211815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348716)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.123.181.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348716/; classtype:trojan-activity;sid:84211816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.9.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348704/; classtype:trojan-activity;sid:84211804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.89.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348703/; classtype:trojan-activity;sid:84211803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.91.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348702/; classtype:trojan-activity;sid:84211802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.141.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348701/; classtype:trojan-activity;sid:84211801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348700/; classtype:trojan-activity;sid:84211800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.148.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348699/; classtype:trojan-activity;sid:84211799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.76.166.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348698/; classtype:trojan-activity;sid:84211798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.177.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348696/; classtype:trojan-activity;sid:84211796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.112.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348697/; classtype:trojan-activity;sid:84211797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.142.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348694/; classtype:trojan-activity;sid:84211794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.146.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348695/; classtype:trojan-activity;sid:84211795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.130.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348693/; classtype:trojan-activity;sid:84211793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.188.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348692/; classtype:trojan-activity;sid:84211792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348691/; classtype:trojan-activity;sid:84211791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.35.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348690/; classtype:trojan-activity;sid:84211790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348689/; classtype:trojan-activity;sid:84211789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.193.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348688/; classtype:trojan-activity;sid:84211788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.184.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348687/; classtype:trojan-activity;sid:84211787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348686/; classtype:trojan-activity;sid:84211786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.231.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348685/; classtype:trojan-activity;sid:84211785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348684/; classtype:trojan-activity;sid:84211784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.112.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348683/; classtype:trojan-activity;sid:84211783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.233.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348682/; classtype:trojan-activity;sid:84211782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.93.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348681/; classtype:trojan-activity;sid:84211781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.130.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348680/; classtype:trojan-activity;sid:84211780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.24.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348679/; classtype:trojan-activity;sid:84211779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.239.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348678/; classtype:trojan-activity;sid:84211778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.142.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348677/; classtype:trojan-activity;sid:84211777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.148.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348676/; classtype:trojan-activity;sid:84211776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.88.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348674/; classtype:trojan-activity;sid:84211774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.138.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348675/; classtype:trojan-activity;sid:84211775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.54.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348673/; classtype:trojan-activity;sid:84211773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.186.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348672/; classtype:trojan-activity;sid:84211772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.244.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348671/; classtype:trojan-activity;sid:84211771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.188.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348670/; classtype:trojan-activity;sid:84211770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348669/; classtype:trojan-activity;sid:84211769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.35.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348668/; classtype:trojan-activity;sid:84211768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.90.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348665/; classtype:trojan-activity;sid:84211765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.183.184.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348666/; classtype:trojan-activity;sid:84211766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.178.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348667/; classtype:trojan-activity;sid:84211767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.131.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348664/; classtype:trojan-activity;sid:84211764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.17.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348663/; classtype:trojan-activity;sid:84211763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.160.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348662/; classtype:trojan-activity;sid:84211762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.192.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348661/; classtype:trojan-activity;sid:84211761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348660/; classtype:trojan-activity;sid:84211760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.128.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348659/; classtype:trojan-activity;sid:84211759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.89.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348658/; classtype:trojan-activity;sid:84211758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348657/; classtype:trojan-activity;sid:84211757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.32.148.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348655/; classtype:trojan-activity;sid:84211755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.200.84.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348656/; classtype:trojan-activity;sid:84211756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.186.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348654/; classtype:trojan-activity;sid:84211754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.111.75.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348652/; classtype:trojan-activity;sid:84211752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.38.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348653/; classtype:trojan-activity;sid:84211753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.254.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348651/; classtype:trojan-activity;sid:84211751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.155.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348650/; classtype:trojan-activity;sid:84211750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.33.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348649/; classtype:trojan-activity;sid:84211749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.182.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348648/; classtype:trojan-activity;sid:84211748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.240.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348647/; classtype:trojan-activity;sid:84211747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.90.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348646/; classtype:trojan-activity;sid:84211746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.241.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348645/; classtype:trojan-activity;sid:84211745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.74.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348643/; classtype:trojan-activity;sid:84211743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.91.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348644/; classtype:trojan-activity;sid:84211744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.138.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348642/; classtype:trojan-activity;sid:84211742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.0.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348641/; classtype:trojan-activity;sid:84211741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.3.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348638/; classtype:trojan-activity;sid:84211738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.169.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348639/; classtype:trojan-activity;sid:84211739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.49.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348640/; classtype:trojan-activity;sid:84211740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.140.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348637/; classtype:trojan-activity;sid:84211737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.40.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348636/; classtype:trojan-activity;sid:84211736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.232.206.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348635/; classtype:trojan-activity;sid:84211735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.235.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348634/; classtype:trojan-activity;sid:84211734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.187.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348633/; classtype:trojan-activity;sid:84211733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.178.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348632/; classtype:trojan-activity;sid:84211732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.156.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348631/; classtype:trojan-activity;sid:84211731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.187.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348630/; classtype:trojan-activity;sid:84211730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.49.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348629/; classtype:trojan-activity;sid:84211729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.146.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348628/; classtype:trojan-activity;sid:84211728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348627/; classtype:trojan-activity;sid:84211727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.240.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348626/; classtype:trojan-activity;sid:84211726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.36.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348625/; classtype:trojan-activity;sid:84211725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.217.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348624/; classtype:trojan-activity;sid:84211724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.181.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348622/; classtype:trojan-activity;sid:84211722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.74.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348623/; classtype:trojan-activity;sid:84211723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348621/; classtype:trojan-activity;sid:84211721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.120.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348620/; classtype:trojan-activity;sid:84211720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.91.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348619/; classtype:trojan-activity;sid:84211719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.29.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348618/; classtype:trojan-activity;sid:84211718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.91.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348617/; classtype:trojan-activity;sid:84211717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.140.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348616/; classtype:trojan-activity;sid:84211716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.21.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348615/; classtype:trojan-activity;sid:84211715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.189.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348614/; classtype:trojan-activity;sid:84211714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.194.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348613/; classtype:trojan-activity;sid:84211713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.15.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348611/; classtype:trojan-activity;sid:84211711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.157.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348612/; classtype:trojan-activity;sid:84211712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.156.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348610/; classtype:trojan-activity;sid:84211710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.240.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348608/; classtype:trojan-activity;sid:84211708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.203.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348609/; classtype:trojan-activity;sid:84211709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.153.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348607/; classtype:trojan-activity;sid:84211707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.93"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348606/; classtype:trojan-activity;sid:84211706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.227.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348605/; classtype:trojan-activity;sid:84211705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.36.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348604/; classtype:trojan-activity;sid:84211704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348603/; classtype:trojan-activity;sid:84211703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348602)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.45.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348602/; classtype:trojan-activity;sid:84211702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.217.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348601/; classtype:trojan-activity;sid:84211701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.222.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348600/; classtype:trojan-activity;sid:84211700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.108.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348599/; classtype:trojan-activity;sid:84211699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.211.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348598/; classtype:trojan-activity;sid:84211698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.232.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348597/; classtype:trojan-activity;sid:84211697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348596/; classtype:trojan-activity;sid:84211696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.120.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348595/; classtype:trojan-activity;sid:84211695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.83.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348594/; classtype:trojan-activity;sid:84211694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.208.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348593/; classtype:trojan-activity;sid:84211693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.235.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348592/; classtype:trojan-activity;sid:84211692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.181.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348591/; classtype:trojan-activity;sid:84211691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.174.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348590/; classtype:trojan-activity;sid:84211690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.172.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348589/; classtype:trojan-activity;sid:84211689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.167.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348587/; classtype:trojan-activity;sid:84211687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.13.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348588/; classtype:trojan-activity;sid:84211688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.227.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348585/; classtype:trojan-activity;sid:84211685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.73.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348586/; classtype:trojan-activity;sid:84211686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.116.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348584/; classtype:trojan-activity;sid:84211684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.142.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348583/; classtype:trojan-activity;sid:84211683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.243.137.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348582/; classtype:trojan-activity;sid:84211682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.196.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348581/; classtype:trojan-activity;sid:84211681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.217.94.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348580/; classtype:trojan-activity;sid:84211680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.31.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348579/; classtype:trojan-activity;sid:84211679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.98.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348578/; classtype:trojan-activity;sid:84211678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348577/; classtype:trojan-activity;sid:84211677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.13.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348575/; classtype:trojan-activity;sid:84211675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.222.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348576/; classtype:trojan-activity;sid:84211676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.120.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348574/; classtype:trojan-activity;sid:84211674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.236.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348572/; classtype:trojan-activity;sid:84211672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.171.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348573/; classtype:trojan-activity;sid:84211673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.22.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348571/; classtype:trojan-activity;sid:84211671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.146.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348570/; classtype:trojan-activity;sid:84211670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.31.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348569/; classtype:trojan-activity;sid:84211669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.251.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348568/; classtype:trojan-activity;sid:84211668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.157.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348567/; classtype:trojan-activity;sid:84211667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.156.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348566/; classtype:trojan-activity;sid:84211666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.144.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348565/; classtype:trojan-activity;sid:84211665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348564/; classtype:trojan-activity;sid:84211664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.13.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348563/; classtype:trojan-activity;sid:84211663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.196.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348562/; classtype:trojan-activity;sid:84211662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.194.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348561/; classtype:trojan-activity;sid:84211661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.3.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348560/; classtype:trojan-activity;sid:84211660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.59.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348559/; classtype:trojan-activity;sid:84211659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.120.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348558/; classtype:trojan-activity;sid:84211658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.97.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348557/; classtype:trojan-activity;sid:84211657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348556/; classtype:trojan-activity;sid:84211656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.13.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348555/; classtype:trojan-activity;sid:84211655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.232.206.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348554/; classtype:trojan-activity;sid:84211654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348553/; classtype:trojan-activity;sid:84211653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.62.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348552/; classtype:trojan-activity;sid:84211652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.215.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348551/; classtype:trojan-activity;sid:84211651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.56.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348550/; classtype:trojan-activity;sid:84211650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.251.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348549/; classtype:trojan-activity;sid:84211649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.156.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348548/; classtype:trojan-activity;sid:84211648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.98.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348547/; classtype:trojan-activity;sid:84211647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.2.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348546/; classtype:trojan-activity;sid:84211646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.238.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348545/; classtype:trojan-activity;sid:84211645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.218.143.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348544/; classtype:trojan-activity;sid:84211644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348543/; classtype:trojan-activity;sid:84211643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.249.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348542/; classtype:trojan-activity;sid:84211642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.88.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348541/; classtype:trojan-activity;sid:84211641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.3.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348540/; classtype:trojan-activity;sid:84211640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.39.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348539/; classtype:trojan-activity;sid:84211639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348538/; classtype:trojan-activity;sid:84211638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.75.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348537/; classtype:trojan-activity;sid:84211637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.97.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348536/; classtype:trojan-activity;sid:84211636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.167.51.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348535/; classtype:trojan-activity;sid:84211635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.108.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348534/; classtype:trojan-activity;sid:84211634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.24.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348533/; classtype:trojan-activity;sid:84211633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348532)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"agqxp.riders.50kfor50years.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348532/; classtype:trojan-activity;sid:84211632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348530/; classtype:trojan-activity;sid:84211630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.191.242.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348531/; classtype:trojan-activity;sid:84211631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.243.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348529/; classtype:trojan-activity;sid:84211629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.39.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348528/; classtype:trojan-activity;sid:84211628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.128.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348527/; classtype:trojan-activity;sid:84211627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.191.242.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348526/; classtype:trojan-activity;sid:84211626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.218.143.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348525/; classtype:trojan-activity;sid:84211625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.35.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348524/; classtype:trojan-activity;sid:84211624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.165.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348522/; classtype:trojan-activity;sid:84211622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.223.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348523/; classtype:trojan-activity;sid:84211623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348521/; classtype:trojan-activity;sid:84211621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.227.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348520/; classtype:trojan-activity;sid:84211620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.59.65.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348519/; classtype:trojan-activity;sid:84211619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.153.22.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348518/; classtype:trojan-activity;sid:84211618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.24.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348516/; classtype:trojan-activity;sid:84211616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.238.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348517/; classtype:trojan-activity;sid:84211617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.98.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348515/; classtype:trojan-activity;sid:84211615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.47.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348514/; classtype:trojan-activity;sid:84211614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.145.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348512/; classtype:trojan-activity;sid:84211612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.35.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348513/; classtype:trojan-activity;sid:84211613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.60.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348511/; classtype:trojan-activity;sid:84211611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.17.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348510/; classtype:trojan-activity;sid:84211610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.200.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348502/; classtype:trojan-activity;sid:84211602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.172.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348503/; classtype:trojan-activity;sid:84211603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.51.29.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348504/; classtype:trojan-activity;sid:84211604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348505/; classtype:trojan-activity;sid:84211605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348506/; classtype:trojan-activity;sid:84211606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.36.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348507/; classtype:trojan-activity;sid:84211607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.6.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348508/; classtype:trojan-activity;sid:84211608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.129.237.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348509/; classtype:trojan-activity;sid:84211609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.47.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348501/; classtype:trojan-activity;sid:84211601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.158.159.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348500/; classtype:trojan-activity;sid:84211600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.115.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348499/; classtype:trojan-activity;sid:84211599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.236.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348495/; classtype:trojan-activity;sid:84211595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.36.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348496/; classtype:trojan-activity;sid:84211596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.37.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348497/; classtype:trojan-activity;sid:84211597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.131.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348498/; classtype:trojan-activity;sid:84211598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.164.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348494/; classtype:trojan-activity;sid:84211594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.44.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348493/; classtype:trojan-activity;sid:84211593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348491/; classtype:trojan-activity;sid:84211591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348492)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348492/; classtype:trojan-activity;sid:84211592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348490)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348490/; classtype:trojan-activity;sid:84211590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348481)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348481/; classtype:trojan-activity;sid:84211581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348482)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348482/; classtype:trojan-activity;sid:84211582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348483)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348483/; classtype:trojan-activity;sid:84211583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348484)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348484/; classtype:trojan-activity;sid:84211584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348485)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348485/; classtype:trojan-activity;sid:84211585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348486)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348486/; classtype:trojan-activity;sid:84211586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348487)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348487/; classtype:trojan-activity;sid:84211587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348488/; classtype:trojan-activity;sid:84211588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348489)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348489/; classtype:trojan-activity;sid:84211589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348480)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348480/; classtype:trojan-activity;sid:84211580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348459)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348459/; classtype:trojan-activity;sid:84211559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348460)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348460/; classtype:trojan-activity;sid:84211560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348461)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348461/; classtype:trojan-activity;sid:84211561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348462)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348462/; classtype:trojan-activity;sid:84211562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348463)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348463/; classtype:trojan-activity;sid:84211563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348464)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348464/; classtype:trojan-activity;sid:84211564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348465)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348465/; classtype:trojan-activity;sid:84211565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348466)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348466/; classtype:trojan-activity;sid:84211566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348467)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348467/; classtype:trojan-activity;sid:84211567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348468)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348468/; classtype:trojan-activity;sid:84211568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348469)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348469/; classtype:trojan-activity;sid:84211569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348470)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348470/; classtype:trojan-activity;sid:84211570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348471)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348471/; classtype:trojan-activity;sid:84211571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348472)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348472/; classtype:trojan-activity;sid:84211572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348473)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348473/; classtype:trojan-activity;sid:84211573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348474)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348474/; classtype:trojan-activity;sid:84211574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348475)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348475/; classtype:trojan-activity;sid:84211575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348476)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348476/; classtype:trojan-activity;sid:84211576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348477)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348477/; classtype:trojan-activity;sid:84211577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348478)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348478/; classtype:trojan-activity;sid:84211578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348479)"; flow:established,from_client; content:"GET"; http_method; content:"/tppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348479/; classtype:trojan-activity;sid:84211579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348441)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348441/; classtype:trojan-activity;sid:84211541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348442)"; flow:established,from_client; content:"GET"; http_method; content:"/nshppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348442/; classtype:trojan-activity;sid:84211542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348443)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348443/; classtype:trojan-activity;sid:84211543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348444)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348444/; classtype:trojan-activity;sid:84211544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348445)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348445/; classtype:trojan-activity;sid:84211545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348446)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348446/; classtype:trojan-activity;sid:84211546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348447)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348447/; classtype:trojan-activity;sid:84211547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348448)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348448/; classtype:trojan-activity;sid:84211548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348449)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348449/; classtype:trojan-activity;sid:84211549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348450)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348450/; classtype:trojan-activity;sid:84211550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348451)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348451/; classtype:trojan-activity;sid:84211551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348452)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348452/; classtype:trojan-activity;sid:84211552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348453)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348453/; classtype:trojan-activity;sid:84211553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348454)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348454/; classtype:trojan-activity;sid:84211554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348455)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348455/; classtype:trojan-activity;sid:84211555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348456)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348456/; classtype:trojan-activity;sid:84211556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348457)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348457/; classtype:trojan-activity;sid:84211557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348458)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348458/; classtype:trojan-activity;sid:84211558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.223.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348440/; classtype:trojan-activity;sid:84211540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.239.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348439/; classtype:trojan-activity;sid:84211539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.106.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348438/; classtype:trojan-activity;sid:84211538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.97.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348437/; classtype:trojan-activity;sid:84211537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.253.120.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348436/; classtype:trojan-activity;sid:84211536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.210.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348435/; classtype:trojan-activity;sid:84211535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.52.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348434/; classtype:trojan-activity;sid:84211534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.147.179.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348433/; classtype:trojan-activity;sid:84211533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.93.55.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348432/; classtype:trojan-activity;sid:84211532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.136.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348431/; classtype:trojan-activity;sid:84211531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.164.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348430/; classtype:trojan-activity;sid:84211530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.153.22.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348429/; classtype:trojan-activity;sid:84211529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.186.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348428/; classtype:trojan-activity;sid:84211528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.59.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348427/; classtype:trojan-activity;sid:84211527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.207.137.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348426/; classtype:trojan-activity;sid:84211526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.185.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348425/; classtype:trojan-activity;sid:84211525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.145.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348424/; classtype:trojan-activity;sid:84211524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.163.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348423/; classtype:trojan-activity;sid:84211523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348421/; classtype:trojan-activity;sid:84211521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.36.218.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348422/; classtype:trojan-activity;sid:84211522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348420/; classtype:trojan-activity;sid:84211520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.177.104.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348419/; classtype:trojan-activity;sid:84211519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.236.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348418/; classtype:trojan-activity;sid:84211518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.208.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348417/; classtype:trojan-activity;sid:84211517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.253.120.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348416/; classtype:trojan-activity;sid:84211516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.246.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348414/; classtype:trojan-activity;sid:84211514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.97.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348415/; classtype:trojan-activity;sid:84211515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.193.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348413/; classtype:trojan-activity;sid:84211513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348412/; classtype:trojan-activity;sid:84211512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.3.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348411/; classtype:trojan-activity;sid:84211511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.30.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348410/; classtype:trojan-activity;sid:84211510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.218.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348408/; classtype:trojan-activity;sid:84211508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.59.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348409/; classtype:trojan-activity;sid:84211509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.185.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348407/; classtype:trojan-activity;sid:84211507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.196.169.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348406/; classtype:trojan-activity;sid:84211506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.156.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348405/; classtype:trojan-activity;sid:84211505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.210.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348404/; classtype:trojan-activity;sid:84211504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.207.137.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348403/; classtype:trojan-activity;sid:84211503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.99.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348402/; classtype:trojan-activity;sid:84211502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.247.185.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348401/; classtype:trojan-activity;sid:84211501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.180.141.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348400/; classtype:trojan-activity;sid:84211500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.210.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348399/; classtype:trojan-activity;sid:84211499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.86.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348398/; classtype:trojan-activity;sid:84211498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.175.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348396/; classtype:trojan-activity;sid:84211496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.181.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348397/; classtype:trojan-activity;sid:84211497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.29.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348392/; classtype:trojan-activity;sid:84211492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.42.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348393/; classtype:trojan-activity;sid:84211493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.127.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348394/; classtype:trojan-activity;sid:84211494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.181.124.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348395/; classtype:trojan-activity;sid:84211495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.55.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348391/; classtype:trojan-activity;sid:84211491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.232.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348390/; classtype:trojan-activity;sid:84211490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.188.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348389/; classtype:trojan-activity;sid:84211489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.246.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348388/; classtype:trojan-activity;sid:84211488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.164.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348387/; classtype:trojan-activity;sid:84211487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.155.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348386/; classtype:trojan-activity;sid:84211486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.109.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348385/; classtype:trojan-activity;sid:84211485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348384/; classtype:trojan-activity;sid:84211484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.141.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348383/; classtype:trojan-activity;sid:84211483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348382/; classtype:trojan-activity;sid:84211482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.162.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348381/; classtype:trojan-activity;sid:84211481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.119.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348380/; classtype:trojan-activity;sid:84211480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.177.104.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348379/; classtype:trojan-activity;sid:84211479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.24.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348378/; classtype:trojan-activity;sid:84211478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.46.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348377/; classtype:trojan-activity;sid:84211477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.232.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348376/; classtype:trojan-activity;sid:84211476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.210.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348375/; classtype:trojan-activity;sid:84211475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.168.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348374/; classtype:trojan-activity;sid:84211474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348373)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348373/; classtype:trojan-activity;sid:84211473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348372)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348372/; classtype:trojan-activity;sid:84211472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348367)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348367/; classtype:trojan-activity;sid:84211467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348368)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348368/; classtype:trojan-activity;sid:84211468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348369)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348369/; classtype:trojan-activity;sid:84211469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348370)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348370/; classtype:trojan-activity;sid:84211470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348371)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348371/; classtype:trojan-activity;sid:84211471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348366/; classtype:trojan-activity;sid:84211466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348365/; classtype:trojan-activity;sid:84211465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348364)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348364/; classtype:trojan-activity;sid:84211464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348362)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348362/; classtype:trojan-activity;sid:84211462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.233.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348363/; classtype:trojan-activity;sid:84211463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348361/; classtype:trojan-activity;sid:84211461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.150.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348360/; classtype:trojan-activity;sid:84211460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.185.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348359/; classtype:trojan-activity;sid:84211459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.19.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348358/; classtype:trojan-activity;sid:84211458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348357/; classtype:trojan-activity;sid:84211457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.50.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348356/; classtype:trojan-activity;sid:84211456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348355/; classtype:trojan-activity;sid:84211455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.176.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348354/; classtype:trojan-activity;sid:84211454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.241.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348353/; classtype:trojan-activity;sid:84211453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.11.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348352/; classtype:trojan-activity;sid:84211452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.46.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348351/; classtype:trojan-activity;sid:84211451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.241.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348350/; classtype:trojan-activity;sid:84211450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.231.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348348/; classtype:trojan-activity;sid:84211448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348349/; classtype:trojan-activity;sid:84211449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.112.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348347/; classtype:trojan-activity;sid:84211447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.191.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348346/; classtype:trojan-activity;sid:84211446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.150.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348345/; classtype:trojan-activity;sid:84211445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.91.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348344/; classtype:trojan-activity;sid:84211444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.123.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348343/; classtype:trojan-activity;sid:84211443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.219.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348341/; classtype:trojan-activity;sid:84211441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.25.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348342/; classtype:trojan-activity;sid:84211442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.177.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348340/; classtype:trojan-activity;sid:84211440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.45.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348338/; classtype:trojan-activity;sid:84211438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.238.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348339/; classtype:trojan-activity;sid:84211439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.23.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348336/; classtype:trojan-activity;sid:84211436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.108.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348337/; classtype:trojan-activity;sid:84211437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.233.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348335/; classtype:trojan-activity;sid:84211435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.91.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348334/; classtype:trojan-activity;sid:84211434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.82.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348333/; classtype:trojan-activity;sid:84211433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.66.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348332/; classtype:trojan-activity;sid:84211432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.11.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348331/; classtype:trojan-activity;sid:84211431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.106.100.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348330/; classtype:trojan-activity;sid:84211430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.219.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348329/; classtype:trojan-activity;sid:84211429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348328/; classtype:trojan-activity;sid:84211428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.123.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348327/; classtype:trojan-activity;sid:84211427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348326/; classtype:trojan-activity;sid:84211426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.73.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348325/; classtype:trojan-activity;sid:84211425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348324/; classtype:trojan-activity;sid:84211424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.13.79"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348323/; classtype:trojan-activity;sid:84211423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.107.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348322/; classtype:trojan-activity;sid:84211422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.177.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348321/; classtype:trojan-activity;sid:84211421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.82.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348320/; classtype:trojan-activity;sid:84211420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.191.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348319/; classtype:trojan-activity;sid:84211419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.81.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348318/; classtype:trojan-activity;sid:84211418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348317/; classtype:trojan-activity;sid:84211417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.73.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348315/; classtype:trojan-activity;sid:84211415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348316/; classtype:trojan-activity;sid:84211416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.100.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348313/; classtype:trojan-activity;sid:84211413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.51.151"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348314/; classtype:trojan-activity;sid:84211414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.106.100.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348312/; classtype:trojan-activity;sid:84211412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.15.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348311/; classtype:trojan-activity;sid:84211411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.160.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348310/; classtype:trojan-activity;sid:84211410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.118.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348308/; classtype:trojan-activity;sid:84211408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.50.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348309/; classtype:trojan-activity;sid:84211409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348307/; classtype:trojan-activity;sid:84211407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.51.151"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348305/; classtype:trojan-activity;sid:84211405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.107.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348306/; classtype:trojan-activity;sid:84211406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.100.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348304/; classtype:trojan-activity;sid:84211404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.107.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348303/; classtype:trojan-activity;sid:84211403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.53.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348302/; classtype:trojan-activity;sid:84211402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.210.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348301/; classtype:trojan-activity;sid:84211401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.188.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348300/; classtype:trojan-activity;sid:84211400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.247.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348299/; classtype:trojan-activity;sid:84211399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.23.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348298/; classtype:trojan-activity;sid:84211398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.100.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348297/; classtype:trojan-activity;sid:84211397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.76.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348296/; classtype:trojan-activity;sid:84211396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.107.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348295/; classtype:trojan-activity;sid:84211395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348294/; classtype:trojan-activity;sid:84211394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.85.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348292/; classtype:trojan-activity;sid:84211392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348293/; classtype:trojan-activity;sid:84211393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348291/; classtype:trojan-activity;sid:84211391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.210.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348290/; classtype:trojan-activity;sid:84211390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.90.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348289/; classtype:trojan-activity;sid:84211389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.76.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348288/; classtype:trojan-activity;sid:84211388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348287/; classtype:trojan-activity;sid:84211387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.36.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348286/; classtype:trojan-activity;sid:84211386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.23.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348285/; classtype:trojan-activity;sid:84211385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.255.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348284/; classtype:trojan-activity;sid:84211384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.65.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348283/; classtype:trojan-activity;sid:84211383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.222.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348282/; classtype:trojan-activity;sid:84211382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.255.87.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348281/; classtype:trojan-activity;sid:84211381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.80.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348280/; classtype:trojan-activity;sid:84211380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.179.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348279/; classtype:trojan-activity;sid:84211379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.121.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348278/; classtype:trojan-activity;sid:84211378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348277/; classtype:trojan-activity;sid:84211377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348276/; classtype:trojan-activity;sid:84211376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.232.167.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348275/; classtype:trojan-activity;sid:84211375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.65.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348274/; classtype:trojan-activity;sid:84211374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348273/; classtype:trojan-activity;sid:84211373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.43.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348272/; classtype:trojan-activity;sid:84211372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.27.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348271/; classtype:trojan-activity;sid:84211371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.228.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348270/; classtype:trojan-activity;sid:84211370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348269/; classtype:trojan-activity;sid:84211369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.156.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348268/; classtype:trojan-activity;sid:84211368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348267/; classtype:trojan-activity;sid:84211367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348266/; classtype:trojan-activity;sid:84211366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.53.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348265/; classtype:trojan-activity;sid:84211365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.119.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348264/; classtype:trojan-activity;sid:84211364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.152.21.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348263/; classtype:trojan-activity;sid:84211363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.85.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348262/; classtype:trojan-activity;sid:84211362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.236.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348261/; classtype:trojan-activity;sid:84211361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.8.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348260/; classtype:trojan-activity;sid:84211360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348258/; classtype:trojan-activity;sid:84211358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.143.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348259/; classtype:trojan-activity;sid:84211359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.110.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348257/; classtype:trojan-activity;sid:84211357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.210.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348255/; classtype:trojan-activity;sid:84211355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.118.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348256/; classtype:trojan-activity;sid:84211356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.228.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348254/; classtype:trojan-activity;sid:84211354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.36.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348253/; classtype:trojan-activity;sid:84211353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.217.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348252/; classtype:trojan-activity;sid:84211352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.119.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348251/; classtype:trojan-activity;sid:84211351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348250/; classtype:trojan-activity;sid:84211350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.219.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348249/; classtype:trojan-activity;sid:84211349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.45.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348248/; classtype:trojan-activity;sid:84211348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.100.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348247/; classtype:trojan-activity;sid:84211347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348246/; classtype:trojan-activity;sid:84211346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.40.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348245/; classtype:trojan-activity;sid:84211345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.17.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348243/; classtype:trojan-activity;sid:84211343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.57.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348244/; classtype:trojan-activity;sid:84211344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.119.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348242/; classtype:trojan-activity;sid:84211342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.45.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348241/; classtype:trojan-activity;sid:84211341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.236.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348240/; classtype:trojan-activity;sid:84211340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.85.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348239/; classtype:trojan-activity;sid:84211339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.172.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348238/; classtype:trojan-activity;sid:84211338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.210.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348237/; classtype:trojan-activity;sid:84211337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.72.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348236/; classtype:trojan-activity;sid:84211336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.191.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348235/; classtype:trojan-activity;sid:84211335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.110.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348233/; classtype:trojan-activity;sid:84211333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.235.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348234/; classtype:trojan-activity;sid:84211334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.217.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348231/; classtype:trojan-activity;sid:84211331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.36.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348232/; classtype:trojan-activity;sid:84211332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.118.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348230/; classtype:trojan-activity;sid:84211330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.154.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348229/; classtype:trojan-activity;sid:84211329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.193.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348228/; classtype:trojan-activity;sid:84211328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.73.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348227/; classtype:trojan-activity;sid:84211327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348226/; classtype:trojan-activity;sid:84211326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.68.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348224/; classtype:trojan-activity;sid:84211324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.135.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348225/; classtype:trojan-activity;sid:84211325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.219.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348223/; classtype:trojan-activity;sid:84211323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.54.88.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348222/; classtype:trojan-activity;sid:84211322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.240.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348221/; classtype:trojan-activity;sid:84211321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.84.139.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348219/; classtype:trojan-activity;sid:84211319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.2.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348220/; classtype:trojan-activity;sid:84211320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.240.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348218/; classtype:trojan-activity;sid:84211318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348217)"; flow:established,from_client; content:"GET"; http_method; content:"/attatier/cloud/main/testexe.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348217/; classtype:trojan-activity;sid:84211317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.101.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348216/; classtype:trojan-activity;sid:84211316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348215/; classtype:trojan-activity;sid:84211315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.61.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348212/; classtype:trojan-activity;sid:84211312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.189.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348211/; classtype:trojan-activity;sid:84211311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.53.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348210/; classtype:trojan-activity;sid:84211310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.68.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348209/; classtype:trojan-activity;sid:84211309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.2.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348208/; classtype:trojan-activity;sid:84211308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.193.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348207/; classtype:trojan-activity;sid:84211307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.186.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348206/; classtype:trojan-activity;sid:84211306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.244.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348205/; classtype:trojan-activity;sid:84211305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348204/; classtype:trojan-activity;sid:84211304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.222.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348203/; classtype:trojan-activity;sid:84211303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.231.203.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348200/; classtype:trojan-activity;sid:84211300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.253.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348199/; classtype:trojan-activity;sid:84211299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.84.139.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348198/; classtype:trojan-activity;sid:84211298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.38.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348197/; classtype:trojan-activity;sid:84211297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.61.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348196/; classtype:trojan-activity;sid:84211296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.244.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348195/; classtype:trojan-activity;sid:84211295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.129.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348193/; classtype:trojan-activity;sid:84211293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.102.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348194/; classtype:trojan-activity;sid:84211294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.186.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348191/; classtype:trojan-activity;sid:84211291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.32.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348192/; classtype:trojan-activity;sid:84211292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348190/; classtype:trojan-activity;sid:84211290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348183/; classtype:trojan-activity;sid:84211283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.115.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348184/; classtype:trojan-activity;sid:84211284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.128.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348185/; classtype:trojan-activity;sid:84211285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348186/; classtype:trojan-activity;sid:84211286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.128.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348187/; classtype:trojan-activity;sid:84211287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.113.101.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348188/; classtype:trojan-activity;sid:84211288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.112.100.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348189/; classtype:trojan-activity;sid:84211289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.104.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348182/; classtype:trojan-activity;sid:84211282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.46.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348181/; classtype:trojan-activity;sid:84211281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.115.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348179/; classtype:trojan-activity;sid:84211279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.111.75.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348180/; classtype:trojan-activity;sid:84211280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.132.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348177/; classtype:trojan-activity;sid:84211277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.121.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348178/; classtype:trojan-activity;sid:84211278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348176/; classtype:trojan-activity;sid:84211276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.165.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348174/; classtype:trojan-activity;sid:84211274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348175/; classtype:trojan-activity;sid:84211275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.240.216.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348173/; classtype:trojan-activity;sid:84211273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348171/; classtype:trojan-activity;sid:84211271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.160.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348172/; classtype:trojan-activity;sid:84211272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.102.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348170/; classtype:trojan-activity;sid:84211270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.23.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348168/; classtype:trojan-activity;sid:84211268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.38.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348169/; classtype:trojan-activity;sid:84211269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.80.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348167/; classtype:trojan-activity;sid:84211267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348166/; classtype:trojan-activity;sid:84211266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.152.21.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348165/; classtype:trojan-activity;sid:84211265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348164/; classtype:trojan-activity;sid:84211264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.58.126.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348163/; classtype:trojan-activity;sid:84211263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348161)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.logicnet"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.213.187.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348161/; classtype:trojan-activity;sid:84211261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348162)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.logicnet"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.187.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348162/; classtype:trojan-activity;sid:84211262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348160/; classtype:trojan-activity;sid:84211260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348159)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.logicnet"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.187.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348159/; classtype:trojan-activity;sid:84211259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348157)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.logicnet"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.187.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348157/; classtype:trojan-activity;sid:84211257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348158)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.logicnet"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.213.187.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348158/; classtype:trojan-activity;sid:84211258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348151)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.logicnet"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.187.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348151/; classtype:trojan-activity;sid:84211251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348152)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.logicnet"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.187.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348152/; classtype:trojan-activity;sid:84211252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348153)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.logicnet"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.187.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348153/; classtype:trojan-activity;sid:84211253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348154)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.logicnet"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.213.187.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348154/; classtype:trojan-activity;sid:84211254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348155)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.logicnet"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.213.187.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348155/; classtype:trojan-activity;sid:84211255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348156)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.logicnet"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.213.187.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348156/; classtype:trojan-activity;sid:84211256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.109.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348150/; classtype:trojan-activity;sid:84211250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348149/; classtype:trojan-activity;sid:84211249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.146.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348148/; classtype:trojan-activity;sid:84211248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348147/; classtype:trojan-activity;sid:84211247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.185.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348146/; classtype:trojan-activity;sid:84211246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.146.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348144/; classtype:trojan-activity;sid:84211244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.182.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348145/; classtype:trojan-activity;sid:84211245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.6.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348143/; classtype:trojan-activity;sid:84211243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.8.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348142/; classtype:trojan-activity;sid:84211242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.196.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348141/; classtype:trojan-activity;sid:84211241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.121.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348140/; classtype:trojan-activity;sid:84211240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.37.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348139/; classtype:trojan-activity;sid:84211239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.23.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348138/; classtype:trojan-activity;sid:84211238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.161.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348137/; classtype:trojan-activity;sid:84211237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.185.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348135/; classtype:trojan-activity;sid:84211235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.10.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348136/; classtype:trojan-activity;sid:84211236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.119.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348134/; classtype:trojan-activity;sid:84211234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.97.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348133/; classtype:trojan-activity;sid:84211233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348132/; classtype:trojan-activity;sid:84211232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348131/; classtype:trojan-activity;sid:84211231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.217.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348130/; classtype:trojan-activity;sid:84211230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.223.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348129/; classtype:trojan-activity;sid:84211229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.121.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348128/; classtype:trojan-activity;sid:84211228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.97.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348127/; classtype:trojan-activity;sid:84211227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.196.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348126/; classtype:trojan-activity;sid:84211226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.148.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348124/; classtype:trojan-activity;sid:84211224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.83.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348125/; classtype:trojan-activity;sid:84211225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.109.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348123/; classtype:trojan-activity;sid:84211223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348122/; classtype:trojan-activity;sid:84211222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.217.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348121/; classtype:trojan-activity;sid:84211221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.76.126.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348120/; classtype:trojan-activity;sid:84211220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348118)"; flow:established,from_client; content:"GET"; http_method; content:"/akhmat.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.66.79.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348118/; classtype:trojan-activity;sid:84211218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348119)"; flow:established,from_client; content:"GET"; http_method; content:"/perepodg/anketa_u78.doc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"80.66.79.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348119/; classtype:trojan-activity;sid:84211219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.223.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348117/; classtype:trojan-activity;sid:84211217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.165.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348116/; classtype:trojan-activity;sid:84211216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.93.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348115/; classtype:trojan-activity;sid:84211215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348114)"; flow:established,from_client; content:"GET"; http_method; content:"/x.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.141.26.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348114/; classtype:trojan-activity;sid:84211214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.155.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348113/; classtype:trojan-activity;sid:84211213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.220.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348112/; classtype:trojan-activity;sid:84211212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.177.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348111/; classtype:trojan-activity;sid:84211211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.239.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348110/; classtype:trojan-activity;sid:84211210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348109/; classtype:trojan-activity;sid:84211209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.45.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348108/; classtype:trojan-activity;sid:84211208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.76.126.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348107/; classtype:trojan-activity;sid:84211207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.165.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348106/; classtype:trojan-activity;sid:84211206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.93.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348105/; classtype:trojan-activity;sid:84211205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348104/; classtype:trojan-activity;sid:84211204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348103/; classtype:trojan-activity;sid:84211203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.164.136.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348101/; classtype:trojan-activity;sid:84211201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348102/; classtype:trojan-activity;sid:84211202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.175.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348100/; classtype:trojan-activity;sid:84211200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.202.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348099/; classtype:trojan-activity;sid:84211199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.193.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348098/; classtype:trojan-activity;sid:84211198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.177.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348097/; classtype:trojan-activity;sid:84211197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.72.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348096/; classtype:trojan-activity;sid:84211196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348095)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.12.152.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348095/; classtype:trojan-activity;sid:84211195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348094)"; flow:established,from_client; content:"GET"; http_method; content:"/forward/hong/aeo7faal.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lusibuck.oss-cn-hongkong.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348094/; classtype:trojan-activity;sid:84211194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348093)"; flow:established,from_client; content:"GET"; http_method; content:"/forward/hong/c5bnekmx.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lusibuck.oss-cn-hongkong.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348093/; classtype:trojan-activity;sid:84211193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.231.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348092/; classtype:trojan-activity;sid:84211192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/byu.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348091/; classtype:trojan-activity;sid:84211191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348085/; classtype:trojan-activity;sid:84211185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/byu.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348086/; classtype:trojan-activity;sid:84211186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.amd64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348087/; classtype:trojan-activity;sid:84211187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348088/; classtype:trojan-activity;sid:84211188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348089/; classtype:trojan-activity;sid:84211189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348090/; classtype:trojan-activity;sid:84211190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/byu.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348084/; classtype:trojan-activity;sid:84211184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/byu.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348083/; classtype:trojan-activity;sid:84211183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348082/; classtype:trojan-activity;sid:84211182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.202.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348081/; classtype:trojan-activity;sid:84211181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348080/; classtype:trojan-activity;sid:84211180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.167.201.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348079/; classtype:trojan-activity;sid:84211179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.120.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348078/; classtype:trojan-activity;sid:84211178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.51.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348076/; classtype:trojan-activity;sid:84211176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.64.20.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348077/; classtype:trojan-activity;sid:84211177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.64.20.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348058/; classtype:trojan-activity;sid:84211158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348057/; classtype:trojan-activity;sid:84211157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348050/; classtype:trojan-activity;sid:84211150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348051/; classtype:trojan-activity;sid:84211151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"93.123.85.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348052/; classtype:trojan-activity;sid:84211152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/byu.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348053/; classtype:trojan-activity;sid:84211153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/byu.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348054/; classtype:trojan-activity;sid:84211154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.amd64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348055/; classtype:trojan-activity;sid:84211155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348056/; classtype:trojan-activity;sid:84211156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.110.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348049/; classtype:trojan-activity;sid:84211149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348043/; classtype:trojan-activity;sid:84211143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348044/; classtype:trojan-activity;sid:84211144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348045/; classtype:trojan-activity;sid:84211145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348046/; classtype:trojan-activity;sid:84211146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.amd64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348047/; classtype:trojan-activity;sid:84211147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/by.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348048/; classtype:trojan-activity;sid:84211148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348042)"; flow:established,from_client; content:"GET"; http_method; content:"/files/kissers.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"158.69.36.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348042/; classtype:trojan-activity;sid:84211142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.171.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348041/; classtype:trojan-activity;sid:84211141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.41.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348040/; classtype:trojan-activity;sid:84211140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.118.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348039/; classtype:trojan-activity;sid:84211139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348038/; classtype:trojan-activity;sid:84211138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348036/; classtype:trojan-activity;sid:84211136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.58.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348037/; classtype:trojan-activity;sid:84211137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348035/; classtype:trojan-activity;sid:84211135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.113.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348034/; classtype:trojan-activity;sid:84211134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.75.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348032/; classtype:trojan-activity;sid:84211132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.115.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348033/; classtype:trojan-activity;sid:84211133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.161.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348030/; classtype:trojan-activity;sid:84211130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.163.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348031/; classtype:trojan-activity;sid:84211131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.55.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348029/; classtype:trojan-activity;sid:84211129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.18.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348028/; classtype:trojan-activity;sid:84211128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.15.252.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348027/; classtype:trojan-activity;sid:84211127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.77.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348025/; classtype:trojan-activity;sid:84211125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.62.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348026/; classtype:trojan-activity;sid:84211126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348024)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"box.loaders.live"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348024/; classtype:trojan-activity;sid:84211124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.33.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348023/; classtype:trojan-activity;sid:84211123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348022)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"15.204.132.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348022/; classtype:trojan-activity;sid:84211122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.193.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348021/; classtype:trojan-activity;sid:84211121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348020)"; flow:established,from_client; content:"GET"; http_method; content:"/file/pdfreader.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.60.226.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348020/; classtype:trojan-activity;sid:84211120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.109.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348019/; classtype:trojan-activity;sid:84211119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.238.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348018/; classtype:trojan-activity;sid:84211118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.41.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348017/; classtype:trojan-activity;sid:84211117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.171.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348014/; classtype:trojan-activity;sid:84211114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.54.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348015/; classtype:trojan-activity;sid:84211115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.83.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348016/; classtype:trojan-activity;sid:84211116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.56.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348013/; classtype:trojan-activity;sid:84211113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.196.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348012/; classtype:trojan-activity;sid:84211112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348011)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/ylhbjw8bze1mefnfsicyv/fascicolo-n.-rg-89456.zip|3f|rlkey=e4utwplbhim0l6nrwcgbzx43c|7c|26|7c|st=drd184g4|7c|26|7c|dl=0"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348011/; classtype:trojan-activity;sid:84211111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348010)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/0exbe8cdyevevjpulk9da/fattura-2374927632.zip|3f|rlkey=sk0uxdr12ivad88itvx8sdr70|7c|26|7c|st=txjo1arj|7c|26|7c|dl=0"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348010/; classtype:trojan-activity;sid:84211110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348008)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/uxrg34x7qy6jli9suww9x/fattura-2739426283.zip|3f|rlkey=ipm184n8qr4yuxqyv7uvlgpr8|7c|26|7c|st=fczo7q28|7c|26|7c|dl=0"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348008/; classtype:trojan-activity;sid:84211108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348009)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/dl8oi5l09lczaxu7arz0z/factura-279372683.zip|3f|rlkey=esy724dyoz4xffzkng9uvit38|7c|26|7c|st=7imsxzth|7c|26|7c|dl=0"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348009/; classtype:trojan-activity;sid:84211109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.118.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348007/; classtype:trojan-activity;sid:84211107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348001)"; flow:established,from_client; content:"GET"; http_method; content:"/elite.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.202.233.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348001/; classtype:trojan-activity;sid:84211101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348002)"; flow:established,from_client; content:"GET"; http_method; content:"/elitebotnet.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.202.233.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348002/; classtype:trojan-activity;sid:84211102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348003)"; flow:established,from_client; content:"GET"; http_method; content:"/elitebotnet.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.202.233.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348003/; classtype:trojan-activity;sid:84211103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348004)"; flow:established,from_client; content:"GET"; http_method; content:"/elitebotnet.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.202.233.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348004/; classtype:trojan-activity;sid:84211104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348005)"; flow:established,from_client; content:"GET"; http_method; content:"/elitebotnet.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.202.233.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348005/; classtype:trojan-activity;sid:84211105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348006)"; flow:established,from_client; content:"GET"; http_method; content:"/elitebotnet.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.202.233.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348006/; classtype:trojan-activity;sid:84211106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348000)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1ydcoow9tkyo5_qfbdzcaqkd9hzdoug7o"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348000/; classtype:trojan-activity;sid:84211100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347996)"; flow:established,from_client; content:"GET"; http_method; content:"/elitebotnet.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.202.233.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347996/; classtype:trojan-activity;sid:84211096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347997)"; flow:established,from_client; content:"GET"; http_method; content:"/elitebotnet.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.202.233.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347997/; classtype:trojan-activity;sid:84211097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347998)"; flow:established,from_client; content:"GET"; http_method; content:"/elitebotnet.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.202.233.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347998/; classtype:trojan-activity;sid:84211098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347999)"; flow:established,from_client; content:"GET"; http_method; content:"/elitebotnet.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.202.233.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347999/; classtype:trojan-activity;sid:84211099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.161.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347995/; classtype:trojan-activity;sid:84211095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.25.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347994/; classtype:trojan-activity;sid:84211094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.80.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347993/; classtype:trojan-activity;sid:84211093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347992)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"154.213.186.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347992/; classtype:trojan-activity;sid:84211092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347991)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"154.213.186.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347991/; classtype:trojan-activity;sid:84211091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347990)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"154.213.186.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347990/; classtype:trojan-activity;sid:84211090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.229.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347980/; classtype:trojan-activity;sid:84211080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.205.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347981/; classtype:trojan-activity;sid:84211081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347982)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"154.213.186.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347982/; classtype:trojan-activity;sid:84211082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347983)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"154.213.186.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347983/; classtype:trojan-activity;sid:84211083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347984)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"154.213.186.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347984/; classtype:trojan-activity;sid:84211084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347985)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"154.213.186.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347985/; classtype:trojan-activity;sid:84211085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347986)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"154.213.186.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347986/; classtype:trojan-activity;sid:84211086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347987)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"154.213.186.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347987/; classtype:trojan-activity;sid:84211087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347988)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"154.213.186.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347988/; classtype:trojan-activity;sid:84211088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347979/; classtype:trojan-activity;sid:84211079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.196.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347978/; classtype:trojan-activity;sid:84211078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.8.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347977/; classtype:trojan-activity;sid:84211077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.121.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347976/; classtype:trojan-activity;sid:84211076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.34.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347975/; classtype:trojan-activity;sid:84211075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.165.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347974/; classtype:trojan-activity;sid:84211074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.16.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347973/; classtype:trojan-activity;sid:84211073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.25.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347972/; classtype:trojan-activity;sid:84211072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.89.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347971/; classtype:trojan-activity;sid:84211071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.205.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347970/; classtype:trojan-activity;sid:84211070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347969)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.235.130.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347969/; classtype:trojan-activity;sid:84211069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.184.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347968/; classtype:trojan-activity;sid:84211068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.73.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347967/; classtype:trojan-activity;sid:84211067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.216.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347966/; classtype:trojan-activity;sid:84211066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.165.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347965/; classtype:trojan-activity;sid:84211065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.59.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347964/; classtype:trojan-activity;sid:84211064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.117.240.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347963/; classtype:trojan-activity;sid:84211063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.47.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347962/; classtype:trojan-activity;sid:84211062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.1.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347961/; classtype:trojan-activity;sid:84211061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347960)"; flow:established,from_client; content:"GET"; http_method; content:"/telegram_premium/getappsru.apk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"rustore-apk.github.io"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347960/; classtype:trojan-activity;sid:84211060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347959/; classtype:trojan-activity;sid:84211059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.115.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347958/; classtype:trojan-activity;sid:84211058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.151.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347957/; classtype:trojan-activity;sid:84211057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.1.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347956/; classtype:trojan-activity;sid:84211056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347955/; classtype:trojan-activity;sid:84211055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.55.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347954/; classtype:trojan-activity;sid:84211054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.33.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347953/; classtype:trojan-activity;sid:84211053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.160.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347951/; classtype:trojan-activity;sid:84211051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347952)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1zdmdtdbbpfuohvqqkj6odhoqn15z7kom"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347952/; classtype:trojan-activity;sid:84211052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.247.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347950/; classtype:trojan-activity;sid:84211050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.47.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347949/; classtype:trojan-activity;sid:84211049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.89.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347948/; classtype:trojan-activity;sid:84211048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.105.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347946/; classtype:trojan-activity;sid:84211046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.10.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347947/; classtype:trojan-activity;sid:84211047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.121.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347945/; classtype:trojan-activity;sid:84211045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.10.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347944/; classtype:trojan-activity;sid:84211044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347943/; classtype:trojan-activity;sid:84211043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.28.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347942/; classtype:trojan-activity;sid:84211042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.61.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347941/; classtype:trojan-activity;sid:84211041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.193.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347940/; classtype:trojan-activity;sid:84211040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.8.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347939/; classtype:trojan-activity;sid:84211039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.7.243"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347938/; classtype:trojan-activity;sid:84211038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347937)"; flow:established,from_client; content:"GET"; http_method; content:"/ouch_sokheng/product.bat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347937/; classtype:trojan-activity;sid:84211037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347935)"; flow:established,from_client; content:"GET"; http_method; content:"/ouch_sokheng/cv.bat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347935/; classtype:trojan-activity;sid:84211035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347936)"; flow:established,from_client; content:"GET"; http_method; content:"/product.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347936/; classtype:trojan-activity;sid:84211036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347934)"; flow:established,from_client; content:"GET"; http_method; content:"/x.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347934/; classtype:trojan-activity;sid:84211034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347933)"; flow:established,from_client; content:"GET"; http_method; content:"/ouch_sokheng/final_pdf.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347933/; classtype:trojan-activity;sid:84211033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347932/; classtype:trojan-activity;sid:84211032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347931)"; flow:established,from_client; content:"GET"; http_method; content:"/ouch_sokheng/cv.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347931/; classtype:trojan-activity;sid:84211031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347930)"; flow:established,from_client; content:"GET"; http_method; content:"/robi1beleaua/aerozen/refs/heads/main/system32.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347930/; classtype:trojan-activity;sid:84211030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347928)"; flow:established,from_client; content:"GET"; http_method; content:"/ouch_sokheng/filezilla.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347928/; classtype:trojan-activity;sid:84211028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347929)"; flow:established,from_client; content:"GET"; http_method; content:"/filezilla.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347929/; classtype:trojan-activity;sid:84211029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347927)"; flow:established,from_client; content:"GET"; http_method; content:"/filezilla-stage2.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347927/; classtype:trojan-activity;sid:84211027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347925)"; flow:established,from_client; content:"GET"; http_method; content:"/ouch_sokheng/filezilla-stage2.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347925/; classtype:trojan-activity;sid:84211025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347926)"; flow:established,from_client; content:"GET"; http_method; content:"/ouch_sokheng/mycv.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347926/; classtype:trojan-activity;sid:84211026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347923)"; flow:established,from_client; content:"GET"; http_method; content:"/buihuyduc123/duccbotnet/main/system32.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347923/; classtype:trojan-activity;sid:84211023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347924)"; flow:established,from_client; content:"GET"; http_method; content:"/system32.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"60.250.49.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347924/; classtype:trojan-activity;sid:84211024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347919)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/system32.exe/raw/refs/heads/master/system32.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347919/; classtype:trojan-activity;sid:84211019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347920)"; flow:established,from_client; content:"GET"; http_method; content:"/ouch_sokheng/cv.docm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347920/; classtype:trojan-activity;sid:84211020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347921)"; flow:established,from_client; content:"GET"; http_method; content:"/ouch_sokheng/payload.vbs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347921/; classtype:trojan-activity;sid:84211021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347922)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.84.161.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347922/; classtype:trojan-activity;sid:84211022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347918)"; flow:established,from_client; content:"GET"; http_method; content:"/booombiimbamm/mods/main/system32.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347918/; classtype:trojan-activity;sid:84211018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.55.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347916/; classtype:trojan-activity;sid:84211016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.204.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347917/; classtype:trojan-activity;sid:84211017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.247.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347915/; classtype:trojan-activity;sid:84211015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.240.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347914/; classtype:trojan-activity;sid:84211014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.9.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347913/; classtype:trojan-activity;sid:84211013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.198.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347912/; classtype:trojan-activity;sid:84211012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347911/; classtype:trojan-activity;sid:84211011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347910/; classtype:trojan-activity;sid:84211010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.248.123.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347909/; classtype:trojan-activity;sid:84211009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.83.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347908/; classtype:trojan-activity;sid:84211008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.232.192.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347907/; classtype:trojan-activity;sid:84211007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.238.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347906/; classtype:trojan-activity;sid:84211006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347904)"; flow:established,from_client; content:"GET"; http_method; content:"/ngwa5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.255.120.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347904/; classtype:trojan-activity;sid:84211004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347905)"; flow:established,from_client; content:"GET"; http_method; content:"/njvwa4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.255.120.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347905/; classtype:trojan-activity;sid:84211005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.87.33.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347902/; classtype:trojan-activity;sid:84211002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.193.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347903/; classtype:trojan-activity;sid:84211003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347895)"; flow:established,from_client; content:"GET"; http_method; content:"/bojwsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.255.120.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347895/; classtype:trojan-activity;sid:84210995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347896)"; flow:established,from_client; content:"GET"; http_method; content:"/kqibeps"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.255.120.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347896/; classtype:trojan-activity;sid:84210996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347897)"; flow:established,from_client; content:"GET"; http_method; content:"/wrjkngh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.255.120.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347897/; classtype:trojan-activity;sid:84210997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347898)"; flow:established,from_client; content:"GET"; http_method; content:"/woega6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.255.120.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347898/; classtype:trojan-activity;sid:84210998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347899)"; flow:established,from_client; content:"GET"; http_method; content:"/wlw68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.255.120.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347899/; classtype:trojan-activity;sid:84210999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347900)"; flow:established,from_client; content:"GET"; http_method; content:"/fnkea7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.255.120.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347900/; classtype:trojan-activity;sid:84211000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347901)"; flow:established,from_client; content:"GET"; http_method; content:"/wkb86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.255.120.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347901/; classtype:trojan-activity;sid:84211001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347894)"; flow:established,from_client; content:"GET"; http_method; content:"/gnjqwpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.255.120.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347894/; classtype:trojan-activity;sid:84210994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.121.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347893/; classtype:trojan-activity;sid:84210993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.240.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347892/; classtype:trojan-activity;sid:84210992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.205.166.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347891/; classtype:trojan-activity;sid:84210991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.27.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347890/; classtype:trojan-activity;sid:84210990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.198.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347889/; classtype:trojan-activity;sid:84210989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.105.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347888/; classtype:trojan-activity;sid:84210988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347887)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347887/; classtype:trojan-activity;sid:84210987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347882)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347882/; classtype:trojan-activity;sid:84210982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347883)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347883/; classtype:trojan-activity;sid:84210983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347884)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347884/; classtype:trojan-activity;sid:84210984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347885)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347885/; classtype:trojan-activity;sid:84210985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347886)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347886/; classtype:trojan-activity;sid:84210986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347879)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347879/; classtype:trojan-activity;sid:84210979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347880)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347880/; classtype:trojan-activity;sid:84210980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347881)"; flow:established,from_client; content:"GET"; http_method; content:"/nshppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347881/; classtype:trojan-activity;sid:84210981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347858)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347858/; classtype:trojan-activity;sid:84210958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347859)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347859/; classtype:trojan-activity;sid:84210959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347860)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347860/; classtype:trojan-activity;sid:84210960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347861)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347861/; classtype:trojan-activity;sid:84210961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347862)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347862/; classtype:trojan-activity;sid:84210962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347863)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347863/; classtype:trojan-activity;sid:84210963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347864)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347864/; classtype:trojan-activity;sid:84210964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347865)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347865/; classtype:trojan-activity;sid:84210965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347866)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347866/; classtype:trojan-activity;sid:84210966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347867)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347867/; classtype:trojan-activity;sid:84210967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347868)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347868/; classtype:trojan-activity;sid:84210968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347869)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347869/; classtype:trojan-activity;sid:84210969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347870)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347870/; classtype:trojan-activity;sid:84210970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347871)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347871/; classtype:trojan-activity;sid:84210971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347872)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347872/; classtype:trojan-activity;sid:84210972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347873)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347873/; classtype:trojan-activity;sid:84210973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347874)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347874/; classtype:trojan-activity;sid:84210974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347875)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347875/; classtype:trojan-activity;sid:84210975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347876)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347876/; classtype:trojan-activity;sid:84210976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347877)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347877/; classtype:trojan-activity;sid:84210977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347878)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347878/; classtype:trojan-activity;sid:84210978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347842)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347842/; classtype:trojan-activity;sid:84210942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347843)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347843/; classtype:trojan-activity;sid:84210943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347844)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347844/; classtype:trojan-activity;sid:84210944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347845)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347845/; classtype:trojan-activity;sid:84210945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347846)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347846/; classtype:trojan-activity;sid:84210946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347847)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347847/; classtype:trojan-activity;sid:84210947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347848)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347848/; classtype:trojan-activity;sid:84210948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347849)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347849/; classtype:trojan-activity;sid:84210949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347850)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347850/; classtype:trojan-activity;sid:84210950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347851)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347851/; classtype:trojan-activity;sid:84210951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347852)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347852/; classtype:trojan-activity;sid:84210952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347853)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347853/; classtype:trojan-activity;sid:84210953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347854)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347854/; classtype:trojan-activity;sid:84210954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347855)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347855/; classtype:trojan-activity;sid:84210955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347856)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347856/; classtype:trojan-activity;sid:84210956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347857)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347857/; classtype:trojan-activity;sid:84210957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.238.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347841/; classtype:trojan-activity;sid:84210941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347840)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347840/; classtype:trojan-activity;sid:84210940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347839)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.246.38.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347839/; classtype:trojan-activity;sid:84210939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347838)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347838/; classtype:trojan-activity;sid:84210938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347836)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347836/; classtype:trojan-activity;sid:84210936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347837)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347837/; classtype:trojan-activity;sid:84210937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.222.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347835/; classtype:trojan-activity;sid:84210935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.226.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347833/; classtype:trojan-activity;sid:84210933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.144.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347834/; classtype:trojan-activity;sid:84210934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347830)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347830/; classtype:trojan-activity;sid:84210930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347831)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347831/; classtype:trojan-activity;sid:84210931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347832)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347832/; classtype:trojan-activity;sid:84210932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347829)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.132.53.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347829/; classtype:trojan-activity;sid:84210929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.101.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347828/; classtype:trojan-activity;sid:84210928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347826)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/mhkhrkc.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347826/; classtype:trojan-activity;sid:84210926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347827)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/enbcimo.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347827/; classtype:trojan-activity;sid:84210927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347819)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/ahsfkdr.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347819/; classtype:trojan-activity;sid:84210919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347820)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/iafcfff.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347820/; classtype:trojan-activity;sid:84210920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347821)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/ckigkdc.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347821/; classtype:trojan-activity;sid:84210921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347822)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/cdshmfo.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347822/; classtype:trojan-activity;sid:84210922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347823)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/ksergoe.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347823/; classtype:trojan-activity;sid:84210923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347824)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/ahkigff.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347824/; classtype:trojan-activity;sid:84210924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347825)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/idmkmnb.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347825/; classtype:trojan-activity;sid:84210925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347816)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/cniasod.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347816/; classtype:trojan-activity;sid:84210916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347817)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/hafbdeh.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347817/; classtype:trojan-activity;sid:84210917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347818)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/piiosim.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347818/; classtype:trojan-activity;sid:84210918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347814)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/iaiioja.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347814/; classtype:trojan-activity;sid:84210914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347815)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/dprnign.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347815/; classtype:trojan-activity;sid:84210915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347812)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/rrmiidc.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347812/; classtype:trojan-activity;sid:84210912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347813)"; flow:established,from_client; content:"GET"; http_method; content:"/eqweqwt/wqeqwfs/downloads/smadeak.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347813/; classtype:trojan-activity;sid:84210913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.33.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347811/; classtype:trojan-activity;sid:84210911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347808)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347808/; classtype:trojan-activity;sid:84210908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347809)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347809/; classtype:trojan-activity;sid:84210909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347810/; classtype:trojan-activity;sid:84210910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.213.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347807/; classtype:trojan-activity;sid:84210907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.27.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347806/; classtype:trojan-activity;sid:84210906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.207.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347805/; classtype:trojan-activity;sid:84210905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.32.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347804/; classtype:trojan-activity;sid:84210904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.175.138.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347803/; classtype:trojan-activity;sid:84210903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.90.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347802/; classtype:trojan-activity;sid:84210902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347800)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347800/; classtype:trojan-activity;sid:84210900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347801)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6linuxtf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347801/; classtype:trojan-activity;sid:84210901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347789)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347789/; classtype:trojan-activity;sid:84210889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347790)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347790/; classtype:trojan-activity;sid:84210890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347791)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347791/; classtype:trojan-activity;sid:84210891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347792)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347792/; classtype:trojan-activity;sid:84210892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347793)"; flow:established,from_client; content:"GET"; http_method; content:"/mipslinuxtf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347793/; classtype:trojan-activity;sid:84210893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347794)"; flow:established,from_client; content:"GET"; http_method; content:"/linuxtf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347794/; classtype:trojan-activity;sid:84210894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347795)"; flow:established,from_client; content:"GET"; http_method; content:"/2.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347795/; classtype:trojan-activity;sid:84210895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347796)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4linuxtf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347796/; classtype:trojan-activity;sid:84210896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347797)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347797/; classtype:trojan-activity;sid:84210897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347798)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347798/; classtype:trojan-activity;sid:84210898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347799)"; flow:established,from_client; content:"GET"; http_method; content:"/main_spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347799/; classtype:trojan-activity;sid:84210899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.206.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347788/; classtype:trojan-activity;sid:84210888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.225.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347787/; classtype:trojan-activity;sid:84210887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.199.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347786/; classtype:trojan-activity;sid:84210886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.224.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347785/; classtype:trojan-activity;sid:84210885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.213.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347784/; classtype:trojan-activity;sid:84210884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.168.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347783/; classtype:trojan-activity;sid:84210883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347781/; classtype:trojan-activity;sid:84210881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.85.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347782/; classtype:trojan-activity;sid:84210882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.156.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347780/; classtype:trojan-activity;sid:84210880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.126.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347779/; classtype:trojan-activity;sid:84210879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.126.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347778/; classtype:trojan-activity;sid:84210878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347777)"; flow:established,from_client; content:"GET"; http_method; content:"/oefj64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.255.120.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347777/; classtype:trojan-activity;sid:84210877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.150.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347776/; classtype:trojan-activity;sid:84210876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.207.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347775/; classtype:trojan-activity;sid:84210875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.214.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347774/; classtype:trojan-activity;sid:84210874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347773/; classtype:trojan-activity;sid:84210873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.90.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347771/; classtype:trojan-activity;sid:84210871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.33.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347772/; classtype:trojan-activity;sid:84210872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.132.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347770/; classtype:trojan-activity;sid:84210870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.7.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347769/; classtype:trojan-activity;sid:84210869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.122.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347768/; classtype:trojan-activity;sid:84210868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.221.225.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347767/; classtype:trojan-activity;sid:84210867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.104.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347766/; classtype:trojan-activity;sid:84210866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.47.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347764/; classtype:trojan-activity;sid:84210864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.89.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347765/; classtype:trojan-activity;sid:84210865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347763/; classtype:trojan-activity;sid:84210863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.224.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347762/; classtype:trojan-activity;sid:84210862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.33.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347761/; classtype:trojan-activity;sid:84210861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.150.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347759/; classtype:trojan-activity;sid:84210859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.132.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347760/; classtype:trojan-activity;sid:84210860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.52.205.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347758/; classtype:trojan-activity;sid:84210858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.132.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347757/; classtype:trojan-activity;sid:84210857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.162.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347756/; classtype:trojan-activity;sid:84210856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.69.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347755/; classtype:trojan-activity;sid:84210855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.173.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347754/; classtype:trojan-activity;sid:84210854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.245.2.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347753/; classtype:trojan-activity;sid:84210853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.1.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347752/; classtype:trojan-activity;sid:84210852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.153.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347751/; classtype:trojan-activity;sid:84210851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.236.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347750/; classtype:trojan-activity;sid:84210850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.227.182.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347749/; classtype:trojan-activity;sid:84210849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.116.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347748/; classtype:trojan-activity;sid:84210848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347747)"; flow:established,from_client; content:"GET"; http_method; content:"/medicalgrantform/11d601c6/profile.rtf"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"defence-lk.military-bd.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347747/; classtype:trojan-activity;sid:84210847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.137.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347746/; classtype:trojan-activity;sid:84210846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.130.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347745/; classtype:trojan-activity;sid:84210845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.121.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347744/; classtype:trojan-activity;sid:84210844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.244.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347743/; classtype:trojan-activity;sid:84210843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.126.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347742/; classtype:trojan-activity;sid:84210842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.52.205.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347737/; classtype:trojan-activity;sid:84210837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.243.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347738/; classtype:trojan-activity;sid:84210838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.233.169.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347739/; classtype:trojan-activity;sid:84210839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.55.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347740/; classtype:trojan-activity;sid:84210840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.63.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347741/; classtype:trojan-activity;sid:84210841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.87.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347736/; classtype:trojan-activity;sid:84210836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347735)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hrc.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347735/; classtype:trojan-activity;sid:84210835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.1.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347734/; classtype:trojan-activity;sid:84210834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347733/; classtype:trojan-activity;sid:84210833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.187.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347732/; classtype:trojan-activity;sid:84210832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.164.35.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347731/; classtype:trojan-activity;sid:84210831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347727)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347727/; classtype:trojan-activity;sid:84210827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347728)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347728/; classtype:trojan-activity;sid:84210828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347729)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347729/; classtype:trojan-activity;sid:84210829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347730)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.215.238.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347730/; classtype:trojan-activity;sid:84210830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.153.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347725/; classtype:trojan-activity;sid:84210825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347726/; classtype:trojan-activity;sid:84210826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.101.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347724/; classtype:trojan-activity;sid:84210824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.122.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347723/; classtype:trojan-activity;sid:84210823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.201.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347705/; classtype:trojan-activity;sid:84210805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347706)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.31.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347706/; classtype:trojan-activity;sid:84210806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347707)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.238.103.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347707/; classtype:trojan-activity;sid:84210807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347708)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.156.64.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347708/; classtype:trojan-activity;sid:84210808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347709)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.29.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347709/; classtype:trojan-activity;sid:84210809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347710)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.170.164.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347710/; classtype:trojan-activity;sid:84210810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347711)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.103.143.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347711/; classtype:trojan-activity;sid:84210811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347712)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.30.72.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347712/; classtype:trojan-activity;sid:84210812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347713)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.31.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347713/; classtype:trojan-activity;sid:84210813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347714)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.66.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347714/; classtype:trojan-activity;sid:84210814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347715)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.76.125.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347715/; classtype:trojan-activity;sid:84210815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347716)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.26.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347716/; classtype:trojan-activity;sid:84210816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347717)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"149.104.29.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347717/; classtype:trojan-activity;sid:84210817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347718)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.218.46.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347718/; classtype:trojan-activity;sid:84210818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347719)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.221.28.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347719/; classtype:trojan-activity;sid:84210819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347720)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.134.170.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347720/; classtype:trojan-activity;sid:84210820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347721)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.242.202.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347721/; classtype:trojan-activity;sid:84210821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347722)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.108.233.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347722/; classtype:trojan-activity;sid:84210822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347700)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.148.24.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347700/; classtype:trojan-activity;sid:84210800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347701)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.148.24.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347701/; classtype:trojan-activity;sid:84210801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347702)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"188.124.42.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347702/; classtype:trojan-activity;sid:84210802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347703)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.143.182.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347703/; classtype:trojan-activity;sid:84210803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347704)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.143.182.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347704/; classtype:trojan-activity;sid:84210804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347699)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.122.74.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347699/; classtype:trojan-activity;sid:84210799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347692)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.19.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347692/; classtype:trojan-activity;sid:84210792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347693)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.229.121.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347693/; classtype:trojan-activity;sid:84210793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347694)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"109.176.254.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347694/; classtype:trojan-activity;sid:84210794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347695)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.8.34.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347695/; classtype:trojan-activity;sid:84210795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347696)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.36.222.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347696/; classtype:trojan-activity;sid:84210796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347697)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"110.41.23.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347697/; classtype:trojan-activity;sid:84210797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347698)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.44.76.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347698/; classtype:trojan-activity;sid:84210798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347683)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.253.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347683/; classtype:trojan-activity;sid:84210783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347684)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.46.212.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347684/; classtype:trojan-activity;sid:84210784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347685)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.29.202.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347685/; classtype:trojan-activity;sid:84210785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347686)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.149.220.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347686/; classtype:trojan-activity;sid:84210786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347687)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.71.202.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347687/; classtype:trojan-activity;sid:84210787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347688)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.42.138.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347688/; classtype:trojan-activity;sid:84210788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347689)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.164.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347689/; classtype:trojan-activity;sid:84210789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347690)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.146.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347690/; classtype:trojan-activity;sid:84210790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347691)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.23.208.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347691/; classtype:trojan-activity;sid:84210791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347682)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.175.30.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347682/; classtype:trojan-activity;sid:84210782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347681)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.42.238.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347681/; classtype:trojan-activity;sid:84210781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.191.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347679/; classtype:trojan-activity;sid:84210779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.109.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347680/; classtype:trojan-activity;sid:84210780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.234.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347678/; classtype:trojan-activity;sid:84210778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.164.35.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347677/; classtype:trojan-activity;sid:84210777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.182.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347676/; classtype:trojan-activity;sid:84210776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.193.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347675/; classtype:trojan-activity;sid:84210775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.229.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347674/; classtype:trojan-activity;sid:84210774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347673/; classtype:trojan-activity;sid:84210773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.123.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347672/; classtype:trojan-activity;sid:84210772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.12.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347670/; classtype:trojan-activity;sid:84210770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347671/; classtype:trojan-activity;sid:84210771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.24.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347669/; classtype:trojan-activity;sid:84210769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.76.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347667/; classtype:trojan-activity;sid:84210767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347668/; classtype:trojan-activity;sid:84210768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.91.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347666/; classtype:trojan-activity;sid:84210766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.42.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347665/; classtype:trojan-activity;sid:84210765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347664)"; flow:established,from_client; content:"GET"; http_method; content:"/apkfile/mytel.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"darkgray-otter-922715.hostingersite.com"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347664/; classtype:trojan-activity;sid:84210764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.172.79.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347661/; classtype:trojan-activity;sid:84210761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.71.26.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347662/; classtype:trojan-activity;sid:84210762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.5.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347663/; classtype:trojan-activity;sid:84210763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347660/; classtype:trojan-activity;sid:84210760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.118.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347659/; classtype:trojan-activity;sid:84210759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.73.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347658/; classtype:trojan-activity;sid:84210758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.171.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347657/; classtype:trojan-activity;sid:84210757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.122.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347656/; classtype:trojan-activity;sid:84210756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.76.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347655/; classtype:trojan-activity;sid:84210755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.10.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347654/; classtype:trojan-activity;sid:84210754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.229.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347653/; classtype:trojan-activity;sid:84210753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347652/; classtype:trojan-activity;sid:84210752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347651/; classtype:trojan-activity;sid:84210751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347649/; classtype:trojan-activity;sid:84210749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.107.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347650/; classtype:trojan-activity;sid:84210750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.91.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347648/; classtype:trojan-activity;sid:84210748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347647)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1329717420/yimb6yx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347647/; classtype:trojan-activity;sid:84210747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347646/; classtype:trojan-activity;sid:84210746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.76.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347645/; classtype:trojan-activity;sid:84210745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347644/; classtype:trojan-activity;sid:84210744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.15.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347643/; classtype:trojan-activity;sid:84210743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347642/; classtype:trojan-activity;sid:84210742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.160.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347641/; classtype:trojan-activity;sid:84210741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.146.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347640/; classtype:trojan-activity;sid:84210740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.184.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347638/; classtype:trojan-activity;sid:84210738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.241.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347639/; classtype:trojan-activity;sid:84210739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.17.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347637/; classtype:trojan-activity;sid:84210737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347636/; classtype:trojan-activity;sid:84210736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.241.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347634/; classtype:trojan-activity;sid:84210734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.75.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347635/; classtype:trojan-activity;sid:84210735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347633)"; flow:established,from_client; content:"GET"; http_method; content:"/obfdownload/doubleloaderdll.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"152.89.198.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347633/; classtype:trojan-activity;sid:84210733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347631)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.53.54.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347631/; classtype:trojan-activity;sid:84210731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347632)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"zqe.riders.50kfor50years.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347632/; classtype:trojan-activity;sid:84210732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347630)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"xqlh.riders.50kfor50years.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347630/; classtype:trojan-activity;sid:84210730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347628)"; flow:established,from_client; content:"GET"; http_method; content:"/fcxcx.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347628/; classtype:trojan-activity;sid:84210728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347629)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347629/; classtype:trojan-activity;sid:84210729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347625)"; flow:established,from_client; content:"GET"; http_method; content:"/q/9.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.209.11.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347625/; classtype:trojan-activity;sid:84210725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347626)"; flow:established,from_client; content:"GET"; http_method; content:"/q/45.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.209.11.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347626/; classtype:trojan-activity;sid:84210726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347627)"; flow:established,from_client; content:"GET"; http_method; content:"/q/bit.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.209.11.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347627/; classtype:trojan-activity;sid:84210727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.122.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347624/; classtype:trojan-activity;sid:84210724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.116.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347623/; classtype:trojan-activity;sid:84210723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.169.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347622/; classtype:trojan-activity;sid:84210722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.156.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347621/; classtype:trojan-activity;sid:84210721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.93.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347620/; classtype:trojan-activity;sid:84210720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.121.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347619/; classtype:trojan-activity;sid:84210719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.157.144.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347618/; classtype:trojan-activity;sid:84210718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.116.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347616/; classtype:trojan-activity;sid:84210716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.117.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347617/; classtype:trojan-activity;sid:84210717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347615/; classtype:trojan-activity;sid:84210715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.123.102.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347614/; classtype:trojan-activity;sid:84210714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347613/; classtype:trojan-activity;sid:84210713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.146.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347612/; classtype:trojan-activity;sid:84210712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347610)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347610/; classtype:trojan-activity;sid:84210710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347611)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347611/; classtype:trojan-activity;sid:84210711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347600)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.powerpc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.202.35.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347600/; classtype:trojan-activity;sid:84210700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347601)"; flow:established,from_client; content:"GET"; http_method; content:"/vwkjebwi686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.216.20.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347601/; classtype:trojan-activity;sid:84210701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347602)"; flow:established,from_client; content:"GET"; http_method; content:"/vsbeps"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.20.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347602/; classtype:trojan-activity;sid:84210702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347603)"; flow:established,from_client; content:"GET"; http_method; content:"/dkslqwkx/0x86d.arm7"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.216.19.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347603/; classtype:trojan-activity;sid:84210703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347604)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347604/; classtype:trojan-activity;sid:84210704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347605)"; flow:established,from_client; content:"GET"; http_method; content:"/dkslqwkx/0x86d.mips"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.216.19.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347605/; classtype:trojan-activity;sid:84210705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347606)"; flow:established,from_client; content:"GET"; http_method; content:"/dkslqwkx/0x86d.sh4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"154.216.19.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347606/; classtype:trojan-activity;sid:84210706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347607)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.armv4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347607/; classtype:trojan-activity;sid:84210707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347608)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347608/; classtype:trojan-activity;sid:84210708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347609)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347609/; classtype:trojan-activity;sid:84210709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347599)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/83bz8acnbgkt7nik6qszshxig6ue2w4but"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347599/; classtype:trojan-activity;sid:84210699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347585)"; flow:established,from_client; content:"GET"; http_method; content:"/dkslqwkx/0x86d.ppc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"154.216.19.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347585/; classtype:trojan-activity;sid:84210685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347586)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.245.156.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347586/; classtype:trojan-activity;sid:84210686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347587)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.245.156.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347587/; classtype:trojan-activity;sid:84210687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347588)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.245.156.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347588/; classtype:trojan-activity;sid:84210688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347589)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.245.156.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347589/; classtype:trojan-activity;sid:84210689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347590)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347590/; classtype:trojan-activity;sid:84210690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347591)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/97lf70ztpygrkaut3i84mrxkq4omomhbja"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347591/; classtype:trojan-activity;sid:84210691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347592)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lhl6mr5c6i7lewko4sxywgwqwqleiykl3e"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347592/; classtype:trojan-activity;sid:84210692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347593)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/anrwiviyxuqm2g957xoxqfhvapstkvjyg1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347593/; classtype:trojan-activity;sid:84210693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347594)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347594/; classtype:trojan-activity;sid:84210694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347595)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347595/; classtype:trojan-activity;sid:84210695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347596)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347596/; classtype:trojan-activity;sid:84210696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347597)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347597/; classtype:trojan-activity;sid:84210697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347598)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347598/; classtype:trojan-activity;sid:84210698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347577)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.202.35.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347577/; classtype:trojan-activity;sid:84210677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347578)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347578/; classtype:trojan-activity;sid:84210678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347579)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.202.35.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347579/; classtype:trojan-activity;sid:84210679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347580)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.202.35.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347580/; classtype:trojan-activity;sid:84210680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347581)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347581/; classtype:trojan-activity;sid:84210681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347582)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347582/; classtype:trojan-activity;sid:84210682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347583)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.245.156.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347583/; classtype:trojan-activity;sid:84210683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347584)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347584/; classtype:trojan-activity;sid:84210684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347574)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347574/; classtype:trojan-activity;sid:84210674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347575/; classtype:trojan-activity;sid:84210675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347576)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.202.35.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347576/; classtype:trojan-activity;sid:84210676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347567)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.187.229.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347567/; classtype:trojan-activity;sid:84210667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mjfvvlwuuih8qrgbjanojcixmddceoxbox"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347568/; classtype:trojan-activity;sid:84210668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wopiutnrrai7hse0lsobecpbzchyrlzcfa"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347569/; classtype:trojan-activity;sid:84210669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g0nosueukhq2jdny0dugfd8ke9xeqdsrxx"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347570/; classtype:trojan-activity;sid:84210670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347571)"; flow:established,from_client; content:"GET"; http_method; content:"/vqsjh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.20.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347571/; classtype:trojan-activity;sid:84210671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347572)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347572/; classtype:trojan-activity;sid:84210672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347573)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347573/; classtype:trojan-activity;sid:84210673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347563)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.187.229.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347563/; classtype:trojan-activity;sid:84210663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347564)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347564/; classtype:trojan-activity;sid:84210664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347565)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347565/; classtype:trojan-activity;sid:84210665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347566)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347566/; classtype:trojan-activity;sid:84210666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347552)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347552/; classtype:trojan-activity;sid:84210652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347553)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347553/; classtype:trojan-activity;sid:84210653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347554)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347554/; classtype:trojan-activity;sid:84210654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347555)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347555/; classtype:trojan-activity;sid:84210655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347556)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.arm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.187.229.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347556/; classtype:trojan-activity;sid:84210656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347557)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.213.187.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347557/; classtype:trojan-activity;sid:84210657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347558)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.armv6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347558/; classtype:trojan-activity;sid:84210658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347559)"; flow:established,from_client; content:"GET"; http_method; content:"/vkjqpc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.20.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347559/; classtype:trojan-activity;sid:84210659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347560)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.arm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.187.229.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347560/; classtype:trojan-activity;sid:84210660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347561)"; flow:established,from_client; content:"GET"; http_method; content:"/dkslqwkx/0x86d.arm5"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.216.19.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347561/; classtype:trojan-activity;sid:84210661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347562)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347562/; classtype:trojan-activity;sid:84210662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/khrvjo7erii8mftbycx4wgadk9sz1feho7"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347538/; classtype:trojan-activity;sid:84210638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347539)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.armv5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347539/; classtype:trojan-activity;sid:84210639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347540)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347540/; classtype:trojan-activity;sid:84210640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347541)"; flow:established,from_client; content:"GET"; http_method; content:"/dkslqwkx/0x86d.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"154.216.19.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347541/; classtype:trojan-activity;sid:84210641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347542)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347542/; classtype:trojan-activity;sid:84210642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347543)"; flow:established,from_client; content:"GET"; http_method; content:"/wheiuwa4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.20.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347543/; classtype:trojan-activity;sid:84210643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ggzispsbzxnayk92rbp1z0wxktvn6itdi8"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347544/; classtype:trojan-activity;sid:84210644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347545)"; flow:established,from_client; content:"GET"; http_method; content:"/kjsusa6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.216.20.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347545/; classtype:trojan-activity;sid:84210645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347546)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347546/; classtype:trojan-activity;sid:84210646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wtq0lhneaxamdl7m0ghe06ph65nsem599l"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347547/; classtype:trojan-activity;sid:84210647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347548)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347548/; classtype:trojan-activity;sid:84210648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347549)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.arm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.187.229.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347549/; classtype:trojan-activity;sid:84210649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347550)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.245.156.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347550/; classtype:trojan-activity;sid:84210650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347551)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347551/; classtype:trojan-activity;sid:84210651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347531)"; flow:established,from_client; content:"GET"; http_method; content:"/dkslqwkx/0x86d.arm6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.216.19.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347531/; classtype:trojan-activity;sid:84210631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347532)"; flow:established,from_client; content:"GET"; http_method; content:"/dwhdbg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.216.20.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347532/; classtype:trojan-activity;sid:84210632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347533)"; flow:established,from_client; content:"GET"; http_method; content:"/dkslqwkx/0x86d.mpsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.216.19.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347533/; classtype:trojan-activity;sid:84210633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/si0u8z1aj4hvznzgbtwjvjgjj6xet2gt6j"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347534/; classtype:trojan-activity;sid:84210634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hv8njsxliumtuozymju8x3huz8axqqlqe7"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347535/; classtype:trojan-activity;sid:84210635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347536)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.202.35.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347536/; classtype:trojan-activity;sid:84210636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347537)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347537/; classtype:trojan-activity;sid:84210637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347530)"; flow:established,from_client; content:"GET"; http_method; content:"/1734008642_2591e149dd14bb69b939268c09b2bae4/firmware.safe.armv5l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347530/; classtype:trojan-activity;sid:84210630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347524)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ggbyfxfy6okbjpqd54vm7uecxrfxq3zkyh"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347524/; classtype:trojan-activity;sid:84210624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/2pbaeha3gcdesmdxtn3l7vicjnnq8dwk8d"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347525/; classtype:trojan-activity;sid:84210625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/iejnrmvmjhtspnjeqyjymitnotr9obbaqq"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347526/; classtype:trojan-activity;sid:84210626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347527)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/aoobl3ihsowb9c7hd5jd98rwpedztoirzu"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347527/; classtype:trojan-activity;sid:84210627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347528)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347528/; classtype:trojan-activity;sid:84210628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347529)"; flow:established,from_client; content:"GET"; http_method; content:"/1734008642_2591e149dd14bb69b939268c09b2bae4/firmware.safe.mips64"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347529/; classtype:trojan-activity;sid:84210629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347519)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.x86_64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.187.229.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347519/; classtype:trojan-activity;sid:84210619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347520)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.187.229.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347520/; classtype:trojan-activity;sid:84210620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347521)"; flow:established,from_client; content:"GET"; http_method; content:"/dkslqwkx/0x86d.arm"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"154.216.19.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347521/; classtype:trojan-activity;sid:84210621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347522)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347522/; classtype:trojan-activity;sid:84210622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347523)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347523/; classtype:trojan-activity;sid:84210623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347517)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.187.229.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347517/; classtype:trojan-activity;sid:84210617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347518)"; flow:established,from_client; content:"GET"; http_method; content:"/1734008642_2591e149dd14bb69b939268c09b2bae4/firmware.safe.mipsel"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347518/; classtype:trojan-activity;sid:84210618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347501)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.245.156.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347501/; classtype:trojan-activity;sid:84210601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347502)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347502/; classtype:trojan-activity;sid:84210602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347503)"; flow:established,from_client; content:"GET"; http_method; content:"/dkslqwkx/0x86d.m68k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.216.19.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347503/; classtype:trojan-activity;sid:84210603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347504)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.245.156.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347504/; classtype:trojan-activity;sid:84210604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347505)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.245.156.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347505/; classtype:trojan-activity;sid:84210605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347506)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347506/; classtype:trojan-activity;sid:84210606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347507)"; flow:established,from_client; content:"GET"; http_method; content:"/dkslqwkx/0x86d.spc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"154.216.19.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347507/; classtype:trojan-activity;sid:84210607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347508)"; flow:established,from_client; content:"GET"; http_method; content:"/1734008642_2591e149dd14bb69b939268c09b2bae4/firmware.safe.mips"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347508/; classtype:trojan-activity;sid:84210608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347509)"; flow:established,from_client; content:"GET"; http_method; content:"/sir/pay.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"15.161.105.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347509/; classtype:trojan-activity;sid:84210609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347510)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mqx69jgexpa3nflimmhdqrki3rcrutz6zn"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347510/; classtype:trojan-activity;sid:84210610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347511)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.213.187.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347511/; classtype:trojan-activity;sid:84210611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347512)"; flow:established,from_client; content:"GET"; http_method; content:"/dvwkja7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.216.20.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347512/; classtype:trojan-activity;sid:84210612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347513)"; flow:established,from_client; content:"GET"; http_method; content:"/wriww68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.20.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347513/; classtype:trojan-activity;sid:84210613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347514)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347514/; classtype:trojan-activity;sid:84210614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347515)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/paodq4syxz8vwadpcet8yul7wvqfoltku7"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347515/; classtype:trojan-activity;sid:84210615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347516)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.bluebytenetwork222.win"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347516/; classtype:trojan-activity;sid:84210616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347481)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.213.187.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347481/; classtype:trojan-activity;sid:84210581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347482)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.202.35.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347482/; classtype:trojan-activity;sid:84210582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347483)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.202.35.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347483/; classtype:trojan-activity;sid:84210583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347484)"; flow:established,from_client; content:"GET"; http_method; content:"/qkehusl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.216.20.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347484/; classtype:trojan-activity;sid:84210584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.17.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347485/; classtype:trojan-activity;sid:84210585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347486)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347486/; classtype:trojan-activity;sid:84210586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347487)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.213.187.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347487/; classtype:trojan-activity;sid:84210587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347488)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.213.187.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347488/; classtype:trojan-activity;sid:84210588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347489)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.202.35.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347489/; classtype:trojan-activity;sid:84210589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347490)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.213.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347490/; classtype:trojan-activity;sid:84210590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347491)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347491/; classtype:trojan-activity;sid:84210591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347492)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.202.35.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347492/; classtype:trojan-activity;sid:84210592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347493)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347493/; classtype:trojan-activity;sid:84210593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347494)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.245.156.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347494/; classtype:trojan-activity;sid:84210594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347495)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347495/; classtype:trojan-activity;sid:84210595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347496)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.245.156.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347496/; classtype:trojan-activity;sid:84210596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347497)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.216.17.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347497/; classtype:trojan-activity;sid:84210597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347498)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347498/; classtype:trojan-activity;sid:84210598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347499)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347499/; classtype:trojan-activity;sid:84210599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347500)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.44.238.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347500/; classtype:trojan-activity;sid:84210600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.184.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347479/; classtype:trojan-activity;sid:84210579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347480)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.213.187.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347480/; classtype:trojan-activity;sid:84210580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347478)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kyczd4ggna0miw5otywkzichdg2c6lfhsb"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347478/; classtype:trojan-activity;sid:84210578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347474)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/uutyx6k1ybfduk1z4ykivc0xsllgaepbnm"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347474/; classtype:trojan-activity;sid:84210574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347475)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.arm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"160.187.229.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347475/; classtype:trojan-activity;sid:84210575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nxzlnvjskmtipaqcj3yiae0gqbv6iqp4bh"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347476/; classtype:trojan-activity;sid:84210576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347477)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tn3uu9mwnexx2ek565ijsbxan50zz3cmz8"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347477/; classtype:trojan-activity;sid:84210577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347470)"; flow:established,from_client; content:"GET"; http_method; content:"/1734008642_2591e149dd14bb69b939268c09b2bae4/firmware.safe.mips.dbg"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347470/; classtype:trojan-activity;sid:84210570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347471)"; flow:established,from_client; content:"GET"; http_method; content:"/1734008642_2591e149dd14bb69b939268c09b2bae4/firmware.safe.armv7l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347471/; classtype:trojan-activity;sid:84210571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347472)"; flow:established,from_client; content:"GET"; http_method; content:"/1734008642_2591e149dd14bb69b939268c09b2bae4/firmware.safe.armv4l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347472/; classtype:trojan-activity;sid:84210572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347473)"; flow:established,from_client; content:"GET"; http_method; content:"/1734008642_2591e149dd14bb69b939268c09b2bae4/firmware.safe.armv6l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347473/; classtype:trojan-activity;sid:84210573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jiqvrjnsewhrpc6nayfiba2xuojf7psfbm"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347466/; classtype:trojan-activity;sid:84210566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347467)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/7uqmylfuwk2yjaln2bbedmrd6gsxcpjdlg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347467/; classtype:trojan-activity;sid:84210567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mmrcnf0ugdksnjktqr7n5j1qmzikp2scv0"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"216.126.231.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347468/; classtype:trojan-activity;sid:84210568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347469)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.187.229.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347469/; classtype:trojan-activity;sid:84210569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347465)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/iv9xhj54knoxkbzepskp3uzrabkwldyqhn"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347465/; classtype:trojan-activity;sid:84210565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347462)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/e2bbrsqvlac77sr3rg8u9rd9wym0azlsu9"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347462/; classtype:trojan-activity;sid:84210562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347463)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xxjtsktfyniiihihw6jpoyfflfyjj6qpii"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347463/; classtype:trojan-activity;sid:84210563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347464)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.187.229.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347464/; classtype:trojan-activity;sid:84210564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.122.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347461/; classtype:trojan-activity;sid:84210561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.109.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347460/; classtype:trojan-activity;sid:84210560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.68.130.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347459/; classtype:trojan-activity;sid:84210559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.113.102.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347456/; classtype:trojan-activity;sid:84210556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.132.132.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347457/; classtype:trojan-activity;sid:84210557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347458/; classtype:trojan-activity;sid:84210558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.178.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347455/; classtype:trojan-activity;sid:84210555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347453/; classtype:trojan-activity;sid:84210553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.203.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347454/; classtype:trojan-activity;sid:84210554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.160.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347452/; classtype:trojan-activity;sid:84210552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347448/; classtype:trojan-activity;sid:84210548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.248.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347449/; classtype:trojan-activity;sid:84210549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.228.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347450/; classtype:trojan-activity;sid:84210550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.223.145.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347451/; classtype:trojan-activity;sid:84210551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.236.182.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347446/; classtype:trojan-activity;sid:84210546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.120.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347447/; classtype:trojan-activity;sid:84210547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347445/; classtype:trojan-activity;sid:84210545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.97.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347444/; classtype:trojan-activity;sid:84210544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347443/; classtype:trojan-activity;sid:84210543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.164.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347442/; classtype:trojan-activity;sid:84210542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.117.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347441/; classtype:trojan-activity;sid:84210541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347440/; classtype:trojan-activity;sid:84210540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.97.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347439/; classtype:trojan-activity;sid:84210539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp.elf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347438/; classtype:trojan-activity;sid:84210538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.165.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347437/; classtype:trojan-activity;sid:84210537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.185.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347436/; classtype:trojan-activity;sid:84210536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.29.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347435/; classtype:trojan-activity;sid:84210535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.181.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347433/; classtype:trojan-activity;sid:84210533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.24.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347434/; classtype:trojan-activity;sid:84210534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347432)"; flow:established,from_client; content:"GET"; http_method; content:"/temp.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347432/; classtype:trojan-activity;sid:84210532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347430)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"101.37.34.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347430/; classtype:trojan-activity;sid:84210530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347431)"; flow:established,from_client; content:"GET"; http_method; content:"/main.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.203.4.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347431/; classtype:trojan-activity;sid:84210531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp5.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347422/; classtype:trojan-activity;sid:84210522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347423)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse.elf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347423/; classtype:trojan-activity;sid:84210523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp1.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347424/; classtype:trojan-activity;sid:84210524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp4.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347425/; classtype:trojan-activity;sid:84210525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347426/; classtype:trojan-activity;sid:84210526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347427)"; flow:established,from_client; content:"GET"; http_method; content:"/file-content/m619/details.pdf.rar"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"72.18.215.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347427/; classtype:trojan-activity;sid:84210527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/document.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"72.18.215.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347428/; classtype:trojan-activity;sid:84210528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347429)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"101.37.34.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347429/; classtype:trojan-activity;sid:84210529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.116.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347421/; classtype:trojan-activity;sid:84210521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.221.45.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347420/; classtype:trojan-activity;sid:84210520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.156.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347419/; classtype:trojan-activity;sid:84210519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.97.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347418/; classtype:trojan-activity;sid:84210518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.120.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347417/; classtype:trojan-activity;sid:84210517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.180.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347416/; classtype:trojan-activity;sid:84210516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.164.60.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347415/; classtype:trojan-activity;sid:84210515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.27.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347414/; classtype:trojan-activity;sid:84210514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.164.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347413/; classtype:trojan-activity;sid:84210513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.210.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347412/; classtype:trojan-activity;sid:84210512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.120.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347411/; classtype:trojan-activity;sid:84210511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.112.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347410/; classtype:trojan-activity;sid:84210510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.42.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347409/; classtype:trojan-activity;sid:84210509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.221.45.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347408/; classtype:trojan-activity;sid:84210508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.112.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347407/; classtype:trojan-activity;sid:84210507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.38.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347406/; classtype:trojan-activity;sid:84210506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.168.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347405/; classtype:trojan-activity;sid:84210505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347404/; classtype:trojan-activity;sid:84210504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.60.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347403/; classtype:trojan-activity;sid:84210503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.180.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347402/; classtype:trojan-activity;sid:84210502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347401/; classtype:trojan-activity;sid:84210501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.103.67.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347400/; classtype:trojan-activity;sid:84210500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347399/; classtype:trojan-activity;sid:84210499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.215.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347398/; classtype:trojan-activity;sid:84210498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.210.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347397/; classtype:trojan-activity;sid:84210497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.200.168.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347395/; classtype:trojan-activity;sid:84210495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.8.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347396/; classtype:trojan-activity;sid:84210496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.147.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347394/; classtype:trojan-activity;sid:84210494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.34.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347393/; classtype:trojan-activity;sid:84210493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.141.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347392/; classtype:trojan-activity;sid:84210492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.109.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347391/; classtype:trojan-activity;sid:84210491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.254.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347390/; classtype:trojan-activity;sid:84210490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347389/; classtype:trojan-activity;sid:84210489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347388/; classtype:trojan-activity;sid:84210488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.31.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347387/; classtype:trojan-activity;sid:84210487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.88.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347386/; classtype:trojan-activity;sid:84210486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.217.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347385/; classtype:trojan-activity;sid:84210485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.188.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347384/; classtype:trojan-activity;sid:84210484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.118.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347383/; classtype:trojan-activity;sid:84210483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.109.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347382/; classtype:trojan-activity;sid:84210482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.8.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347381/; classtype:trojan-activity;sid:84210481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347380/; classtype:trojan-activity;sid:84210480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.193.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347379/; classtype:trojan-activity;sid:84210479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.64.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347378/; classtype:trojan-activity;sid:84210478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.200.168.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347377/; classtype:trojan-activity;sid:84210477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.254.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347376/; classtype:trojan-activity;sid:84210476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.31.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347375/; classtype:trojan-activity;sid:84210475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.13.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347374/; classtype:trojan-activity;sid:84210474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.93.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347373/; classtype:trojan-activity;sid:84210473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.188.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347372/; classtype:trojan-activity;sid:84210472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347368)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/ucm1/releases/download/iu1/shost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347368/; classtype:trojan-activity;sid:84210468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347369)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/chmu1/releases/download/mu0/qhos.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347369/; classtype:trojan-activity;sid:84210469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347370)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/pol2/releases/download/ol1/chos.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347370/; classtype:trojan-activity;sid:84210470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347371)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/hos1/releases/download/sec/ihost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347371/; classtype:trojan-activity;sid:84210471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347367)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/mel2/releases/download/ml2/sppawx.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347367/; classtype:trojan-activity;sid:84210467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347366)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/ph1/releases/download/po1/phost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347366/; classtype:trojan-activity;sid:84210466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347365)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/arc1/releases/download/pj1/ahost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347365/; classtype:trojan-activity;sid:84210465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347364)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/eve1/releases/download/el1/wsapx.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347364/; classtype:trojan-activity;sid:84210464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347363)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/fin1g/releases/download/fi/in.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347363/; classtype:trojan-activity;sid:84210463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347362)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/sech1/releases/download/htse/secure.htm"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347362/; classtype:trojan-activity;sid:84210462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347361)"; flow:established,from_client; content:"GET"; http_method; content:"/homboz/arht/releases/download/seht/archive.htm"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347361/; classtype:trojan-activity;sid:84210461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.88.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347360/; classtype:trojan-activity;sid:84210460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347359/; classtype:trojan-activity;sid:84210459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.135.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347358/; classtype:trojan-activity;sid:84210458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.110.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347357/; classtype:trojan-activity;sid:84210457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347355/; classtype:trojan-activity;sid:84210455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.179.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347356/; classtype:trojan-activity;sid:84210456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.178.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347354/; classtype:trojan-activity;sid:84210454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347353/; classtype:trojan-activity;sid:84210453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347351)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1295304757166080020/1316923696224669696/fore.ps1|3f|ex=675cd044|7c|26|7c|is=675b7ec4|7c|26|7c|hm=5608089203d1f55754eb42ae1b19e52da07e426935e063abf1f2bb096cfc394e"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347351/; classtype:trojan-activity;sid:84210451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.59.65.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347352/; classtype:trojan-activity;sid:84210452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.236.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347350/; classtype:trojan-activity;sid:84210450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.64.137.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347349/; classtype:trojan-activity;sid:84210449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.13.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347348/; classtype:trojan-activity;sid:84210448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.221.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347346/; classtype:trojan-activity;sid:84210446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.187.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347347/; classtype:trojan-activity;sid:84210447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.82.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347345/; classtype:trojan-activity;sid:84210445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.80.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347344/; classtype:trojan-activity;sid:84210444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347343/; classtype:trojan-activity;sid:84210443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.99.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347342/; classtype:trojan-activity;sid:84210442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.59.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347341/; classtype:trojan-activity;sid:84210441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.156.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347339/; classtype:trojan-activity;sid:84210439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347340/; classtype:trojan-activity;sid:84210440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347338)"; flow:established,from_client; content:"GET"; http_method; content:"/55/creamykissinglipsgoodforcreamythingswithcreamicream.tif"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"192.210.150.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347338/; classtype:trojan-activity;sid:84210438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.147.66.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347337/; classtype:trojan-activity;sid:84210437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.161.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347336/; classtype:trojan-activity;sid:84210436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.29.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347335/; classtype:trojan-activity;sid:84210435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.64.137.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347334/; classtype:trojan-activity;sid:84210434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347331)"; flow:established,from_client; content:"GET"; http_method; content:"/7vhfjke3/plugins/clip64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347331/; classtype:trojan-activity;sid:84210431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.21.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347332/; classtype:trojan-activity;sid:84210432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347333)"; flow:established,from_client; content:"GET"; http_method; content:"/7vhfjke3/plugins/cred64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347333/; classtype:trojan-activity;sid:84210433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.82.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347330/; classtype:trojan-activity;sid:84210430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.4.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347329/; classtype:trojan-activity;sid:84210429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.227.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347328/; classtype:trojan-activity;sid:84210428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.80.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347327/; classtype:trojan-activity;sid:84210427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.79.168.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347325/; classtype:trojan-activity;sid:84210425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.81.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347326/; classtype:trojan-activity;sid:84210426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.171.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347324/; classtype:trojan-activity;sid:84210424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.210.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347323/; classtype:trojan-activity;sid:84210423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.235.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347321/; classtype:trojan-activity;sid:84210421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347322/; classtype:trojan-activity;sid:84210422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.56.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347320/; classtype:trojan-activity;sid:84210420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.45.155.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347319/; classtype:trojan-activity;sid:84210419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.254.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347318/; classtype:trojan-activity;sid:84210418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347317)"; flow:established,from_client; content:"GET"; http_method; content:"/download/neofreesetup.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"download.emailorganizer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347317/; classtype:trojan-activity;sid:84210417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347315)"; flow:established,from_client; content:"GET"; http_method; content:"/files/file.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.69.36.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347315/; classtype:trojan-activity;sid:84210415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347312)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/refs/heads/main/viptoolmeta.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347312/; classtype:trojan-activity;sid:84210412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347313)"; flow:established,from_client; content:"GET"; http_method; content:"/dgigok.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347313/; classtype:trojan-activity;sid:84210413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347311)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/sqlite3.dll|3f|e/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347311/; classtype:trojan-activity;sid:84210411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347310)"; flow:established,from_client; content:"GET"; http_method; content:"/6ndb3q|3f||7c|26|7c|soy=horrible|7c|26|7c|pelican=icky|7c|26|7c|bend=trite|7c|26|7c|workbench=icky|7c|26|7c|batting=penitent|7c|26|7c|cop-out"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"jktc.pro"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347310/; classtype:trojan-activity;sid:84210410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347309)"; flow:established,from_client; content:"GET"; http_method; content:"/download/trackyoursentolsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"download.emailorganizer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347309/; classtype:trojan-activity;sid:84210409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347308)"; flow:established,from_client; content:"GET"; http_method; content:"/component/vc2005sp1redist_x86.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"windriversfiles.imeitools.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347308/; classtype:trojan-activity;sid:84210408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347307)"; flow:established,from_client; content:"GET"; http_method; content:"/luisphantom/vemom/raw/refs/heads/main/viptoolmeta.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347307/; classtype:trojan-activity;sid:84210407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347303)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/blob/main/server.exe|3f|raw=true/"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347303/; classtype:trojan-activity;sid:84210403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347304)"; flow:established,from_client; content:"GET"; http_method; content:"/73/ycc/goodthhingswithgreatcapitalthingsforgreatnewswithgoodmorng.hta"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"107.172.44.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347304/; classtype:trojan-activity;sid:84210404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347305)"; flow:established,from_client; content:"GET"; http_method; content:"/90/wcc/greatattitudewithnicefeatruewithgreatnicecreamypurplethingsgood.hta"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"23.95.235.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347305/; classtype:trojan-activity;sid:84210405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347306)"; flow:established,from_client; content:"GET"; http_method; content:"/55/crm/creamkissingthingswithcreambananapackagecreamy.hta"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"192.210.150.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347306/; classtype:trojan-activity;sid:84210406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.59.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347302/; classtype:trojan-activity;sid:84210402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347296)"; flow:established,from_client; content:"GET"; http_method; content:"/quas_brout_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"voltazur.ddns.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347296/; classtype:trojan-activity;sid:84210396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347297)"; flow:established,from_client; content:"GET"; http_method; content:"/get/4fjtoryqwe/ana.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347297/; classtype:trojan-activity;sid:84210397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347298)"; flow:established,from_client; content:"GET"; http_method; content:"/nan_brout_ncrypt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"voltazur.ddns.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347298/; classtype:trojan-activity;sid:84210398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347299)"; flow:established,from_client; content:"GET"; http_method; content:"/antispam2.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"100.24.47.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347299/; classtype:trojan-activity;sid:84210399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347300)"; flow:established,from_client; content:"GET"; http_method; content:"/get/x04diurue8/rep.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347300/; classtype:trojan-activity;sid:84210400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347301)"; flow:established,from_client; content:"GET"; http_method; content:"/get/gryts2ee3z/eo.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347301/; classtype:trojan-activity;sid:84210401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.101.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347295/; classtype:trojan-activity;sid:84210395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347294/; classtype:trojan-activity;sid:84210394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347293)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/cred64.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vitantgroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347293/; classtype:trojan-activity;sid:84210393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347291)"; flow:established,from_client; content:"GET"; http_method; content:"/ps.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"trogirarea.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347291/; classtype:trojan-activity;sid:84210391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347292)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/statsment.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"scure2glbcubnk.es"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347292/; classtype:trojan-activity;sid:84210392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347290)"; flow:established,from_client; content:"GET"; http_method; content:"/gay/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347290/; classtype:trojan-activity;sid:84210390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.4.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347282/; classtype:trojan-activity;sid:84210382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347283)"; flow:established,from_client; content:"GET"; http_method; content:"/gay/mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347283/; classtype:trojan-activity;sid:84210383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347284)"; flow:established,from_client; content:"GET"; http_method; content:"/gay/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347284/; classtype:trojan-activity;sid:84210384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347285)"; flow:established,from_client; content:"GET"; http_method; content:"/gay/ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347285/; classtype:trojan-activity;sid:84210385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347286)"; flow:established,from_client; content:"GET"; http_method; content:"/gay/arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347286/; classtype:trojan-activity;sid:84210386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347287)"; flow:established,from_client; content:"GET"; http_method; content:"/gay/mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347287/; classtype:trojan-activity;sid:84210387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347288)"; flow:established,from_client; content:"GET"; http_method; content:"/gay/arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347288/; classtype:trojan-activity;sid:84210388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347289)"; flow:established,from_client; content:"GET"; http_method; content:"/gay/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347289/; classtype:trojan-activity;sid:84210389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347280)"; flow:established,from_client; content:"GET"; http_method; content:"/files/pkaffth.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"74.50.95.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347280/; classtype:trojan-activity;sid:84210380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347281)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hkrrl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.50.95.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347281/; classtype:trojan-activity;sid:84210381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.198.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347279/; classtype:trojan-activity;sid:84210379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.158.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347278/; classtype:trojan-activity;sid:84210378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.82.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347277/; classtype:trojan-activity;sid:84210377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347276/; classtype:trojan-activity;sid:84210376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.166.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347275/; classtype:trojan-activity;sid:84210375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.90.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347274/; classtype:trojan-activity;sid:84210374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.21.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347273/; classtype:trojan-activity;sid:84210373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.97.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347271/; classtype:trojan-activity;sid:84210371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.5.6"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347272/; classtype:trojan-activity;sid:84210372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.92.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347270/; classtype:trojan-activity;sid:84210370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347269/; classtype:trojan-activity;sid:84210369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.168.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347268/; classtype:trojan-activity;sid:84210368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.218.143.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347267/; classtype:trojan-activity;sid:84210367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.13.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347266/; classtype:trojan-activity;sid:84210366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.227.85.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347265/; classtype:trojan-activity;sid:84210365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.221.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347264/; classtype:trojan-activity;sid:84210364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.172.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347263/; classtype:trojan-activity;sid:84210363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.129.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347262/; classtype:trojan-activity;sid:84210362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.199.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347261/; classtype:trojan-activity;sid:84210361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.45.155.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347260/; classtype:trojan-activity;sid:84210360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.37.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347259/; classtype:trojan-activity;sid:84210359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.13.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347258/; classtype:trojan-activity;sid:84210358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.196.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347257/; classtype:trojan-activity;sid:84210357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.175.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347256/; classtype:trojan-activity;sid:84210356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.19.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347255/; classtype:trojan-activity;sid:84210355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.176.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347254/; classtype:trojan-activity;sid:84210354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.42.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347253/; classtype:trojan-activity;sid:84210353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.166.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347252/; classtype:trojan-activity;sid:84210352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347251/; classtype:trojan-activity;sid:84210351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.254.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347250/; classtype:trojan-activity;sid:84210350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.97.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347249/; classtype:trojan-activity;sid:84210349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.120.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347248/; classtype:trojan-activity;sid:84210348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.158.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347247/; classtype:trojan-activity;sid:84210347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.136.88.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347246/; classtype:trojan-activity;sid:84210346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.16.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347245/; classtype:trojan-activity;sid:84210345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.183.184.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347244/; classtype:trojan-activity;sid:84210344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.176.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347242/; classtype:trojan-activity;sid:84210342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.84.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347243/; classtype:trojan-activity;sid:84210343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.90.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347241/; classtype:trojan-activity;sid:84210341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.196.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347240/; classtype:trojan-activity;sid:84210340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.126.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347239/; classtype:trojan-activity;sid:84210339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.165.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347238/; classtype:trojan-activity;sid:84210338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.216.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347237/; classtype:trojan-activity;sid:84210337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.93.152.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347236/; classtype:trojan-activity;sid:84210336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.37.122.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347235/; classtype:trojan-activity;sid:84210335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.196.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347234/; classtype:trojan-activity;sid:84210334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.239.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347233/; classtype:trojan-activity;sid:84210333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.63.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347232/; classtype:trojan-activity;sid:84210332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.98.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347231/; classtype:trojan-activity;sid:84210331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.16.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347230/; classtype:trojan-activity;sid:84210330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.136.88.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347229/; classtype:trojan-activity;sid:84210329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.199.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347228/; classtype:trojan-activity;sid:84210328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.77.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347227/; classtype:trojan-activity;sid:84210327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.82.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347225/; classtype:trojan-activity;sid:84210325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.29.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347226/; classtype:trojan-activity;sid:84210326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.9.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347224/; classtype:trojan-activity;sid:84210324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.53.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347223/; classtype:trojan-activity;sid:84210323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.196.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347222/; classtype:trojan-activity;sid:84210322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.160.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347221/; classtype:trojan-activity;sid:84210321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.128.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347219/; classtype:trojan-activity;sid:84210319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.90.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347220/; classtype:trojan-activity;sid:84210320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.108.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347218/; classtype:trojan-activity;sid:84210318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.247.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347217/; classtype:trojan-activity;sid:84210317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.25.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347216/; classtype:trojan-activity;sid:84210316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.137.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347215/; classtype:trojan-activity;sid:84210315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347214/; classtype:trojan-activity;sid:84210314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.221.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347213/; classtype:trojan-activity;sid:84210313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347212/; classtype:trojan-activity;sid:84210312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.158.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347211/; classtype:trojan-activity;sid:84210311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.44.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347210/; classtype:trojan-activity;sid:84210310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.199.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347209/; classtype:trojan-activity;sid:84210309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.217.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347208/; classtype:trojan-activity;sid:84210308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.152.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347207/; classtype:trojan-activity;sid:84210307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347206/; classtype:trojan-activity;sid:84210306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347205)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.181.12.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347205/; classtype:trojan-activity;sid:84210305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.41.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347204/; classtype:trojan-activity;sid:84210304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347203/; classtype:trojan-activity;sid:84210303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.172.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347202/; classtype:trojan-activity;sid:84210302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.137.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347201/; classtype:trojan-activity;sid:84210301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.84.221.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347200/; classtype:trojan-activity;sid:84210300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347199/; classtype:trojan-activity;sid:84210299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347198/; classtype:trojan-activity;sid:84210298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347197/; classtype:trojan-activity;sid:84210297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.232.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347196/; classtype:trojan-activity;sid:84210296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.108.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347195/; classtype:trojan-activity;sid:84210295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.95.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347194/; classtype:trojan-activity;sid:84210294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.239.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347193/; classtype:trojan-activity;sid:84210293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.23.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347192/; classtype:trojan-activity;sid:84210292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.52.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347191/; classtype:trojan-activity;sid:84210291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.189.56.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347190/; classtype:trojan-activity;sid:84210290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.126.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347189/; classtype:trojan-activity;sid:84210289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.62.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347187/; classtype:trojan-activity;sid:84210287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.41.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347188/; classtype:trojan-activity;sid:84210288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.245.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347185/; classtype:trojan-activity;sid:84210285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.2.97"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347186/; classtype:trojan-activity;sid:84210286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.239.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347184/; classtype:trojan-activity;sid:84210284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.151.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347183/; classtype:trojan-activity;sid:84210283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347182/; classtype:trojan-activity;sid:84210282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.29.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347181/; classtype:trojan-activity;sid:84210281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.8.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347180/; classtype:trojan-activity;sid:84210280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.31.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347177/; classtype:trojan-activity;sid:84210277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.107.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347178/; classtype:trojan-activity;sid:84210278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.132.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347179/; classtype:trojan-activity;sid:84210279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.71.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347176/; classtype:trojan-activity;sid:84210276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.97"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347175/; classtype:trojan-activity;sid:84210275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347173/; classtype:trojan-activity;sid:84210273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.191.30.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347174/; classtype:trojan-activity;sid:84210274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.23.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347172/; classtype:trojan-activity;sid:84210272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347171/; classtype:trojan-activity;sid:84210271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.61.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347170/; classtype:trojan-activity;sid:84210270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.61.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347169/; classtype:trojan-activity;sid:84210269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.224.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347168/; classtype:trojan-activity;sid:84210268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347167/; classtype:trojan-activity;sid:84210267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.184.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347166/; classtype:trojan-activity;sid:84210266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.30.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347165/; classtype:trojan-activity;sid:84210265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.57.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347164/; classtype:trojan-activity;sid:84210264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347163/; classtype:trojan-activity;sid:84210263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.84.221.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347162/; classtype:trojan-activity;sid:84210262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.74.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347161/; classtype:trojan-activity;sid:84210261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.107.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347160/; classtype:trojan-activity;sid:84210260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.90.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347159/; classtype:trojan-activity;sid:84210259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.157.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347158/; classtype:trojan-activity;sid:84210258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.254.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347157/; classtype:trojan-activity;sid:84210257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.127.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347156/; classtype:trojan-activity;sid:84210256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.234.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347155/; classtype:trojan-activity;sid:84210255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.245.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347154/; classtype:trojan-activity;sid:84210254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347153/; classtype:trojan-activity;sid:84210253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.140.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347152/; classtype:trojan-activity;sid:84210252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347151/; classtype:trojan-activity;sid:84210251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.125.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347150/; classtype:trojan-activity;sid:84210250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.15.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347149/; classtype:trojan-activity;sid:84210249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.224.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347148/; classtype:trojan-activity;sid:84210248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.57.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347147/; classtype:trojan-activity;sid:84210247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.145.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347145/; classtype:trojan-activity;sid:84210245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.66.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347146/; classtype:trojan-activity;sid:84210246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347144/; classtype:trojan-activity;sid:84210244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347143/; classtype:trojan-activity;sid:84210243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.157.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347142/; classtype:trojan-activity;sid:84210242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.234.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347141/; classtype:trojan-activity;sid:84210241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.26.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347140/; classtype:trojan-activity;sid:84210240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.37.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347139/; classtype:trojan-activity;sid:84210239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.205.177.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347138/; classtype:trojan-activity;sid:84210238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.245.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347136/; classtype:trojan-activity;sid:84210236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.48.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347137/; classtype:trojan-activity;sid:84210237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.118.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347135/; classtype:trojan-activity;sid:84210235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.140.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347134/; classtype:trojan-activity;sid:84210234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.27.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347133/; classtype:trojan-activity;sid:84210233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347130/; classtype:trojan-activity;sid:84210230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.150.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347131/; classtype:trojan-activity;sid:84210231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.74.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347132/; classtype:trojan-activity;sid:84210232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.78.11.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347129/; classtype:trojan-activity;sid:84210229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.90.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347128/; classtype:trojan-activity;sid:84210228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.106.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347127/; classtype:trojan-activity;sid:84210227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.216.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347126/; classtype:trojan-activity;sid:84210226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.245.60.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347125/; classtype:trojan-activity;sid:84210225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.126.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347124/; classtype:trojan-activity;sid:84210224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.166.47.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347122/; classtype:trojan-activity;sid:84210222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.196.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347123/; classtype:trojan-activity;sid:84210223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347121/; classtype:trojan-activity;sid:84210221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.5.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347120/; classtype:trojan-activity;sid:84210220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.185.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347119/; classtype:trojan-activity;sid:84210219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.167.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347118/; classtype:trojan-activity;sid:84210218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.175.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347116/; classtype:trojan-activity;sid:84210216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.188.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347117/; classtype:trojan-activity;sid:84210217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.140.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347115/; classtype:trojan-activity;sid:84210215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.123.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347114/; classtype:trojan-activity;sid:84210214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.52.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347113/; classtype:trojan-activity;sid:84210213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.239.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347111/; classtype:trojan-activity;sid:84210211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.94.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347112/; classtype:trojan-activity;sid:84210212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.158.158.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347110/; classtype:trojan-activity;sid:84210210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347103/; classtype:trojan-activity;sid:84210203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.85.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347104/; classtype:trojan-activity;sid:84210204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.120.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347105/; classtype:trojan-activity;sid:84210205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.101.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347106/; classtype:trojan-activity;sid:84210206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347107/; classtype:trojan-activity;sid:84210207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.127.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347108/; classtype:trojan-activity;sid:84210208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347109/; classtype:trojan-activity;sid:84210209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.251.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347102/; classtype:trojan-activity;sid:84210202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.83.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347101/; classtype:trojan-activity;sid:84210201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.126.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347100/; classtype:trojan-activity;sid:84210200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.27.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347099/; classtype:trojan-activity;sid:84210199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.68.59.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347098/; classtype:trojan-activity;sid:84210198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.85.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347097/; classtype:trojan-activity;sid:84210197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.115.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347096/; classtype:trojan-activity;sid:84210196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.109.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347095/; classtype:trojan-activity;sid:84210195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.26.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347094/; classtype:trojan-activity;sid:84210194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.177.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347093/; classtype:trojan-activity;sid:84210193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347092/; classtype:trojan-activity;sid:84210192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.150.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347091/; classtype:trojan-activity;sid:84210191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.205.177.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347088/; classtype:trojan-activity;sid:84210188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.86.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347089/; classtype:trojan-activity;sid:84210189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.24.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347090/; classtype:trojan-activity;sid:84210190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.196.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347087/; classtype:trojan-activity;sid:84210187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347086/; classtype:trojan-activity;sid:84210186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.47.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347085/; classtype:trojan-activity;sid:84210185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.171.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347084/; classtype:trojan-activity;sid:84210184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.75.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347083/; classtype:trojan-activity;sid:84210183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.19.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347082/; classtype:trojan-activity;sid:84210182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.255.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347081/; classtype:trojan-activity;sid:84210181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347080/; classtype:trojan-activity;sid:84210180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.173.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347078/; classtype:trojan-activity;sid:84210178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.24.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347079/; classtype:trojan-activity;sid:84210179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.48.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347077/; classtype:trojan-activity;sid:84210177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347076/; classtype:trojan-activity;sid:84210176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.144.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347075/; classtype:trojan-activity;sid:84210175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.115.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347073/; classtype:trojan-activity;sid:84210173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.90.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347074/; classtype:trojan-activity;sid:84210174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347072/; classtype:trojan-activity;sid:84210172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.83.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347071/; classtype:trojan-activity;sid:84210171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.44.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347070/; classtype:trojan-activity;sid:84210170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.171.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347069/; classtype:trojan-activity;sid:84210169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.117.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347068/; classtype:trojan-activity;sid:84210168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.86.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347067/; classtype:trojan-activity;sid:84210167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347066/; classtype:trojan-activity;sid:84210166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.173.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347065/; classtype:trojan-activity;sid:84210165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.89.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347064/; classtype:trojan-activity;sid:84210164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347063/; classtype:trojan-activity;sid:84210163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.220.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347062/; classtype:trojan-activity;sid:84210162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.252.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347061/; classtype:trojan-activity;sid:84210161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347060)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7781867830/wkfydio.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347060/; classtype:trojan-activity;sid:84210160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.62.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347059/; classtype:trojan-activity;sid:84210159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.125.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347058/; classtype:trojan-activity;sid:84210158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.149.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347057/; classtype:trojan-activity;sid:84210157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.126.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347056/; classtype:trojan-activity;sid:84210156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.81.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347054/; classtype:trojan-activity;sid:84210154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.155.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347055/; classtype:trojan-activity;sid:84210155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.144.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347053/; classtype:trojan-activity;sid:84210153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.141.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347052/; classtype:trojan-activity;sid:84210152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.0.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347050/; classtype:trojan-activity;sid:84210150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.44.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347051/; classtype:trojan-activity;sid:84210151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.33.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347049/; classtype:trojan-activity;sid:84210149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.128.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347048/; classtype:trojan-activity;sid:84210148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.89.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347047/; classtype:trojan-activity;sid:84210147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347046/; classtype:trojan-activity;sid:84210146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.96.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347045/; classtype:trojan-activity;sid:84210145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.80.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347044/; classtype:trojan-activity;sid:84210144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.153.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347043/; classtype:trojan-activity;sid:84210143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.34.111.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347042/; classtype:trojan-activity;sid:84210142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.224.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347041/; classtype:trojan-activity;sid:84210141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.74.34.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347040/; classtype:trojan-activity;sid:84210140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.7.133"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347039/; classtype:trojan-activity;sid:84210139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.248.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347038/; classtype:trojan-activity;sid:84210138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.10.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347037/; classtype:trojan-activity;sid:84210137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.192.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347036/; classtype:trojan-activity;sid:84210136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.128.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347035/; classtype:trojan-activity;sid:84210135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.81.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347034/; classtype:trojan-activity;sid:84210134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.62.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347033/; classtype:trojan-activity;sid:84210133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.97.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347031/; classtype:trojan-activity;sid:84210131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.75.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347032/; classtype:trojan-activity;sid:84210132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.126.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347030/; classtype:trojan-activity;sid:84210130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.155.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347029/; classtype:trojan-activity;sid:84210129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.149.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347028/; classtype:trojan-activity;sid:84210128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347027/; classtype:trojan-activity;sid:84210127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.34.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347026/; classtype:trojan-activity;sid:84210126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.74.34.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347025/; classtype:trojan-activity;sid:84210125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.68.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347023/; classtype:trojan-activity;sid:84210123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.153.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347024/; classtype:trojan-activity;sid:84210124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.96.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347022/; classtype:trojan-activity;sid:84210122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.192.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347021/; classtype:trojan-activity;sid:84210121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.173.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347020/; classtype:trojan-activity;sid:84210120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.133"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347019/; classtype:trojan-activity;sid:84210119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.45.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347018/; classtype:trojan-activity;sid:84210118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.92.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347017/; classtype:trojan-activity;sid:84210117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347016/; classtype:trojan-activity;sid:84210116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.10.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347015/; classtype:trojan-activity;sid:84210115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.97.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347014/; classtype:trojan-activity;sid:84210114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347013/; classtype:trojan-activity;sid:84210113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.140.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347012/; classtype:trojan-activity;sid:84210112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.173.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347011/; classtype:trojan-activity;sid:84210111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.8.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347010/; classtype:trojan-activity;sid:84210110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.102.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347009/; classtype:trojan-activity;sid:84210109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.243.188.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347008/; classtype:trojan-activity;sid:84210108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.246.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347007/; classtype:trojan-activity;sid:84210107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.177.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347005/; classtype:trojan-activity;sid:84210105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.68.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347006/; classtype:trojan-activity;sid:84210106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.75.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347004/; classtype:trojan-activity;sid:84210104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.176.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347002/; classtype:trojan-activity;sid:84210102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.18.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347003/; classtype:trojan-activity;sid:84210103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.157.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347001/; classtype:trojan-activity;sid:84210101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.21.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347000/; classtype:trojan-activity;sid:84210100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.247.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346999/; classtype:trojan-activity;sid:84210099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346998)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346998/; classtype:trojan-activity;sid:84210098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.140.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346997/; classtype:trojan-activity;sid:84210097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346983)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346983/; classtype:trojan-activity;sid:84210083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346984)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346984/; classtype:trojan-activity;sid:84210084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346985)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346985/; classtype:trojan-activity;sid:84210085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346986)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346986/; classtype:trojan-activity;sid:84210086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346987)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346987/; classtype:trojan-activity;sid:84210087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346988)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346988/; classtype:trojan-activity;sid:84210088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346989)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346989/; classtype:trojan-activity;sid:84210089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346990)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346990/; classtype:trojan-activity;sid:84210090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346991)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346991/; classtype:trojan-activity;sid:84210091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346992)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346992/; classtype:trojan-activity;sid:84210092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346993)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346993/; classtype:trojan-activity;sid:84210093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346994)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346994/; classtype:trojan-activity;sid:84210094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346995)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346995/; classtype:trojan-activity;sid:84210095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346996)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346996/; classtype:trojan-activity;sid:84210096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346970)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346970/; classtype:trojan-activity;sid:84210070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346971)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346971/; classtype:trojan-activity;sid:84210071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346972)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346972/; classtype:trojan-activity;sid:84210072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346973)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346973/; classtype:trojan-activity;sid:84210073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346974)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346974/; classtype:trojan-activity;sid:84210074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346975)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346975/; classtype:trojan-activity;sid:84210075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346976)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346976/; classtype:trojan-activity;sid:84210076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346977)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346977/; classtype:trojan-activity;sid:84210077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346978)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346978/; classtype:trojan-activity;sid:84210078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346979)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346979/; classtype:trojan-activity;sid:84210079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346980)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346980/; classtype:trojan-activity;sid:84210080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346981)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346981/; classtype:trojan-activity;sid:84210081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346982)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346982/; classtype:trojan-activity;sid:84210082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346955)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346955/; classtype:trojan-activity;sid:84210055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346956)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346956/; classtype:trojan-activity;sid:84210056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346957)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346957/; classtype:trojan-activity;sid:84210057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346958)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346958/; classtype:trojan-activity;sid:84210058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346959)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346959/; classtype:trojan-activity;sid:84210059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346960)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346960/; classtype:trojan-activity;sid:84210060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346961)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346961/; classtype:trojan-activity;sid:84210061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346962)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346962/; classtype:trojan-activity;sid:84210062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346963)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346963/; classtype:trojan-activity;sid:84210063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346964)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346964/; classtype:trojan-activity;sid:84210064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346965)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346965/; classtype:trojan-activity;sid:84210065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346966)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346966/; classtype:trojan-activity;sid:84210066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346967)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346967/; classtype:trojan-activity;sid:84210067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346968)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346968/; classtype:trojan-activity;sid:84210068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346969)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346969/; classtype:trojan-activity;sid:84210069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.101.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346954/; classtype:trojan-activity;sid:84210054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.246.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346953/; classtype:trojan-activity;sid:84210053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346946)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346946/; classtype:trojan-activity;sid:84210046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346947)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346947/; classtype:trojan-activity;sid:84210047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346948)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346948/; classtype:trojan-activity;sid:84210048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346949)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346949/; classtype:trojan-activity;sid:84210049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346950)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346950/; classtype:trojan-activity;sid:84210050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346951)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346951/; classtype:trojan-activity;sid:84210051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346952)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346952/; classtype:trojan-activity;sid:84210052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346945)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.11.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346945/; classtype:trojan-activity;sid:84210045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.177.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346944/; classtype:trojan-activity;sid:84210044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.231.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346943/; classtype:trojan-activity;sid:84210043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.73.147.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346942/; classtype:trojan-activity;sid:84210042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.90.3.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346940/; classtype:trojan-activity;sid:84210040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.51.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346941/; classtype:trojan-activity;sid:84210041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.168.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346939/; classtype:trojan-activity;sid:84210039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.243.188.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346938/; classtype:trojan-activity;sid:84210038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.229.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346937/; classtype:trojan-activity;sid:84210037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.13.48.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346936/; classtype:trojan-activity;sid:84210036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.21.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346935/; classtype:trojan-activity;sid:84210035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.125.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346934/; classtype:trojan-activity;sid:84210034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.52.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346933/; classtype:trojan-activity;sid:84210033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.184.16.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346932/; classtype:trojan-activity;sid:84210032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.240.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346931/; classtype:trojan-activity;sid:84210031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.1.211"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346930/; classtype:trojan-activity;sid:84210030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.133.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346929/; classtype:trojan-activity;sid:84210029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346928/; classtype:trojan-activity;sid:84210028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.140.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346924/; classtype:trojan-activity;sid:84210024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346925/; classtype:trojan-activity;sid:84210025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.177.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346926/; classtype:trojan-activity;sid:84210026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.51.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346927/; classtype:trojan-activity;sid:84210027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346923)"; flow:established,from_client; content:"GET"; http_method; content:"/facturacioncol/fact/downloads/out2.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346923/; classtype:trojan-activity;sid:84210023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346922)"; flow:established,from_client; content:"GET"; http_method; content:"/facturacioncol/fact/downloads/null.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346922/; classtype:trojan-activity;sid:84210022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346921)"; flow:established,from_client; content:"GET"; http_method; content:"/facturacioncol/fact/downloads/neptuno.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346921/; classtype:trojan-activity;sid:84210021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.43.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346920/; classtype:trojan-activity;sid:84210020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.144.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346919/; classtype:trojan-activity;sid:84210019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.168.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346917/; classtype:trojan-activity;sid:84210017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.73.147.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346918/; classtype:trojan-activity;sid:84210018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346916)"; flow:established,from_client; content:"GET"; http_method; content:"/vmmanagedsetup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.240.118.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346916/; classtype:trojan-activity;sid:84210016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.211.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346915/; classtype:trojan-activity;sid:84210015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.19.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346914/; classtype:trojan-activity;sid:84210014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.125.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346913/; classtype:trojan-activity;sid:84210013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346911/; classtype:trojan-activity;sid:84210011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346912/; classtype:trojan-activity;sid:84210012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.205.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346910/; classtype:trojan-activity;sid:84210010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346909/; classtype:trojan-activity;sid:84210009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346907)"; flow:established,from_client; content:"GET"; http_method; content:"/payload1.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.240.118.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346907/; classtype:trojan-activity;sid:84210007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.13.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3346908/; classtype:trojan-activity;sid:84210008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346905)"; flow:established,from_client; content:"GET"; http_method; content:"/echeneidoid.cmd"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346905/; classtype:trojan-activity;sid:84210005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346906)"; flow:established,from_client; content:"GET"; http_method; content:"/kardiogrammets.cmd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"191.96.207.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346906/; classtype:trojan-activity;sid:84210006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.52.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346904/; classtype:trojan-activity;sid:84210004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346903/; classtype:trojan-activity;sid:84210003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346901/; classtype:trojan-activity;sid:84210001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetspc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346902/; classtype:trojan-activity;sid:84210002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346883)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346883/; classtype:trojan-activity;sid:84209983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346884)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetm68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346884/; classtype:trojan-activity;sid:84209984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346885/; classtype:trojan-activity;sid:84209985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346886)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetmips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346886/; classtype:trojan-activity;sid:84209986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346887)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"server-212-64-199-97.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346887/; classtype:trojan-activity;sid:84209987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetmpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346888/; classtype:trojan-activity;sid:84209988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetmpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-212-64-199-97.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346889/; classtype:trojan-activity;sid:84209989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346890)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetx86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"server-212-64-199-97.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346890/; classtype:trojan-activity;sid:84209990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346891)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.x86"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346891/; classtype:trojan-activity;sid:84209991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346892)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-212-64-199-97.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346892/; classtype:trojan-activity;sid:84209992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetmips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-212-64-199-97.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346893/; classtype:trojan-activity;sid:84209993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346894)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-212-64-199-97.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346894/; classtype:trojan-activity;sid:84209994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-212-64-199-97.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346895/; classtype:trojan-activity;sid:84209995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetm68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"server-212-64-199-97.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346896/; classtype:trojan-activity;sid:84209996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetsh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"server-212-64-199-97.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346897/; classtype:trojan-activity;sid:84209997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"server-212-64-199-97.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346898/; classtype:trojan-activity;sid:84209998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetsh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346899/; classtype:trojan-activity;sid:84209999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetx86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346900/; classtype:trojan-activity;sid:84210000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346877)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346877/; classtype:trojan-activity;sid:84209977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346878/; classtype:trojan-activity;sid:84209978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346879)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.64.199.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346879/; classtype:trojan-activity;sid:84209979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346880)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.ppc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346880/; classtype:trojan-activity;sid:84209980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346881)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346881/; classtype:trojan-activity;sid:84209981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346882)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetspc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"server-212-64-199-97.da.direct"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346882/; classtype:trojan-activity;sid:84209982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346870)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346870/; classtype:trojan-activity;sid:84209970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346871)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.spc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346871/; classtype:trojan-activity;sid:84209971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346872)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.m68k"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346872/; classtype:trojan-activity;sid:84209972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346873)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mpsl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346873/; classtype:trojan-activity;sid:84209973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346874)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.sh4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346874/; classtype:trojan-activity;sid:84209974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346875)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mips"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346875/; classtype:trojan-activity;sid:84209975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346876)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"15.228.54.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346876/; classtype:trojan-activity;sid:84209976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346868/; classtype:trojan-activity;sid:84209968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.133.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346869/; classtype:trojan-activity;sid:84209969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346867/; classtype:trojan-activity;sid:84209967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346866/; classtype:trojan-activity;sid:84209966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.117.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346865/; classtype:trojan-activity;sid:84209965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346864/; classtype:trojan-activity;sid:84209964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.121.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346863/; classtype:trojan-activity;sid:84209963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346862/; classtype:trojan-activity;sid:84209962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346859)"; flow:established,from_client; content:"GET"; http_method; content:"/ssg.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346859/; classtype:trojan-activity;sid:84209959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346860/; classtype:trojan-activity;sid:84209960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346861)"; flow:established,from_client; content:"GET"; http_method; content:"/gfx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346861/; classtype:trojan-activity;sid:84209961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.126.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346857/; classtype:trojan-activity;sid:84209957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.251.21.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346858/; classtype:trojan-activity;sid:84209958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.228.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346855/; classtype:trojan-activity;sid:84209955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.8.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346856/; classtype:trojan-activity;sid:84209956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346854)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6904700471/9jtvo50.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346854/; classtype:trojan-activity;sid:84209954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.78.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346853/; classtype:trojan-activity;sid:84209953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.116.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346852/; classtype:trojan-activity;sid:84209952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346851)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346851/; classtype:trojan-activity;sid:84209951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346850)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346850/; classtype:trojan-activity;sid:84209950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346847)"; flow:established,from_client; content:"GET"; http_method; content:"/cx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346847/; classtype:trojan-activity;sid:84209947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346848)"; flow:established,from_client; content:"GET"; http_method; content:"/asyncclient.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346848/; classtype:trojan-activity;sid:84209948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346849)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346849/; classtype:trojan-activity;sid:84209949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.59.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346846/; classtype:trojan-activity;sid:84209946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346845/; classtype:trojan-activity;sid:84209945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346844/; classtype:trojan-activity;sid:84209944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.220.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346843/; classtype:trojan-activity;sid:84209943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346842/; classtype:trojan-activity;sid:84209942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.54.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346841/; classtype:trojan-activity;sid:84209941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346839/; classtype:trojan-activity;sid:84209939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346840/; classtype:trojan-activity;sid:84209940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346832/; classtype:trojan-activity;sid:84209932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346833/; classtype:trojan-activity;sid:84209933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346834/; classtype:trojan-activity;sid:84209934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346835/; classtype:trojan-activity;sid:84209935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346836/; classtype:trojan-activity;sid:84209936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346837/; classtype:trojan-activity;sid:84209937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346838/; classtype:trojan-activity;sid:84209938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.172.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346831/; classtype:trojan-activity;sid:84209931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.114.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346830/; classtype:trojan-activity;sid:84209930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.88.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346829/; classtype:trojan-activity;sid:84209929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.54.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346828/; classtype:trojan-activity;sid:84209928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.251.21.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346827/; classtype:trojan-activity;sid:84209927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346826/; classtype:trojan-activity;sid:84209926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346825/; classtype:trojan-activity;sid:84209925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.102.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346824/; classtype:trojan-activity;sid:84209924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.198.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346823/; classtype:trojan-activity;sid:84209923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346822/; classtype:trojan-activity;sid:84209922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.83.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346820/; classtype:trojan-activity;sid:84209920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.126.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346821/; classtype:trojan-activity;sid:84209921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.6.249"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346819/; classtype:trojan-activity;sid:84209919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.255.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346818/; classtype:trojan-activity;sid:84209918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.59.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346817/; classtype:trojan-activity;sid:84209917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.58.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346816/; classtype:trojan-activity;sid:84209916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.66.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346814/; classtype:trojan-activity;sid:84209914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.73.147.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346815/; classtype:trojan-activity;sid:84209915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.252.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346812/; classtype:trojan-activity;sid:84209912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.133.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346813/; classtype:trojan-activity;sid:84209913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346811/; classtype:trojan-activity;sid:84209911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.120.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346810/; classtype:trojan-activity;sid:84209910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.8.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346809/; classtype:trojan-activity;sid:84209909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.199.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346808/; classtype:trojan-activity;sid:84209908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.54.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346807/; classtype:trojan-activity;sid:84209907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.88.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346806/; classtype:trojan-activity;sid:84209906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.18.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346805/; classtype:trojan-activity;sid:84209905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.32.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346804/; classtype:trojan-activity;sid:84209904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.181.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346803/; classtype:trojan-activity;sid:84209903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.133.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346802/; classtype:trojan-activity;sid:84209902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.198.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346801/; classtype:trojan-activity;sid:84209901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346800/; classtype:trojan-activity;sid:84209900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.63.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346799/; classtype:trojan-activity;sid:84209899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.120.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346797/; classtype:trojan-activity;sid:84209897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.199.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346798/; classtype:trojan-activity;sid:84209898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.6.249"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346796/; classtype:trojan-activity;sid:84209896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346795/; classtype:trojan-activity;sid:84209895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.235.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346794/; classtype:trojan-activity;sid:84209894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.159.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346793/; classtype:trojan-activity;sid:84209893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.238.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346792/; classtype:trojan-activity;sid:84209892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.59.80.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346791/; classtype:trojan-activity;sid:84209891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346790/; classtype:trojan-activity;sid:84209890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.252.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346789/; classtype:trojan-activity;sid:84209889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.186.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346788/; classtype:trojan-activity;sid:84209888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.1.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346787/; classtype:trojan-activity;sid:84209887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.68.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346786/; classtype:trojan-activity;sid:84209886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.50.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346785/; classtype:trojan-activity;sid:84209885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.63.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346784/; classtype:trojan-activity;sid:84209884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.32.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346783/; classtype:trojan-activity;sid:84209883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.19.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346782/; classtype:trojan-activity;sid:84209882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346781/; classtype:trojan-activity;sid:84209881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.21.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346780/; classtype:trojan-activity;sid:84209880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.235.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346779/; classtype:trojan-activity;sid:84209879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.238.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346778/; classtype:trojan-activity;sid:84209878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.191.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346777/; classtype:trojan-activity;sid:84209877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346776/; classtype:trojan-activity;sid:84209876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.82.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346775/; classtype:trojan-activity;sid:84209875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346774/; classtype:trojan-activity;sid:84209874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.233.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346773/; classtype:trojan-activity;sid:84209873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346772/; classtype:trojan-activity;sid:84209872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.138.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346771/; classtype:trojan-activity;sid:84209871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346770/; classtype:trojan-activity;sid:84209870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.235.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346769/; classtype:trojan-activity;sid:84209869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346768/; classtype:trojan-activity;sid:84209868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.30.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346767/; classtype:trojan-activity;sid:84209867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.191.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346766/; classtype:trojan-activity;sid:84209866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.255.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346765/; classtype:trojan-activity;sid:84209865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.44.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346762/; classtype:trojan-activity;sid:84209862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346763/; classtype:trojan-activity;sid:84209863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.119.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346764/; classtype:trojan-activity;sid:84209864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.231.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346761/; classtype:trojan-activity;sid:84209861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.36.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346760/; classtype:trojan-activity;sid:84209860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.176.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346759/; classtype:trojan-activity;sid:84209859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346758)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5131681669/cukxxx0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346758/; classtype:trojan-activity;sid:84209858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.220.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346757/; classtype:trojan-activity;sid:84209857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.208.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346756/; classtype:trojan-activity;sid:84209856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.205.177.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346753/; classtype:trojan-activity;sid:84209853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.64.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346754/; classtype:trojan-activity;sid:84209854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.240.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346755/; classtype:trojan-activity;sid:84209855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.135.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346752/; classtype:trojan-activity;sid:84209852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.57.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346751/; classtype:trojan-activity;sid:84209851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.78.83.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346750/; classtype:trojan-activity;sid:84209850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.240.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346749/; classtype:trojan-activity;sid:84209849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.224.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346748/; classtype:trojan-activity;sid:84209848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.233.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346747/; classtype:trojan-activity;sid:84209847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.34.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346746/; classtype:trojan-activity;sid:84209846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.44.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346745/; classtype:trojan-activity;sid:84209845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jade.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"188.132.232.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346744/; classtype:trojan-activity;sid:84209844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.230.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346743/; classtype:trojan-activity;sid:84209843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.138.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346741/; classtype:trojan-activity;sid:84209841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.78.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346742/; classtype:trojan-activity;sid:84209842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.169.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346740/; classtype:trojan-activity;sid:84209840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.39.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346739/; classtype:trojan-activity;sid:84209839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.224.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346738/; classtype:trojan-activity;sid:84209838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.119.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346737/; classtype:trojan-activity;sid:84209837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.94.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346736/; classtype:trojan-activity;sid:84209836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.231.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346735/; classtype:trojan-activity;sid:84209835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.187.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346734/; classtype:trojan-activity;sid:84209834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.34.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346733/; classtype:trojan-activity;sid:84209833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.65.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346732/; classtype:trojan-activity;sid:84209832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.148.163.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346730/; classtype:trojan-activity;sid:84209830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.14.78.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346731/; classtype:trojan-activity;sid:84209831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.15.252.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346729/; classtype:trojan-activity;sid:84209829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.91.81.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346727/; classtype:trojan-activity;sid:84209827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.43.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346728/; classtype:trojan-activity;sid:84209828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.239.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346722/; classtype:trojan-activity;sid:84209822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.85.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346723/; classtype:trojan-activity;sid:84209823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.210.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346724/; classtype:trojan-activity;sid:84209824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.189.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346725/; classtype:trojan-activity;sid:84209825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.4.105"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346726/; classtype:trojan-activity;sid:84209826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.181.195.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346719/; classtype:trojan-activity;sid:84209819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.33.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346720/; classtype:trojan-activity;sid:84209820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.132.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346721/; classtype:trojan-activity;sid:84209821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.120.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346718/; classtype:trojan-activity;sid:84209818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.83.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346717/; classtype:trojan-activity;sid:84209817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.17.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346716/; classtype:trojan-activity;sid:84209816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.45.115.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346715/; classtype:trojan-activity;sid:84209815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.120.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346714/; classtype:trojan-activity;sid:84209814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.62.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346713/; classtype:trojan-activity;sid:84209813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.82.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346712/; classtype:trojan-activity;sid:84209812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.36.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346711/; classtype:trojan-activity;sid:84209811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346710/; classtype:trojan-activity;sid:84209810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.207.138.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346709/; classtype:trojan-activity;sid:84209809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.181.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346707/; classtype:trojan-activity;sid:84209807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.65.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346708/; classtype:trojan-activity;sid:84209808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346706)"; flow:established,from_client; content:"GET"; http_method; content:"/sdjfgsnzlkfoknzkfngasoeanpsdnbgsrggtehy/dyhdfyjdsftjsetawtwewayryghsdtysryatwewtrta/agasdrhstjhyfjghsrgaregafjyhdfhstsh/ydfctyxrgtsertrsez/asxhfzdhhz.exe"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"www.stipamana.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346706/; classtype:trojan-activity;sid:84209806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.187.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346704/; classtype:trojan-activity;sid:84209804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.165.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346705/; classtype:trojan-activity;sid:84209805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.45.115.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346703/; classtype:trojan-activity;sid:84209803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.12.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346702/; classtype:trojan-activity;sid:84209802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.56.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346701/; classtype:trojan-activity;sid:84209801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.117.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346700/; classtype:trojan-activity;sid:84209800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346698)"; flow:established,from_client; content:"GET"; http_method; content:"/infopage/bhg8.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"147.45.44.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346698/; classtype:trojan-activity;sid:84209798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346699)"; flow:established,from_client; content:"GET"; http_method; content:"/infopage/ung0.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"147.45.44.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346699/; classtype:trojan-activity;sid:84209799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.17.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346697/; classtype:trojan-activity;sid:84209797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346696)"; flow:established,from_client; content:"GET"; http_method; content:"/trololo/tester.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"212.113.107.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346696/; classtype:trojan-activity;sid:84209796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346694)"; flow:established,from_client; content:"GET"; http_method; content:"/ctx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346694/; classtype:trojan-activity;sid:84209794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346695)"; flow:established,from_client; content:"GET"; http_method; content:"/vvv.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346695/; classtype:trojan-activity;sid:84209795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.245.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346693/; classtype:trojan-activity;sid:84209793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346692)"; flow:established,from_client; content:"GET"; http_method; content:"/tbhy.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.131.135.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346692/; classtype:trojan-activity;sid:84209792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346691)"; flow:established,from_client; content:"GET"; http_method; content:"/mc/cheats/slinky/slinky.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"furryporn.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346691/; classtype:trojan-activity;sid:84209791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346690)"; flow:established,from_client; content:"GET"; http_method; content:"/build/amella.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.23.98.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346690/; classtype:trojan-activity;sid:84209790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346688)"; flow:established,from_client; content:"GET"; http_method; content:"/hapaasjpjadwmkbmzkawednwgbt71.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"212.162.149.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346688/; classtype:trojan-activity;sid:84209788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346689)"; flow:established,from_client; content:"GET"; http_method; content:"/qdhilv89.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.162.149.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346689/; classtype:trojan-activity;sid:84209789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346686)"; flow:established,from_client; content:"GET"; http_method; content:"/ujq0oqpea94f4f8f/msedge.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.105.88.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346686/; classtype:trojan-activity;sid:84209786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346687)"; flow:established,from_client; content:"GET"; http_method; content:"/ujq0oqpea94f4f8f/msedge.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"furryporn.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346687/; classtype:trojan-activity;sid:84209787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.50.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346684/; classtype:trojan-activity;sid:84209784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.200.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346685/; classtype:trojan-activity;sid:84209785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.207.138.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346682/; classtype:trojan-activity;sid:84209782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.187.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346683/; classtype:trojan-activity;sid:84209783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.11.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346681/; classtype:trojan-activity;sid:84209781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.27.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346680/; classtype:trojan-activity;sid:84209780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.165.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346679/; classtype:trojan-activity;sid:84209779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346678/; classtype:trojan-activity;sid:84209778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346677/; classtype:trojan-activity;sid:84209777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.120.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346676/; classtype:trojan-activity;sid:84209776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346675)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/connect.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"pentestfiles.s3.amazonaws.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346675/; classtype:trojan-activity;sid:84209775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.78.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346674/; classtype:trojan-activity;sid:84209774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.26.148.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346673/; classtype:trojan-activity;sid:84209773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.155.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346672/; classtype:trojan-activity;sid:84209772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.69.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346671/; classtype:trojan-activity;sid:84209771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.103.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346670/; classtype:trojan-activity;sid:84209770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.70.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346669/; classtype:trojan-activity;sid:84209769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346668/; classtype:trojan-activity;sid:84209768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.82.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346667/; classtype:trojan-activity;sid:84209767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.36.249.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346666/; classtype:trojan-activity;sid:84209766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.85.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346665/; classtype:trojan-activity;sid:84209765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346664/; classtype:trojan-activity;sid:84209764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346663)"; flow:established,from_client; content:"GET"; http_method; content:"/azureconnect.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"status.mycompliancereports.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346663/; classtype:trojan-activity;sid:84209763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.255.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346662/; classtype:trojan-activity;sid:84209762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.69.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346661/; classtype:trojan-activity;sid:84209761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.239.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346660/; classtype:trojan-activity;sid:84209760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.11.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346659/; classtype:trojan-activity;sid:84209759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.245.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346658/; classtype:trojan-activity;sid:84209758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.199.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346657/; classtype:trojan-activity;sid:84209757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.82.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346656/; classtype:trojan-activity;sid:84209756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346655)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5131681669/7u5ylzk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346655/; classtype:trojan-activity;sid:84209755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346654)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"uadew.riders.50kfor50years.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346654/; classtype:trojan-activity;sid:84209754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346653)"; flow:established,from_client; content:"GET"; http_method; content:"/javvvum.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346653/; classtype:trojan-activity;sid:84209753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.69.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346652/; classtype:trojan-activity;sid:84209752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.28.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346651/; classtype:trojan-activity;sid:84209751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346650/; classtype:trojan-activity;sid:84209750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.217.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346649/; classtype:trojan-activity;sid:84209749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.206.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346648/; classtype:trojan-activity;sid:84209748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.245.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346647/; classtype:trojan-activity;sid:84209747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.135.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346646/; classtype:trojan-activity;sid:84209746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.181.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346645/; classtype:trojan-activity;sid:84209745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.224.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346644/; classtype:trojan-activity;sid:84209744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.71.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346643/; classtype:trojan-activity;sid:84209743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.140.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346642/; classtype:trojan-activity;sid:84209742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.150.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346641/; classtype:trojan-activity;sid:84209741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.154.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346640/; classtype:trojan-activity;sid:84209740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.164.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346639/; classtype:trojan-activity;sid:84209739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.239.136.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346638/; classtype:trojan-activity;sid:84209738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.3.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346637/; classtype:trojan-activity;sid:84209737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.64.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346636/; classtype:trojan-activity;sid:84209736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.150.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346635/; classtype:trojan-activity;sid:84209735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.83.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346634/; classtype:trojan-activity;sid:84209734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.109.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346633/; classtype:trojan-activity;sid:84209733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.135.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346632/; classtype:trojan-activity;sid:84209732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.111.16.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346631/; classtype:trojan-activity;sid:84209731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.90.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346630/; classtype:trojan-activity;sid:84209730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.191.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346629/; classtype:trojan-activity;sid:84209729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346628)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.200.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346628/; classtype:trojan-activity;sid:84209728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346627)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.200.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346627/; classtype:trojan-activity;sid:84209727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346623)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.200.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346623/; classtype:trojan-activity;sid:84209723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346624)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.200.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346624/; classtype:trojan-activity;sid:84209724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346625)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.200.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346625/; classtype:trojan-activity;sid:84209725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346626)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.200.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346626/; classtype:trojan-activity;sid:84209726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346622)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.200.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346622/; classtype:trojan-activity;sid:84209722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346618)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.200.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346618/; classtype:trojan-activity;sid:84209718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346619)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.200.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346619/; classtype:trojan-activity;sid:84209719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346620)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.200.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346620/; classtype:trojan-activity;sid:84209720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346621)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.200.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346621/; classtype:trojan-activity;sid:84209721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.64.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346617/; classtype:trojan-activity;sid:84209717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.79.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346616/; classtype:trojan-activity;sid:84209716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346615/; classtype:trojan-activity;sid:84209715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.28.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346614/; classtype:trojan-activity;sid:84209714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.82.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346613/; classtype:trojan-activity;sid:84209713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.79.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346612/; classtype:trojan-activity;sid:84209712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.30.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346611/; classtype:trojan-activity;sid:84209711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346610/; classtype:trojan-activity;sid:84209710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.111.16.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346609/; classtype:trojan-activity;sid:84209709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.13.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346608/; classtype:trojan-activity;sid:84209708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.66.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346607/; classtype:trojan-activity;sid:84209707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.115.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346606/; classtype:trojan-activity;sid:84209706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.92.254.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346604/; classtype:trojan-activity;sid:84209704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.80.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346605/; classtype:trojan-activity;sid:84209705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346603/; classtype:trojan-activity;sid:84209703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.127.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346602/; classtype:trojan-activity;sid:84209702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.79.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346601/; classtype:trojan-activity;sid:84209701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.109.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346600/; classtype:trojan-activity;sid:84209700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346599/; classtype:trojan-activity;sid:84209699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.106.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346598/; classtype:trojan-activity;sid:84209698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346597/; classtype:trojan-activity;sid:84209697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.5.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346596/; classtype:trojan-activity;sid:84209696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.154.252.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346595/; classtype:trojan-activity;sid:84209695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346594/; classtype:trojan-activity;sid:84209694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.27.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346593/; classtype:trojan-activity;sid:84209693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.206.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346592/; classtype:trojan-activity;sid:84209692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346591/; classtype:trojan-activity;sid:84209691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.127.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346590/; classtype:trojan-activity;sid:84209690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.191.62.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346589/; classtype:trojan-activity;sid:84209689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.198.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346588/; classtype:trojan-activity;sid:84209688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.104.169.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346586/; classtype:trojan-activity;sid:84209686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346587/; classtype:trojan-activity;sid:84209687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.228.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346585/; classtype:trojan-activity;sid:84209685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.147.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346583/; classtype:trojan-activity;sid:84209683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.70.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346584/; classtype:trojan-activity;sid:84209684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.182.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346582/; classtype:trojan-activity;sid:84209682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346581/; classtype:trojan-activity;sid:84209681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.240.39.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346580/; classtype:trojan-activity;sid:84209680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.86.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346579/; classtype:trojan-activity;sid:84209679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.30.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346578/; classtype:trojan-activity;sid:84209678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346577/; classtype:trojan-activity;sid:84209677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.224.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346576/; classtype:trojan-activity;sid:84209676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.47.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346575/; classtype:trojan-activity;sid:84209675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346574)"; flow:established,from_client; content:"GET"; http_method; content:"/files/burpin1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346574/; classtype:trojan-activity;sid:84209674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.86.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346573/; classtype:trojan-activity;sid:84209673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346572/; classtype:trojan-activity;sid:84209672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.224.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346571/; classtype:trojan-activity;sid:84209671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.176.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346570/; classtype:trojan-activity;sid:84209670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.174.191.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346569/; classtype:trojan-activity;sid:84209669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.12.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346568/; classtype:trojan-activity;sid:84209668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.238.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346567/; classtype:trojan-activity;sid:84209667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.90.3.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346565/; classtype:trojan-activity;sid:84209665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.240.39.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346566/; classtype:trojan-activity;sid:84209666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.30.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346564/; classtype:trojan-activity;sid:84209664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.56.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346563/; classtype:trojan-activity;sid:84209663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.155.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346562/; classtype:trojan-activity;sid:84209662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.104.169.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346561/; classtype:trojan-activity;sid:84209661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.13.48.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346560/; classtype:trojan-activity;sid:84209660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346559/; classtype:trojan-activity;sid:84209659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346558/; classtype:trojan-activity;sid:84209658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.36.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346557/; classtype:trojan-activity;sid:84209657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.47.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346556/; classtype:trojan-activity;sid:84209656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.96"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346555/; classtype:trojan-activity;sid:84209655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346554/; classtype:trojan-activity;sid:84209654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.90.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346553/; classtype:trojan-activity;sid:84209653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.236.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346552/; classtype:trojan-activity;sid:84209652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.90.3.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346551/; classtype:trojan-activity;sid:84209651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.185.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346549/; classtype:trojan-activity;sid:84209649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.174.191.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346550/; classtype:trojan-activity;sid:84209650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.183.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346548/; classtype:trojan-activity;sid:84209648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.64.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346547/; classtype:trojan-activity;sid:84209647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.44.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346545/; classtype:trojan-activity;sid:84209645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346546/; classtype:trojan-activity;sid:84209646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.151.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346544/; classtype:trojan-activity;sid:84209644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346543/; classtype:trojan-activity;sid:84209643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.128.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346542/; classtype:trojan-activity;sid:84209642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346541/; classtype:trojan-activity;sid:84209641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.184.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346540/; classtype:trojan-activity;sid:84209640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346539/; classtype:trojan-activity;sid:84209639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.7.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346538/; classtype:trojan-activity;sid:84209638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.109.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346537/; classtype:trojan-activity;sid:84209637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.169.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346536/; classtype:trojan-activity;sid:84209636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346534/; classtype:trojan-activity;sid:84209634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346535/; classtype:trojan-activity;sid:84209635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.128.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346533/; classtype:trojan-activity;sid:84209633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346532)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8199790517/u1w30wt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346532/; classtype:trojan-activity;sid:84209632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.33.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346531/; classtype:trojan-activity;sid:84209631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.5.149"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346529/; classtype:trojan-activity;sid:84209629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346530)"; flow:established,from_client; content:"GET"; http_method; content:"/whoafg/problemonfmech/refs/heads/main/client.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346530/; classtype:trojan-activity;sid:84209630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.208.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346527/; classtype:trojan-activity;sid:84209627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.69.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346528/; classtype:trojan-activity;sid:84209628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346525)"; flow:established,from_client; content:"GET"; http_method; content:"/files/martin/random.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346525/; classtype:trojan-activity;sid:84209625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346526)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/l4.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346526/; classtype:trojan-activity;sid:84209626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346524)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hell911/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346524/; classtype:trojan-activity;sid:84209624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346523)"; flow:established,from_client; content:"GET"; http_method; content:"/files/399764519/w4klqf7.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346523/; classtype:trojan-activity;sid:84209623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346522)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8049824649/yiklfon.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346522/; classtype:trojan-activity;sid:84209622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346521)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7427009775/azvrm7c.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346521/; classtype:trojan-activity;sid:84209621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346519)"; flow:established,from_client; content:"GET"; http_method; content:"/dl|3f|name=mixthree.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"80.82.65.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346519/; classtype:trojan-activity;sid:84209619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346520)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hell911/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346520/; classtype:trojan-activity;sid:84209620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346516)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6904700471/z9pp9pm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346516/; classtype:trojan-activity;sid:84209616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346517)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7403972632/c1j7svw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346517/; classtype:trojan-activity;sid:84209617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346518)"; flow:established,from_client; content:"GET"; http_method; content:"/files/523681048/3eueygl.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346518/; classtype:trojan-activity;sid:84209618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346508)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dynpvoy.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346508/; classtype:trojan-activity;sid:84209608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346509)"; flow:established,from_client; content:"GET"; http_method; content:"/files/kardanvalov88/random.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346509/; classtype:trojan-activity;sid:84209609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346510)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5996006993/m5ifr20.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346510/; classtype:trojan-activity;sid:84209610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346511)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/networkmanager.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346511/; classtype:trojan-activity;sid:84209611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346512)"; flow:established,from_client; content:"GET"; http_method; content:"/dl|3f|name=usone"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"80.82.65.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346512/; classtype:trojan-activity;sid:84209612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346513)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5996006993/m5ifr20.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346513/; classtype:trojan-activity;sid:84209613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346514)"; flow:established,from_client; content:"GET"; http_method; content:"/files/kardanvalov88/random.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346514/; classtype:trojan-activity;sid:84209614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346515)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/l4.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346515/; classtype:trojan-activity;sid:84209615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346503)"; flow:established,from_client; content:"GET"; http_method; content:"/files/399764519/w4klqf7.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346503/; classtype:trojan-activity;sid:84209603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346504)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346504/; classtype:trojan-activity;sid:84209604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346505)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5996006993/m5ifr20.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346505/; classtype:trojan-activity;sid:84209605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346506)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346506/; classtype:trojan-activity;sid:84209606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346507)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6386900832/9feskix.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346507/; classtype:trojan-activity;sid:84209607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346498)"; flow:established,from_client; content:"GET"; http_method; content:"/dl|3f|name=mixnine.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"80.82.65.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346498/; classtype:trojan-activity;sid:84209598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346499)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346499/; classtype:trojan-activity;sid:84209599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346500)"; flow:established,from_client; content:"GET"; http_method; content:"/files/399764519/w4klqf7.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346500/; classtype:trojan-activity;sid:84209600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346501)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7781867830/4xyfk9r.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346501/; classtype:trojan-activity;sid:84209601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346502)"; flow:established,from_client; content:"GET"; http_method; content:"/dl|3f|name=usonen"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"80.82.65.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346502/; classtype:trojan-activity;sid:84209602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346496)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6386900832/9feskix.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346496/; classtype:trojan-activity;sid:84209596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346497)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dynpvoy.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346497/; classtype:trojan-activity;sid:84209597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346494)"; flow:established,from_client; content:"GET"; http_method; content:"/files/523681048/3eueygl.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346494/; classtype:trojan-activity;sid:84209594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346495)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6386900832/9feskix.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346495/; classtype:trojan-activity;sid:84209595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346492)"; flow:established,from_client; content:"GET"; http_method; content:"/files/encoxx/random.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346492/; classtype:trojan-activity;sid:84209592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346493)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8049824649/yiklfon.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346493/; classtype:trojan-activity;sid:84209593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346490)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7427009775/dwvrtdy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346490/; classtype:trojan-activity;sid:84209590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346491)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rmx.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346491/; classtype:trojan-activity;sid:84209591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346489)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chrome11.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346489/; classtype:trojan-activity;sid:84209589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346487)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chrome11.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346487/; classtype:trojan-activity;sid:84209587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346488)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8049824649/yiklfon.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346488/; classtype:trojan-activity;sid:84209588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346486)"; flow:established,from_client; content:"GET"; http_method; content:"/dl|3f|name=mixone"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"80.82.65.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346486/; classtype:trojan-activity;sid:84209586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346484)"; flow:established,from_client; content:"GET"; http_method; content:"/files/399764519/w4klqf7.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346484/; classtype:trojan-activity;sid:84209584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346485)"; flow:established,from_client; content:"GET"; http_method; content:"/file/onmtdsqb"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mega.nz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346485/; classtype:trojan-activity;sid:84209585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346482)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6904700471/z9pp9pm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346482/; classtype:trojan-activity;sid:84209582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346483)"; flow:established,from_client; content:"GET"; http_method; content:"/files/kardanvalov88/random.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346483/; classtype:trojan-activity;sid:84209583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346479)"; flow:established,from_client; content:"GET"; http_method; content:"/dl|3f|name=euone"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"80.82.65.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346479/; classtype:trojan-activity;sid:84209579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346480)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8049824649/yiklfon.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346480/; classtype:trojan-activity;sid:84209580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346481)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7403972632/c1j7svw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346481/; classtype:trojan-activity;sid:84209581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346477)"; flow:established,from_client; content:"GET"; http_method; content:"/files/523681048/3eueygl.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346477/; classtype:trojan-activity;sid:84209577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346478)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xvp0dljz"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mega.nz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346478/; classtype:trojan-activity;sid:84209578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346474)"; flow:established,from_client; content:"GET"; http_method; content:"/file/724vbaxb"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mega.nz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346474/; classtype:trojan-activity;sid:84209574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346475)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/networkmanager.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346475/; classtype:trojan-activity;sid:84209575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346476)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6904700471/z9pp9pm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346476/; classtype:trojan-activity;sid:84209576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346472)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5996006993/m5ifr20.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346472/; classtype:trojan-activity;sid:84209572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346473)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7403972632/c1j7svw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346473/; classtype:trojan-activity;sid:84209573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346471)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hell911/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346471/; classtype:trojan-activity;sid:84209571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346469)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alexshlu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346469/; classtype:trojan-activity;sid:84209569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346470)"; flow:established,from_client; content:"GET"; http_method; content:"/files/kardanvalov88/random.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346470/; classtype:trojan-activity;sid:84209570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346464)"; flow:established,from_client; content:"GET"; http_method; content:"/dl|3f|name=inte"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"80.82.65.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346464/; classtype:trojan-activity;sid:84209564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346465)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe|3f|b"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346465/; classtype:trojan-activity;sid:84209565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346466)"; flow:established,from_client; content:"GET"; http_method; content:"/files/523681048/3eueygl.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346466/; classtype:trojan-activity;sid:84209566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346467)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alexshlu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346467/; classtype:trojan-activity;sid:84209567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346468)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6386900832/9feskix.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346468/; classtype:trojan-activity;sid:84209568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346463)"; flow:established,from_client; content:"GET"; http_method; content:"/files/encoxx/random.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346463/; classtype:trojan-activity;sid:84209563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346462)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hell911/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346462/; classtype:trojan-activity;sid:84209562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346459)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346459/; classtype:trojan-activity;sid:84209559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346460)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7403972632/gu8nd0g.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346460/; classtype:trojan-activity;sid:84209560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346461)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346461/; classtype:trojan-activity;sid:84209561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346453)"; flow:established,from_client; content:"GET"; http_method; content:"/files/encoxx/random.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346453/; classtype:trojan-activity;sid:84209553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346454)"; flow:established,from_client; content:"GET"; http_method; content:"/dl|3f|name=mixnine"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"80.82.65.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346454/; classtype:trojan-activity;sid:84209554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346455)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7427009775/t5abhix.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346455/; classtype:trojan-activity;sid:84209555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346456)"; flow:established,from_client; content:"GET"; http_method; content:"/files/encoxx/random.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346456/; classtype:trojan-activity;sid:84209556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346457)"; flow:established,from_client; content:"GET"; http_method; content:"/dl|3f|name=inte1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"80.82.65.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346457/; classtype:trojan-activity;sid:84209557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346458)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346458/; classtype:trojan-activity;sid:84209558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346452)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346452/; classtype:trojan-activity;sid:84209552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346450)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346450/; classtype:trojan-activity;sid:84209550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.217.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346451/; classtype:trojan-activity;sid:84209551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346449)"; flow:established,from_client; content:"GET"; http_method; content:"/var/www/html/files/5803047068/11.ps1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346449/; classtype:trojan-activity;sid:84209549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346448)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ko.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346448/; classtype:trojan-activity;sid:84209548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346447)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ko.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346447/; classtype:trojan-activity;sid:84209547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346446)"; flow:established,from_client; content:"GET"; http_method; content:"/file/o2giutlk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mega.nz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346446/; classtype:trojan-activity;sid:84209546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346444)"; flow:established,from_client; content:"GET"; http_method; content:"/var/www/html/files/5803047068/11.ps1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346444/; classtype:trojan-activity;sid:84209544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346445)"; flow:established,from_client; content:"GET"; http_method; content:"/var/www/html/files/5803047068/11.ps1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346445/; classtype:trojan-activity;sid:84209545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346441)"; flow:established,from_client; content:"GET"; http_method; content:"/files/gen2/tort.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"f1048022.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346441/; classtype:trojan-activity;sid:84209541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346440)"; flow:established,from_client; content:"GET"; http_method; content:"/installsurf-us-1-new/setup.msi"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"internetguardiansec.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346440/; classtype:trojan-activity;sid:84209540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346436)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.msi"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"evaways.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346436/; classtype:trojan-activity;sid:84209536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346437)"; flow:established,from_client; content:"GET"; http_method; content:"/888.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"a1060630.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346437/; classtype:trojan-activity;sid:84209537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346438)"; flow:established,from_client; content:"GET"; http_method; content:"/img/50to.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"f0706909.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346438/; classtype:trojan-activity;sid:84209538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346439)"; flow:established,from_client; content:"GET"; http_method; content:"/img/info.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"f0706909.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346439/; classtype:trojan-activity;sid:84209539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346434)"; flow:established,from_client; content:"GET"; http_method; content:"/files/dellconnassist.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"f1048022.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346434/; classtype:trojan-activity;sid:84209534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346435)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.msi"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"evaways.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346435/; classtype:trojan-activity;sid:84209535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346432)"; flow:established,from_client; content:"GET"; http_method; content:"/img/50.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"f0706909.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346432/; classtype:trojan-activity;sid:84209532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346433)"; flow:established,from_client; content:"GET"; http_method; content:"/sh.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a1059592.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346433/; classtype:trojan-activity;sid:84209533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346430)"; flow:established,from_client; content:"GET"; http_method; content:"/systenn.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"f1043947.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346430/; classtype:trojan-activity;sid:84209530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346431)"; flow:established,from_client; content:"GET"; http_method; content:"/winlogoh.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"f1043947.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346431/; classtype:trojan-activity;sid:84209531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346426)"; flow:established,from_client; content:"GET"; http_method; content:"/qwex.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a1051707.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346426/; classtype:trojan-activity;sid:84209526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346427)"; flow:established,from_client; content:"GET"; http_method; content:"/pm/setup.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"betterwebspacetest.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346427/; classtype:trojan-activity;sid:84209527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346428)"; flow:established,from_client; content:"GET"; http_method; content:"/files/planb.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"f1048022.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346428/; classtype:trojan-activity;sid:84209528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346429)"; flow:established,from_client; content:"GET"; http_method; content:"/xw.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a1059592.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346429/; classtype:trojan-activity;sid:84209529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.221.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346425/; classtype:trojan-activity;sid:84209525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.179.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346423/; classtype:trojan-activity;sid:84209523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.109.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346424/; classtype:trojan-activity;sid:84209524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.232.192.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346422/; classtype:trojan-activity;sid:84209522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.226.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346421/; classtype:trojan-activity;sid:84209521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.238.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346420/; classtype:trojan-activity;sid:84209520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346419/; classtype:trojan-activity;sid:84209519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.172.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346418/; classtype:trojan-activity;sid:84209518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.203.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346417/; classtype:trojan-activity;sid:84209517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.14.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346416/; classtype:trojan-activity;sid:84209516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.210.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346415/; classtype:trojan-activity;sid:84209515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.175.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346414/; classtype:trojan-activity;sid:84209514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.86.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346413/; classtype:trojan-activity;sid:84209513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.8.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346412/; classtype:trojan-activity;sid:84209512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.55.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346411/; classtype:trojan-activity;sid:84209511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.183.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346408/; classtype:trojan-activity;sid:84209508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.203.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346409/; classtype:trojan-activity;sid:84209509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346410/; classtype:trojan-activity;sid:84209510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.44.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346407/; classtype:trojan-activity;sid:84209507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.117.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346406/; classtype:trojan-activity;sid:84209506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.120.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346405/; classtype:trojan-activity;sid:84209505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.248.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346404/; classtype:trojan-activity;sid:84209504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.177.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346403/; classtype:trojan-activity;sid:84209503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.0.222"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346402/; classtype:trojan-activity;sid:84209502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.69.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346400/; classtype:trojan-activity;sid:84209500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.247.83.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346401/; classtype:trojan-activity;sid:84209501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346399)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.6.52"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346399/; classtype:trojan-activity;sid:84209499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.172.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346398/; classtype:trojan-activity;sid:84209498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.14.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346397/; classtype:trojan-activity;sid:84209497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.179.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346396/; classtype:trojan-activity;sid:84209496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.47.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346395/; classtype:trojan-activity;sid:84209495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346394/; classtype:trojan-activity;sid:84209494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.210.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346393/; classtype:trojan-activity;sid:84209493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.57.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346392/; classtype:trojan-activity;sid:84209492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.163.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346391/; classtype:trojan-activity;sid:84209491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.86.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346390/; classtype:trojan-activity;sid:84209490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.239.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346389/; classtype:trojan-activity;sid:84209489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.33.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346388/; classtype:trojan-activity;sid:84209488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.215.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346387/; classtype:trojan-activity;sid:84209487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.169.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346386/; classtype:trojan-activity;sid:84209486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.239.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346385/; classtype:trojan-activity;sid:84209485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.104.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346384/; classtype:trojan-activity;sid:84209484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.40.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346383/; classtype:trojan-activity;sid:84209483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.57.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346382/; classtype:trojan-activity;sid:84209482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.40.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346381/; classtype:trojan-activity;sid:84209481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.119.237.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346380/; classtype:trojan-activity;sid:84209480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.96.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346379/; classtype:trojan-activity;sid:84209479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346377/; classtype:trojan-activity;sid:84209477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.105.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346378/; classtype:trojan-activity;sid:84209478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.32.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346376/; classtype:trojan-activity;sid:84209476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.47.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346375/; classtype:trojan-activity;sid:84209475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.22.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346374/; classtype:trojan-activity;sid:84209474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.153.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346373/; classtype:trojan-activity;sid:84209473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.164.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346372/; classtype:trojan-activity;sid:84209472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.226.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346371/; classtype:trojan-activity;sid:84209471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.201.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346370/; classtype:trojan-activity;sid:84209470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.218.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346368/; classtype:trojan-activity;sid:84209468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.49.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346369/; classtype:trojan-activity;sid:84209469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.164.178.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346366/; classtype:trojan-activity;sid:84209466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.49.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346367/; classtype:trojan-activity;sid:84209467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346365/; classtype:trojan-activity;sid:84209465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.98.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346362/; classtype:trojan-activity;sid:84209462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.178.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346363/; classtype:trojan-activity;sid:84209463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.91.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346364/; classtype:trojan-activity;sid:84209464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.79.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346361/; classtype:trojan-activity;sid:84209461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.119.237.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346360/; classtype:trojan-activity;sid:84209460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.153.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346359/; classtype:trojan-activity;sid:84209459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.31.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346358/; classtype:trojan-activity;sid:84209458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346357/; classtype:trojan-activity;sid:84209457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.150.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346356/; classtype:trojan-activity;sid:84209456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.40.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346355/; classtype:trojan-activity;sid:84209455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.201.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346354/; classtype:trojan-activity;sid:84209454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346353)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.136.41.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346353/; classtype:trojan-activity;sid:84209453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346352/; classtype:trojan-activity;sid:84209452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.226.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346351/; classtype:trojan-activity;sid:84209451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.212.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346350/; classtype:trojan-activity;sid:84209450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.128.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346348/; classtype:trojan-activity;sid:84209448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346349/; classtype:trojan-activity;sid:84209449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.79.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346347/; classtype:trojan-activity;sid:84209447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346345)"; flow:established,from_client; content:"GET"; http_method; content:"/domjy12"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"t.ly"; http_host; depth:4; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346345/; classtype:trojan-activity;sid:84209445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.122.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346341/; classtype:trojan-activity;sid:84209441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346342/; classtype:trojan-activity;sid:84209442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.233.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346343/; classtype:trojan-activity;sid:84209443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346338/; classtype:trojan-activity;sid:84209438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346339/; classtype:trojan-activity;sid:84209439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.219.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346340/; classtype:trojan-activity;sid:84209440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.120.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346337/; classtype:trojan-activity;sid:84209437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.232.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346336/; classtype:trojan-activity;sid:84209436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.102.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346334/; classtype:trojan-activity;sid:84209434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.203.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346335/; classtype:trojan-activity;sid:84209435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.240.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346333/; classtype:trojan-activity;sid:84209433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346332/; classtype:trojan-activity;sid:84209432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.176.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346331/; classtype:trojan-activity;sid:84209431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.48.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346330/; classtype:trojan-activity;sid:84209430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.209.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346329/; classtype:trojan-activity;sid:84209429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.32.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346328/; classtype:trojan-activity;sid:84209428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.154.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346327/; classtype:trojan-activity;sid:84209427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.240.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346326/; classtype:trojan-activity;sid:84209426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.219.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346325/; classtype:trojan-activity;sid:84209425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.48.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346324/; classtype:trojan-activity;sid:84209424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.212.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346323/; classtype:trojan-activity;sid:84209423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.75.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346322/; classtype:trojan-activity;sid:84209422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.45.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346321/; classtype:trojan-activity;sid:84209421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.236.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346320/; classtype:trojan-activity;sid:84209420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.151.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346319/; classtype:trojan-activity;sid:84209419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.226.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346318/; classtype:trojan-activity;sid:84209418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.48.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346317/; classtype:trojan-activity;sid:84209417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346316/; classtype:trojan-activity;sid:84209416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.216.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346315/; classtype:trojan-activity;sid:84209415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346314/; classtype:trojan-activity;sid:84209414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.134.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346313/; classtype:trojan-activity;sid:84209413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.154.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346311/; classtype:trojan-activity;sid:84209411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.98.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346312/; classtype:trojan-activity;sid:84209412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.166.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346310/; classtype:trojan-activity;sid:84209410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.76.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346309/; classtype:trojan-activity;sid:84209409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.134.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346308/; classtype:trojan-activity;sid:84209408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.240.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346307/; classtype:trojan-activity;sid:84209407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346306/; classtype:trojan-activity;sid:84209406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.76.126.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346304/; classtype:trojan-activity;sid:84209404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.232.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346305/; classtype:trojan-activity;sid:84209405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.33.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346303/; classtype:trojan-activity;sid:84209403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.228.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346302/; classtype:trojan-activity;sid:84209402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.121.2.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346301/; classtype:trojan-activity;sid:84209401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.37.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346296/; classtype:trojan-activity;sid:84209396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346297/; classtype:trojan-activity;sid:84209397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.122.100.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346298/; classtype:trojan-activity;sid:84209398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.225.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346299/; classtype:trojan-activity;sid:84209399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.176.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346300/; classtype:trojan-activity;sid:84209400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.236.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346295/; classtype:trojan-activity;sid:84209395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.247.7.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346294/; classtype:trojan-activity;sid:84209394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.162.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346293/; classtype:trojan-activity;sid:84209393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.189.250.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346289/; classtype:trojan-activity;sid:84209389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346290/; classtype:trojan-activity;sid:84209390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.73.147.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346291/; classtype:trojan-activity;sid:84209391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.222.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346292/; classtype:trojan-activity;sid:84209392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.151.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346288/; classtype:trojan-activity;sid:84209388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.3.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346287/; classtype:trojan-activity;sid:84209387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346286/; classtype:trojan-activity;sid:84209386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.226.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346285/; classtype:trojan-activity;sid:84209385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.57.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346284/; classtype:trojan-activity;sid:84209384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.164.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346283/; classtype:trojan-activity;sid:84209383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.252.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346282/; classtype:trojan-activity;sid:84209382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.133.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346281/; classtype:trojan-activity;sid:84209381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.44.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346279/; classtype:trojan-activity;sid:84209379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.70.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346280/; classtype:trojan-activity;sid:84209380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.123.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346278/; classtype:trojan-activity;sid:84209378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.154.114.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346277/; classtype:trojan-activity;sid:84209377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.97.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346276/; classtype:trojan-activity;sid:84209376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346275/; classtype:trojan-activity;sid:84209375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346274/; classtype:trojan-activity;sid:84209374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.202.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346273/; classtype:trojan-activity;sid:84209373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.44.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346271/; classtype:trojan-activity;sid:84209371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.70.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346272/; classtype:trojan-activity;sid:84209372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346270/; classtype:trojan-activity;sid:84209370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.166.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346269/; classtype:trojan-activity;sid:84209369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.123.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346268/; classtype:trojan-activity;sid:84209368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.220.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346267/; classtype:trojan-activity;sid:84209367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346266/; classtype:trojan-activity;sid:84209366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.47.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346265/; classtype:trojan-activity;sid:84209365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.238.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346264/; classtype:trojan-activity;sid:84209364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.45.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346263/; classtype:trojan-activity;sid:84209363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346262/; classtype:trojan-activity;sid:84209362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.38.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346261/; classtype:trojan-activity;sid:84209361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346260)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/document.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"docusign.servergate.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346260/; classtype:trojan-activity;sid:84209360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346259)"; flow:established,from_client; content:"GET"; http_method; content:"/rt/setup.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"servergate.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346259/; classtype:trojan-activity;sid:84209359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.10.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346258/; classtype:trojan-activity;sid:84209358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.177.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346257/; classtype:trojan-activity;sid:84209357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.191.30.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346254/; classtype:trojan-activity;sid:84209354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346255/; classtype:trojan-activity;sid:84209355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.97.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346256/; classtype:trojan-activity;sid:84209356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346253/; classtype:trojan-activity;sid:84209353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.123.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346252/; classtype:trojan-activity;sid:84209352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.29.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346251/; classtype:trojan-activity;sid:84209351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346250/; classtype:trojan-activity;sid:84209350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.35.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346249/; classtype:trojan-activity;sid:84209349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346248/; classtype:trojan-activity;sid:84209348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346247/; classtype:trojan-activity;sid:84209347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.86.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346246/; classtype:trojan-activity;sid:84209346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.66.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346245/; classtype:trojan-activity;sid:84209345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.96.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346244/; classtype:trojan-activity;sid:84209344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.81.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346243/; classtype:trojan-activity;sid:84209343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.69.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346242/; classtype:trojan-activity;sid:84209342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.35.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346241/; classtype:trojan-activity;sid:84209341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346240/; classtype:trojan-activity;sid:84209340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.66.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346239/; classtype:trojan-activity;sid:84209339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.29.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346238/; classtype:trojan-activity;sid:84209338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.20.228.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346237/; classtype:trojan-activity;sid:84209337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346236/; classtype:trojan-activity;sid:84209336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.122.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346235/; classtype:trojan-activity;sid:84209335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.128.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346234/; classtype:trojan-activity;sid:84209334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.212.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346233/; classtype:trojan-activity;sid:84209333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346231)"; flow:established,from_client; content:"GET"; http_method; content:"/60/wce/nookieniceverysweetthingsgoingonherewithnicelooking_______nookiemuchbetterthananythingusayingwhichnicefor______verynicelookingnookiechocolcatefalour.doc"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"138.68.185.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346231/; classtype:trojan-activity;sid:84209331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346232/; classtype:trojan-activity;sid:84209332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.76.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346230/; classtype:trojan-activity;sid:84209330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.231.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346229/; classtype:trojan-activity;sid:84209329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.0.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346228/; classtype:trojan-activity;sid:84209328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.124.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346227/; classtype:trojan-activity;sid:84209327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.77.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346226/; classtype:trojan-activity;sid:84209326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.81.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346225/; classtype:trojan-activity;sid:84209325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.184.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346224/; classtype:trojan-activity;sid:84209324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.209.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346222/; classtype:trojan-activity;sid:84209322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.255.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346223/; classtype:trojan-activity;sid:84209323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.86.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346221/; classtype:trojan-activity;sid:84209321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.11.56.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346220/; classtype:trojan-activity;sid:84209320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.167.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346219/; classtype:trojan-activity;sid:84209319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.122.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346218/; classtype:trojan-activity;sid:84209318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.55.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346215/; classtype:trojan-activity;sid:84209315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.132.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346216/; classtype:trojan-activity;sid:84209316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346217/; classtype:trojan-activity;sid:84209317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.20.228.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346214/; classtype:trojan-activity;sid:84209314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.96.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346213/; classtype:trojan-activity;sid:84209313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346212/; classtype:trojan-activity;sid:84209312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.25.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346211/; classtype:trojan-activity;sid:84209311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.163.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346210/; classtype:trojan-activity;sid:84209310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346209/; classtype:trojan-activity;sid:84209309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.71.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346208/; classtype:trojan-activity;sid:84209308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346207/; classtype:trojan-activity;sid:84209307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.231.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346206/; classtype:trojan-activity;sid:84209306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.117.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346205/; classtype:trojan-activity;sid:84209305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.0.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346204/; classtype:trojan-activity;sid:84209304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346203/; classtype:trojan-activity;sid:84209303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.19.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346202/; classtype:trojan-activity;sid:84209302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346201/; classtype:trojan-activity;sid:84209301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.104.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346200/; classtype:trojan-activity;sid:84209300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346199/; classtype:trojan-activity;sid:84209299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.16.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346195/; classtype:trojan-activity;sid:84209295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.104.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346196/; classtype:trojan-activity;sid:84209296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.122.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346197/; classtype:trojan-activity;sid:84209297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.90.3.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346198/; classtype:trojan-activity;sid:84209298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.93.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346194/; classtype:trojan-activity;sid:84209294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346193/; classtype:trojan-activity;sid:84209293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.132.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346192/; classtype:trojan-activity;sid:84209292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346190/; classtype:trojan-activity;sid:84209290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.55.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346191/; classtype:trojan-activity;sid:84209291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.213.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346189/; classtype:trojan-activity;sid:84209289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.96.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346188/; classtype:trojan-activity;sid:84209288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.121.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346187/; classtype:trojan-activity;sid:84209287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.43.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346186/; classtype:trojan-activity;sid:84209286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.37.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346185/; classtype:trojan-activity;sid:84209285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.0.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346184/; classtype:trojan-activity;sid:84209284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.77.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346183/; classtype:trojan-activity;sid:84209283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.175.138.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346182/; classtype:trojan-activity;sid:84209282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.11.56.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346181/; classtype:trojan-activity;sid:84209281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.66.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346179/; classtype:trojan-activity;sid:84209279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.104.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346180/; classtype:trojan-activity;sid:84209280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.117.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346178/; classtype:trojan-activity;sid:84209278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.52.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346176/; classtype:trojan-activity;sid:84209276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346177/; classtype:trojan-activity;sid:84209277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346175/; classtype:trojan-activity;sid:84209275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.45.56.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346174/; classtype:trojan-activity;sid:84209274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346173/; classtype:trojan-activity;sid:84209273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.16.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346172/; classtype:trojan-activity;sid:84209272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.232.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346171/; classtype:trojan-activity;sid:84209271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.3.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346166/; classtype:trojan-activity;sid:84209266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.158.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346167/; classtype:trojan-activity;sid:84209267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.156.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346168/; classtype:trojan-activity;sid:84209268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346169/; classtype:trojan-activity;sid:84209269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346170/; classtype:trojan-activity;sid:84209270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.83.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346165/; classtype:trojan-activity;sid:84209265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.187.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346164/; classtype:trojan-activity;sid:84209264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.140.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346163/; classtype:trojan-activity;sid:84209263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.248.123.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346162/; classtype:trojan-activity;sid:84209262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.249.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346160/; classtype:trojan-activity;sid:84209260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.37.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346161/; classtype:trojan-activity;sid:84209261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.221.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346159/; classtype:trojan-activity;sid:84209259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.113.102.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346158/; classtype:trojan-activity;sid:84209258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.0.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346157/; classtype:trojan-activity;sid:84209257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.37.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346156/; classtype:trojan-activity;sid:84209256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.1.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346155/; classtype:trojan-activity;sid:84209255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.223.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346154/; classtype:trojan-activity;sid:84209254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.24.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346153/; classtype:trojan-activity;sid:84209253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346152/; classtype:trojan-activity;sid:84209252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.232.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346151/; classtype:trojan-activity;sid:84209251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.223.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346150/; classtype:trojan-activity;sid:84209250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.152.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346149/; classtype:trojan-activity;sid:84209249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346148/; classtype:trojan-activity;sid:84209248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346147/; classtype:trojan-activity;sid:84209247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.40.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346146/; classtype:trojan-activity;sid:84209246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346145/; classtype:trojan-activity;sid:84209245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.28.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346144/; classtype:trojan-activity;sid:84209244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.158.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346143/; classtype:trojan-activity;sid:84209243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.223.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346142/; classtype:trojan-activity;sid:84209242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.11.56.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346141/; classtype:trojan-activity;sid:84209241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.64.20.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346139/; classtype:trojan-activity;sid:84209239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.53.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346140/; classtype:trojan-activity;sid:84209240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.194.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346138/; classtype:trojan-activity;sid:84209238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.237.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346137/; classtype:trojan-activity;sid:84209237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.164.178.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346136/; classtype:trojan-activity;sid:84209236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.32.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346135/; classtype:trojan-activity;sid:84209235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.3.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346134/; classtype:trojan-activity;sid:84209234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346133/; classtype:trojan-activity;sid:84209233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.83.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346131/; classtype:trojan-activity;sid:84209231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.24.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346132/; classtype:trojan-activity;sid:84209232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346130/; classtype:trojan-activity;sid:84209230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.28.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346129/; classtype:trojan-activity;sid:84209229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346128/; classtype:trojan-activity;sid:84209228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.62.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346127/; classtype:trojan-activity;sid:84209227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.90.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346126/; classtype:trojan-activity;sid:84209226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.28.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346125/; classtype:trojan-activity;sid:84209225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.244.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346124/; classtype:trojan-activity;sid:84209224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.37.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346123/; classtype:trojan-activity;sid:84209223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.111.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346122/; classtype:trojan-activity;sid:84209222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.172.51.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346121/; classtype:trojan-activity;sid:84209221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346120/; classtype:trojan-activity;sid:84209220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.239.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346119/; classtype:trojan-activity;sid:84209219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.34.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346118/; classtype:trojan-activity;sid:84209218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.194.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346117/; classtype:trojan-activity;sid:84209217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.162.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346116/; classtype:trojan-activity;sid:84209216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.74.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346115/; classtype:trojan-activity;sid:84209215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.28.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346114/; classtype:trojan-activity;sid:84209214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346113/; classtype:trojan-activity;sid:84209213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.38.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346112/; classtype:trojan-activity;sid:84209212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.209.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346111/; classtype:trojan-activity;sid:84209211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.102.187.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346110/; classtype:trojan-activity;sid:84209210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346109/; classtype:trojan-activity;sid:84209209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.25.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346108/; classtype:trojan-activity;sid:84209208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.111.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346107/; classtype:trojan-activity;sid:84209207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.42.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346106/; classtype:trojan-activity;sid:84209206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.85.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346105/; classtype:trojan-activity;sid:84209205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.34.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346104/; classtype:trojan-activity;sid:84209204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.245.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346103/; classtype:trojan-activity;sid:84209203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.38.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346102/; classtype:trojan-activity;sid:84209202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.154.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346101/; classtype:trojan-activity;sid:84209201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.126.34.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346100/; classtype:trojan-activity;sid:84209200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.121.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346099/; classtype:trojan-activity;sid:84209199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.3.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346098/; classtype:trojan-activity;sid:84209198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.80.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346097/; classtype:trojan-activity;sid:84209197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346096/; classtype:trojan-activity;sid:84209196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346095/; classtype:trojan-activity;sid:84209195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.204.42.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346094/; classtype:trojan-activity;sid:84209194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.89.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346093/; classtype:trojan-activity;sid:84209193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.142.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346092/; classtype:trojan-activity;sid:84209192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.90.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346091/; classtype:trojan-activity;sid:84209191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.83.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346090/; classtype:trojan-activity;sid:84209190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.83.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346089/; classtype:trojan-activity;sid:84209189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346088)"; flow:established,from_client; content:"GET"; http_method; content:"/govapp.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"173.0.58.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346088/; classtype:trojan-activity;sid:84209188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.87.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346087/; classtype:trojan-activity;sid:84209187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346086/; classtype:trojan-activity;sid:84209186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.129.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346084/; classtype:trojan-activity;sid:84209184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346085/; classtype:trojan-activity;sid:84209185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.121.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346083/; classtype:trojan-activity;sid:84209183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.175.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346081/; classtype:trojan-activity;sid:84209181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.125.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346082/; classtype:trojan-activity;sid:84209182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346080)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/vorpgkadeg.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346080/; classtype:trojan-activity;sid:84209180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.3.25.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346078/; classtype:trojan-activity;sid:84209178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.3.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346079/; classtype:trojan-activity;sid:84209179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346077)"; flow:established,from_client; content:"GET"; http_method; content:"/ronaldorsantana/ronaldo/refs/heads/main/boleto.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346077/; classtype:trojan-activity;sid:84209177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346068)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/piotjhjadkaw.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346068/; classtype:trojan-activity;sid:84209168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346069)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/krgawdtyjawd.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346069/; classtype:trojan-activity;sid:84209169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346070)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/jdrgsotrti.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346070/; classtype:trojan-activity;sid:84209170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346071)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/kisteruop.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346071/; classtype:trojan-activity;sid:84209171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346072)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/vovdawdrg.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346072/; classtype:trojan-activity;sid:84209172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346073)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/mfcthased.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346073/; classtype:trojan-activity;sid:84209173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346074)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/kisloyat.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346074/; classtype:trojan-activity;sid:84209174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346075)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/daytjhasdawd.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346075/; classtype:trojan-activity;sid:84209175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346076)"; flow:established,from_client; content:"GET"; http_method; content:"/ronaldorsantana/ronaldo/raw/refs/heads/main/boleto.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346076/; classtype:trojan-activity;sid:84209176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.66.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346067/; classtype:trojan-activity;sid:84209167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346066)"; flow:established,from_client; content:"GET"; http_method; content:"/screenupdatesync.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.113.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346066/; classtype:trojan-activity;sid:84209166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.90.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346065/; classtype:trojan-activity;sid:84209165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.88.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346064/; classtype:trojan-activity;sid:84209164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.235.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346063/; classtype:trojan-activity;sid:84209163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.93.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346062/; classtype:trojan-activity;sid:84209162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.87.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346061/; classtype:trojan-activity;sid:84209161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.13.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346060/; classtype:trojan-activity;sid:84209160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.101.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346059/; classtype:trojan-activity;sid:84209159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.83.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346058/; classtype:trojan-activity;sid:84209158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.89.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346057/; classtype:trojan-activity;sid:84209157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346056/; classtype:trojan-activity;sid:84209156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/prereqs/vcredist_x86.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.speak-a-message.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346055/; classtype:trojan-activity;sid:84209155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346053)"; flow:established,from_client; content:"GET"; http_method; content:"/1acc7899d5577c57/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.132.107.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346053/; classtype:trojan-activity;sid:84209153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346054)"; flow:established,from_client; content:"GET"; http_method; content:"/utpieg.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346054/; classtype:trojan-activity;sid:84209154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346052)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/sqlite3.dll|3f|e"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346052/; classtype:trojan-activity;sid:84209152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346042)"; flow:established,from_client; content:"GET"; http_method; content:"/1acc7899d5577c57/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.132.107.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346042/; classtype:trojan-activity;sid:84209142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346043)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.xxx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.177.25.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346043/; classtype:trojan-activity;sid:84209143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346044)"; flow:established,from_client; content:"GET"; http_method; content:"/i586.xxx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.177.25.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346044/; classtype:trojan-activity;sid:84209144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346045)"; flow:established,from_client; content:"GET"; http_method; content:"/x32.xxx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.177.25.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346045/; classtype:trojan-activity;sid:84209145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346046)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl.xxx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.177.25.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346046/; classtype:trojan-activity;sid:84209146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346047)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.xxx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.177.25.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346047/; classtype:trojan-activity;sid:84209147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346048)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.xxx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.177.25.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346048/; classtype:trojan-activity;sid:84209148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346049)"; flow:established,from_client; content:"GET"; http_method; content:"/shell3er.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"70.34.200.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346049/; classtype:trojan-activity;sid:84209149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346050)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4.xxx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.177.25.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346050/; classtype:trojan-activity;sid:84209150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346051)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc.xxx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.177.25.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346051/; classtype:trojan-activity;sid:84209151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346034)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.xxx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.177.25.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346034/; classtype:trojan-activity;sid:84209134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346035)"; flow:established,from_client; content:"GET"; http_method; content:"/1acc7899d5577c57/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.132.107.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346035/; classtype:trojan-activity;sid:84209135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346036)"; flow:established,from_client; content:"GET"; http_method; content:"/1acc7899d5577c57/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.132.107.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346036/; classtype:trojan-activity;sid:84209136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346037)"; flow:established,from_client; content:"GET"; http_method; content:"/1acc7899d5577c57/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.132.107.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346037/; classtype:trojan-activity;sid:84209137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346038)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.xxx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.177.25.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346038/; classtype:trojan-activity;sid:84209138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346039)"; flow:established,from_client; content:"GET"; http_method; content:"/x86.xxx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.177.25.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346039/; classtype:trojan-activity;sid:84209139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346040)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.xxx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.177.25.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346040/; classtype:trojan-activity;sid:84209140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346041)"; flow:established,from_client; content:"GET"; http_method; content:"/1acc7899d5577c57/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.132.107.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346041/; classtype:trojan-activity;sid:84209141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346032)"; flow:established,from_client; content:"GET"; http_method; content:"/universal/driver/dtlvcredist_2005_x86.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"universal.driver.160.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346032/; classtype:trojan-activity;sid:84209132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.211.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346033/; classtype:trojan-activity;sid:84209133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346031)"; flow:established,from_client; content:"GET"; http_method; content:"/templates1/js/mixitup.js"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"autoiwc.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346031/; classtype:trojan-activity;sid:84209131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346029)"; flow:established,from_client; content:"GET"; http_method; content:"/built.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"f1059329.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346029/; classtype:trojan-activity;sid:84209129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346027)"; flow:established,from_client; content:"GET"; http_method; content:"/jy.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jrqh-hk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346027/; classtype:trojan-activity;sid:84209127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346028)"; flow:established,from_client; content:"GET"; http_method; content:"/runtime.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a1057700.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346028/; classtype:trojan-activity;sid:84209128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/41a1111.hta"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346026/; classtype:trojan-activity;sid:84209126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346022)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha.hta"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.131.135.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346022/; classtype:trojan-activity;sid:84209122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346023)"; flow:established,from_client; content:"GET"; http_method; content:"/test30.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"20.83.148.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346023/; classtype:trojan-activity;sid:84209123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346024)"; flow:established,from_client; content:"GET"; http_method; content:"/azure.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"a1057700.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346024/; classtype:trojan-activity;sid:84209124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346025)"; flow:established,from_client; content:"GET"; http_method; content:"/x.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ai-kling.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346025/; classtype:trojan-activity;sid:84209125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346021)"; flow:established,from_client; content:"GET"; http_method; content:"/hector4576/noviembre/downloads/26novsoste.txt"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346021/; classtype:trojan-activity;sid:84209121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346020)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/refs/heads/main/testingfile.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346020/; classtype:trojan-activity;sid:84209120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346017)"; flow:established,from_client; content:"GET"; http_method; content:"/file/129.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"drdavidfishbein.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346017/; classtype:trojan-activity;sid:84209117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346018)"; flow:established,from_client; content:"GET"; http_method; content:"/zls2024/not-download/main/discord.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346018/; classtype:trojan-activity;sid:84209118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346019)"; flow:established,from_client; content:"GET"; http_method; content:"/xmadter/crixs/refs/heads/main/runtimebroker.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346019/; classtype:trojan-activity;sid:84209119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346015)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1oqnjs92kpqwn9owscvsr6hyjbwvddpgb|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346015/; classtype:trojan-activity;sid:84209115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346016)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/blob/main/server.exe|3f|raw=true"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346016/; classtype:trojan-activity;sid:84209116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346014)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|id=1qox4cfzqapicfql6sbnngokzbtlbxan7|7c|26|7c|export=download"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"drive.usercontent.google.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346014/; classtype:trojan-activity;sid:84209114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346012)"; flow:established,from_client; content:"GET"; http_method; content:"/download/hrfk298f/virus_phishing.exe|3f|dsid=pue3pmw-.df89503b1343f550287fbbb6e870e5ff|7c|26|7c|sbsr=5a6ecbc7975f17786794f2184fc7becfb32|7c|26|7c|bip=mzuumjqzljizljexma|7c|26|7c|lgfp=40/"; http_uri; depth:187; isdataat:!1,relative; nocase; content:"dc541.4sync.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346012/; classtype:trojan-activity;sid:84209112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346013)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/client.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"fileshare.seite.me"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346013/; classtype:trojan-activity;sid:84209113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346002)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/blader-4f96f.appspot.com/o/rem251.txt|3f|alt=media|7c|26|7c|token=c0f99eb2-2f4d-4b6b-8bb6-bdb0e353c395"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346002/; classtype:trojan-activity;sid:84209102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346003)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/ezife.txt|3f|alt=media|7c|26|7c|token=76efce27-fa0e-4742-86ec-47a2efb14fbd"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346003/; classtype:trojan-activity;sid:84209103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346004)"; flow:established,from_client; content:"GET"; http_method; content:"/get/rtsyboyqu8/aa.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346004/; classtype:trojan-activity;sid:84209104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346005)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/aaaaaaaaabbbbbbbbbb.txt|3f|alt=media|7c|26|7c|token=b258ab10-99ab-4d37-8a91-7954022a451e"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346005/; classtype:trojan-activity;sid:84209105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346006)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/adadada-fe29c.appspot.com/o/fc.txt|3f|alt=media|7c|26|7c|token=b9e122e9-326d-4e11-b005-be128c5b487e"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346006/; classtype:trojan-activity;sid:84209106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346007)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/virusnnnnnmeu0409.txt|3f|alt=media|7c|26|7c|token=b21da726-7c55-43bb-a0da-7405252c43c6"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346007/; classtype:trojan-activity;sid:84209107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346008)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/cyber-city-53e23.appspot.com/o/base.txt|3f|alt=media|7c|26|7c|token=c5cbd710-7d53-4b3a-87ac-6d45c902be57"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346008/; classtype:trojan-activity;sid:84209108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346009)"; flow:established,from_client; content:"GET"; http_method; content:"/get/tvisnldnvi/ardara.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346009/; classtype:trojan-activity;sid:84209109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346010)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/descargas-dc4d6.appspot.com/o/envios-nuevos.txt|3f|alt=media|7c|26|7c|token=ce690a60-78eb-401b-bfc6-1dc825e194b2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346010/; classtype:trojan-activity;sid:84209110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346011)"; flow:established,from_client; content:"GET"; http_method; content:"/get/rcsdtgeso7/jesus.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346011/; classtype:trojan-activity;sid:84209111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346001)"; flow:established,from_client; content:"GET"; http_method; content:"/avast/updates/security/patch1.1.3.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"31.220.56.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346001/; classtype:trojan-activity;sid:84209101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345998)"; flow:established,from_client; content:"GET"; http_method; content:"/just-cmd-1909/am/raw/refs/heads/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345998/; classtype:trojan-activity;sid:84209098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345999)"; flow:established,from_client; content:"GET"; http_method; content:"/xmadter/runtime/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345999/; classtype:trojan-activity;sid:84209099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346000)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346000/; classtype:trojan-activity;sid:84209100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345997)"; flow:established,from_client; content:"GET"; http_method; content:"/q310vl.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345997/; classtype:trojan-activity;sid:84209097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.15.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345996/; classtype:trojan-activity;sid:84209096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.127.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345994/; classtype:trojan-activity;sid:84209094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345995)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f1059329.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345995/; classtype:trojan-activity;sid:84209095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345993)"; flow:established,from_client; content:"GET"; http_method; content:"/dune64.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sporcketngearforu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345993/; classtype:trojan-activity;sid:84209093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.182.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345992/; classtype:trojan-activity;sid:84209092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.15.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345991/; classtype:trojan-activity;sid:84209091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.28.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345990/; classtype:trojan-activity;sid:84209090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.22.21.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345989/; classtype:trojan-activity;sid:84209089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.66.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345988/; classtype:trojan-activity;sid:84209088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345987)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pla.material.amstillroofing.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345987/; classtype:trojan-activity;sid:84209087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.81.131.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345986/; classtype:trojan-activity;sid:84209086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.13.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345985/; classtype:trojan-activity;sid:84209085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.171.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345984/; classtype:trojan-activity;sid:84209084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.93.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345983/; classtype:trojan-activity;sid:84209083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.66.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345982/; classtype:trojan-activity;sid:84209082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.171.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345981/; classtype:trojan-activity;sid:84209081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.60.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345980/; classtype:trojan-activity;sid:84209080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.248.10.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345979/; classtype:trojan-activity;sid:84209079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.81.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345978/; classtype:trojan-activity;sid:84209078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.216.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345977/; classtype:trojan-activity;sid:84209077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.108.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345976/; classtype:trojan-activity;sid:84209076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.45.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345975/; classtype:trojan-activity;sid:84209075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.147.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345974/; classtype:trojan-activity;sid:84209074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.108.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345973/; classtype:trojan-activity;sid:84209073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345972/; classtype:trojan-activity;sid:84209072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.45.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345971/; classtype:trojan-activity;sid:84209071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.43.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345970/; classtype:trojan-activity;sid:84209070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345969/; classtype:trojan-activity;sid:84209069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.107.25.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345967/; classtype:trojan-activity;sid:84209067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.173.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345968/; classtype:trojan-activity;sid:84209068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.89.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345966/; classtype:trojan-activity;sid:84209066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.133.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345965/; classtype:trojan-activity;sid:84209065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.77.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345964/; classtype:trojan-activity;sid:84209064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.185.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345963/; classtype:trojan-activity;sid:84209063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.206.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345962/; classtype:trojan-activity;sid:84209062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345961/; classtype:trojan-activity;sid:84209061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.81.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345960/; classtype:trojan-activity;sid:84209060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.122.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345957/; classtype:trojan-activity;sid:84209057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.177.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345958/; classtype:trojan-activity;sid:84209058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.196.29.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345959/; classtype:trojan-activity;sid:84209059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.45.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345955/; classtype:trojan-activity;sid:84209055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.191.62.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345956/; classtype:trojan-activity;sid:84209056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.185.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345954/; classtype:trojan-activity;sid:84209054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.142.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345953/; classtype:trojan-activity;sid:84209053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.227.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345952/; classtype:trojan-activity;sid:84209052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.159.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345951/; classtype:trojan-activity;sid:84209051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.72.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345950/; classtype:trojan-activity;sid:84209050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.11.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345949/; classtype:trojan-activity;sid:84209049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.62.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345948/; classtype:trojan-activity;sid:84209048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.229.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345946/; classtype:trojan-activity;sid:84209046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.118.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345947/; classtype:trojan-activity;sid:84209047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.98.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345945/; classtype:trojan-activity;sid:84209045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.4.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345944/; classtype:trojan-activity;sid:84209044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345943/; classtype:trojan-activity;sid:84209043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345942/; classtype:trojan-activity;sid:84209042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.62.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345941/; classtype:trojan-activity;sid:84209041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.98.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345940/; classtype:trojan-activity;sid:84209040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.191.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345939/; classtype:trojan-activity;sid:84209039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.71.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345938/; classtype:trojan-activity;sid:84209038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.248.10.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345937/; classtype:trojan-activity;sid:84209037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345936/; classtype:trojan-activity;sid:84209036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.227.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345935/; classtype:trojan-activity;sid:84209035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.106.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345934/; classtype:trojan-activity;sid:84209034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.118.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345933/; classtype:trojan-activity;sid:84209033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.71.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345932/; classtype:trojan-activity;sid:84209032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345930/; classtype:trojan-activity;sid:84209030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.147.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345931/; classtype:trojan-activity;sid:84209031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.20.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345929/; classtype:trojan-activity;sid:84209029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.73.72.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345928/; classtype:trojan-activity;sid:84209028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.25.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345927/; classtype:trojan-activity;sid:84209027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.4.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345926/; classtype:trojan-activity;sid:84209026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.118.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345923/; classtype:trojan-activity;sid:84209023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345924/; classtype:trojan-activity;sid:84209024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.136.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345925/; classtype:trojan-activity;sid:84209025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345922/; classtype:trojan-activity;sid:84209022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.152.240.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345921/; classtype:trojan-activity;sid:84209021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.25.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345920/; classtype:trojan-activity;sid:84209020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345919/; classtype:trojan-activity;sid:84209019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.161.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345918/; classtype:trojan-activity;sid:84209018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.191.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345917/; classtype:trojan-activity;sid:84209017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.25.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345916/; classtype:trojan-activity;sid:84209016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.111.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345915/; classtype:trojan-activity;sid:84209015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345914/; classtype:trojan-activity;sid:84209014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345913/; classtype:trojan-activity;sid:84209013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.177.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345912/; classtype:trojan-activity;sid:84209012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.120.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345911/; classtype:trojan-activity;sid:84209011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.22.171"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345909/; classtype:trojan-activity;sid:84209009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.138.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345910/; classtype:trojan-activity;sid:84209010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345908/; classtype:trojan-activity;sid:84209008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.180.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345907/; classtype:trojan-activity;sid:84209007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.41.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345905/; classtype:trojan-activity;sid:84209005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.254.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345906/; classtype:trojan-activity;sid:84209006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.20.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345903/; classtype:trojan-activity;sid:84209003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.73.72.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345904/; classtype:trojan-activity;sid:84209004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.168.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345902/; classtype:trojan-activity;sid:84209002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345901/; classtype:trojan-activity;sid:84209001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.65.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345899/; classtype:trojan-activity;sid:84208999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.178.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345900/; classtype:trojan-activity;sid:84209000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.201.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345898/; classtype:trojan-activity;sid:84208998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.100.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345897/; classtype:trojan-activity;sid:84208997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.23.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345896/; classtype:trojan-activity;sid:84208996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.96.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345895/; classtype:trojan-activity;sid:84208995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.14.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345894/; classtype:trojan-activity;sid:84208994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345893/; classtype:trojan-activity;sid:84208993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.197.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345892/; classtype:trojan-activity;sid:84208992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345891/; classtype:trojan-activity;sid:84208991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.19.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345890/; classtype:trojan-activity;sid:84208990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.212.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345886/; classtype:trojan-activity;sid:84208986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.62.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345887/; classtype:trojan-activity;sid:84208987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.150.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345888/; classtype:trojan-activity;sid:84208988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.133.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345889/; classtype:trojan-activity;sid:84208989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345885/; classtype:trojan-activity;sid:84208985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.128.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345883/; classtype:trojan-activity;sid:84208983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.229.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345884/; classtype:trojan-activity;sid:84208984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345882/; classtype:trojan-activity;sid:84208982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345881/; classtype:trojan-activity;sid:84208981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.167.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345880/; classtype:trojan-activity;sid:84208980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.112.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345879/; classtype:trojan-activity;sid:84208979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.128.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345878/; classtype:trojan-activity;sid:84208978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345877/; classtype:trojan-activity;sid:84208977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345876/; classtype:trojan-activity;sid:84208976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.31.44.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345875/; classtype:trojan-activity;sid:84208975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.58.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345874/; classtype:trojan-activity;sid:84208974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.42.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345873/; classtype:trojan-activity;sid:84208973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345872/; classtype:trojan-activity;sid:84208972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345871/; classtype:trojan-activity;sid:84208971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.111.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345870/; classtype:trojan-activity;sid:84208970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.133.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345869/; classtype:trojan-activity;sid:84208969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.46.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345868/; classtype:trojan-activity;sid:84208968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.225.43.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345867/; classtype:trojan-activity;sid:84208967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345866/; classtype:trojan-activity;sid:84208966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.175.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345865/; classtype:trojan-activity;sid:84208965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.201.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345864/; classtype:trojan-activity;sid:84208964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345863/; classtype:trojan-activity;sid:84208963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.229.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345861/; classtype:trojan-activity;sid:84208961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.65.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345862/; classtype:trojan-activity;sid:84208962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345860/; classtype:trojan-activity;sid:84208960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.178.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345859/; classtype:trojan-activity;sid:84208959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.225.163.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345858/; classtype:trojan-activity;sid:84208958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345856)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.157.247.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345856/; classtype:trojan-activity;sid:84208956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.112.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345857/; classtype:trojan-activity;sid:84208957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.252.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345855/; classtype:trojan-activity;sid:84208955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345854/; classtype:trojan-activity;sid:84208954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345853/; classtype:trojan-activity;sid:84208953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.155.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345852/; classtype:trojan-activity;sid:84208952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.33.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345851/; classtype:trojan-activity;sid:84208951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.133.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345850/; classtype:trojan-activity;sid:84208950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.225.43.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345849/; classtype:trojan-activity;sid:84208949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.177.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345848/; classtype:trojan-activity;sid:84208948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.12.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345845/; classtype:trojan-activity;sid:84208945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.214.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345846/; classtype:trojan-activity;sid:84208946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.46.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345847/; classtype:trojan-activity;sid:84208947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.22.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345844/; classtype:trojan-activity;sid:84208944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.92.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345843/; classtype:trojan-activity;sid:84208943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345842/; classtype:trojan-activity;sid:84208942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.20.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345841/; classtype:trojan-activity;sid:84208941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.108.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345840/; classtype:trojan-activity;sid:84208940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.30.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345839/; classtype:trojan-activity;sid:84208939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.252.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345838/; classtype:trojan-activity;sid:84208938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345837/; classtype:trojan-activity;sid:84208937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345836/; classtype:trojan-activity;sid:84208936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345835/; classtype:trojan-activity;sid:84208935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.225.163.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345834/; classtype:trojan-activity;sid:84208934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345833/; classtype:trojan-activity;sid:84208933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.9.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345832/; classtype:trojan-activity;sid:84208932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.155.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345830/; classtype:trojan-activity;sid:84208930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345831/; classtype:trojan-activity;sid:84208931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345828/; classtype:trojan-activity;sid:84208928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345829/; classtype:trojan-activity;sid:84208929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.177.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345827/; classtype:trojan-activity;sid:84208927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.14.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345826/; classtype:trojan-activity;sid:84208926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.240.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345825/; classtype:trojan-activity;sid:84208925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345823/; classtype:trojan-activity;sid:84208923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345824/; classtype:trojan-activity;sid:84208924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.93.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345822/; classtype:trojan-activity;sid:84208922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.212.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345821/; classtype:trojan-activity;sid:84208921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.111.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345820/; classtype:trojan-activity;sid:84208920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345819/; classtype:trojan-activity;sid:84208919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.125.212.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345817/; classtype:trojan-activity;sid:84208917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.20.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345818/; classtype:trojan-activity;sid:84208918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.14.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345815/; classtype:trojan-activity;sid:84208915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.122.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345816/; classtype:trojan-activity;sid:84208916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.119.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345814/; classtype:trojan-activity;sid:84208914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345813/; classtype:trojan-activity;sid:84208913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.116.249.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345811/; classtype:trojan-activity;sid:84208911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345812/; classtype:trojan-activity;sid:84208912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.6.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345810/; classtype:trojan-activity;sid:84208910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.101.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345809/; classtype:trojan-activity;sid:84208909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.154.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345808/; classtype:trojan-activity;sid:84208908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345807/; classtype:trojan-activity;sid:84208907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.186.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345803/; classtype:trojan-activity;sid:84208903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.113.102.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345804/; classtype:trojan-activity;sid:84208904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345805/; classtype:trojan-activity;sid:84208905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345806/; classtype:trojan-activity;sid:84208906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345801/; classtype:trojan-activity;sid:84208901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.205.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345802/; classtype:trojan-activity;sid:84208902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.226.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345800/; classtype:trojan-activity;sid:84208900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.5.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345799/; classtype:trojan-activity;sid:84208899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345798/; classtype:trojan-activity;sid:84208898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.113.100.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345797/; classtype:trojan-activity;sid:84208897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.247.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345796/; classtype:trojan-activity;sid:84208896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.104"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345795/; classtype:trojan-activity;sid:84208895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.33.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345793/; classtype:trojan-activity;sid:84208893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.50.89.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345794/; classtype:trojan-activity;sid:84208894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.61.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345792/; classtype:trojan-activity;sid:84208892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.35.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345791/; classtype:trojan-activity;sid:84208891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.247.185.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345790/; classtype:trojan-activity;sid:84208890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345789/; classtype:trojan-activity;sid:84208889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.91.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345788/; classtype:trojan-activity;sid:84208888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.177.200.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345787/; classtype:trojan-activity;sid:84208887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345786/; classtype:trojan-activity;sid:84208886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.3.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345785/; classtype:trojan-activity;sid:84208885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.17.133.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345784/; classtype:trojan-activity;sid:84208884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.82.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345783/; classtype:trojan-activity;sid:84208883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.108.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345782/; classtype:trojan-activity;sid:84208882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.5.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345781/; classtype:trojan-activity;sid:84208881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.208.154.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345780/; classtype:trojan-activity;sid:84208880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.74.21.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345779/; classtype:trojan-activity;sid:84208879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.50.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345778/; classtype:trojan-activity;sid:84208878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.24.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345777/; classtype:trojan-activity;sid:84208877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.10.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345776/; classtype:trojan-activity;sid:84208876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.249.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345774/; classtype:trojan-activity;sid:84208874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.223.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345775/; classtype:trojan-activity;sid:84208875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.237.188.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345773/; classtype:trojan-activity;sid:84208873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.28.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345772/; classtype:trojan-activity;sid:84208872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.54.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345771/; classtype:trojan-activity;sid:84208871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.82.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345770/; classtype:trojan-activity;sid:84208870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.98.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345768/; classtype:trojan-activity;sid:84208868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.177.200.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345769/; classtype:trojan-activity;sid:84208869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.23.126"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345767/; classtype:trojan-activity;sid:84208867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.24.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345766/; classtype:trojan-activity;sid:84208866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.208.154.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345765/; classtype:trojan-activity;sid:84208865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.19.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345764/; classtype:trojan-activity;sid:84208864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.21.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345763/; classtype:trojan-activity;sid:84208863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.179.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345762/; classtype:trojan-activity;sid:84208862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.75.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345761/; classtype:trojan-activity;sid:84208861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.44.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345760/; classtype:trojan-activity;sid:84208860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.159.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345759/; classtype:trojan-activity;sid:84208859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.136.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345758/; classtype:trojan-activity;sid:84208858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.237.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345755/; classtype:trojan-activity;sid:84208855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345756/; classtype:trojan-activity;sid:84208856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.7.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345757/; classtype:trojan-activity;sid:84208857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.124.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345754/; classtype:trojan-activity;sid:84208854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.204.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345753/; classtype:trojan-activity;sid:84208853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.98.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345752/; classtype:trojan-activity;sid:84208852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.196.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345751/; classtype:trojan-activity;sid:84208851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.215.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345750/; classtype:trojan-activity;sid:84208850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.17.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345749/; classtype:trojan-activity;sid:84208849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.111.126.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345748/; classtype:trojan-activity;sid:84208848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.124.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345747/; classtype:trojan-activity;sid:84208847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.66.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345746/; classtype:trojan-activity;sid:84208846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.40.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345745/; classtype:trojan-activity;sid:84208845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.175.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345744/; classtype:trojan-activity;sid:84208844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.161.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345743/; classtype:trojan-activity;sid:84208843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.238.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345742/; classtype:trojan-activity;sid:84208842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.102.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345741/; classtype:trojan-activity;sid:84208841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345740/; classtype:trojan-activity;sid:84208840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345739/; classtype:trojan-activity;sid:84208839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.111.126.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345738/; classtype:trojan-activity;sid:84208838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.108.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345736/; classtype:trojan-activity;sid:84208836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.159.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345737/; classtype:trojan-activity;sid:84208837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345735/; classtype:trojan-activity;sid:84208835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.75.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345734/; classtype:trojan-activity;sid:84208834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.20.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345733/; classtype:trojan-activity;sid:84208833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345732/; classtype:trojan-activity;sid:84208832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345731/; classtype:trojan-activity;sid:84208831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345730/; classtype:trojan-activity;sid:84208830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.83.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345729/; classtype:trojan-activity;sid:84208829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.7.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345728/; classtype:trojan-activity;sid:84208828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.162.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345727/; classtype:trojan-activity;sid:84208827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345725/; classtype:trojan-activity;sid:84208825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.60.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345726/; classtype:trojan-activity;sid:84208826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.107.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345724/; classtype:trojan-activity;sid:84208824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.114.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345723/; classtype:trojan-activity;sid:84208823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.237.188.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345721/; classtype:trojan-activity;sid:84208821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.9.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345722/; classtype:trojan-activity;sid:84208822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.145.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345720/; classtype:trojan-activity;sid:84208820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.2.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345719/; classtype:trojan-activity;sid:84208819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.122.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345717/; classtype:trojan-activity;sid:84208817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345718/; classtype:trojan-activity;sid:84208818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.159.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345716/; classtype:trojan-activity;sid:84208816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.237.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345715/; classtype:trojan-activity;sid:84208815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.73.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345714/; classtype:trojan-activity;sid:84208814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.175.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345713/; classtype:trojan-activity;sid:84208813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.111.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345711/; classtype:trojan-activity;sid:84208811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.219.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345712/; classtype:trojan-activity;sid:84208812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.83.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345709/; classtype:trojan-activity;sid:84208809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345710/; classtype:trojan-activity;sid:84208810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.192.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345707/; classtype:trojan-activity;sid:84208807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.157.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345708/; classtype:trojan-activity;sid:84208808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.111.126.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345706/; classtype:trojan-activity;sid:84208806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345705/; classtype:trojan-activity;sid:84208805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.117.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345704/; classtype:trojan-activity;sid:84208804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.127.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345703/; classtype:trojan-activity;sid:84208803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.111.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345701/; classtype:trojan-activity;sid:84208801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.174.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345702/; classtype:trojan-activity;sid:84208802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.124.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345700/; classtype:trojan-activity;sid:84208800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.99.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345699/; classtype:trojan-activity;sid:84208799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345696/; classtype:trojan-activity;sid:84208796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.115.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345697/; classtype:trojan-activity;sid:84208797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.162.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345698/; classtype:trojan-activity;sid:84208798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345695/; classtype:trojan-activity;sid:84208795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.99.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345694/; classtype:trojan-activity;sid:84208794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.46.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345693/; classtype:trojan-activity;sid:84208793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.140.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345692/; classtype:trojan-activity;sid:84208792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.139.220.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345691/; classtype:trojan-activity;sid:84208791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.245.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345690/; classtype:trojan-activity;sid:84208790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.75.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345689/; classtype:trojan-activity;sid:84208789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.9.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345688/; classtype:trojan-activity;sid:84208788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.219.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345687/; classtype:trojan-activity;sid:84208787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.94.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345686/; classtype:trojan-activity;sid:84208786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.12.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345685/; classtype:trojan-activity;sid:84208785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345684/; classtype:trojan-activity;sid:84208784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.159.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345683/; classtype:trojan-activity;sid:84208783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.117.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345682/; classtype:trojan-activity;sid:84208782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.118.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345681/; classtype:trojan-activity;sid:84208781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.34.111.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345680/; classtype:trojan-activity;sid:84208780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.236.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345679/; classtype:trojan-activity;sid:84208779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345678/; classtype:trojan-activity;sid:84208778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.222.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345677/; classtype:trojan-activity;sid:84208777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.189.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345676/; classtype:trojan-activity;sid:84208776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.75.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345674/; classtype:trojan-activity;sid:84208774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.107.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345675/; classtype:trojan-activity;sid:84208775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.136.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345673/; classtype:trojan-activity;sid:84208773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.59.6.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345672/; classtype:trojan-activity;sid:84208772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.114.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345671/; classtype:trojan-activity;sid:84208771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345669/; classtype:trojan-activity;sid:84208769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.230.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345670/; classtype:trojan-activity;sid:84208770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345668/; classtype:trojan-activity;sid:84208768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.140.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345667/; classtype:trojan-activity;sid:84208767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.51.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345666/; classtype:trojan-activity;sid:84208766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345665/; classtype:trojan-activity;sid:84208765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.120.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345664/; classtype:trojan-activity;sid:84208764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.184.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345663/; classtype:trojan-activity;sid:84208763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.12.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345662/; classtype:trojan-activity;sid:84208762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.89.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345660/; classtype:trojan-activity;sid:84208760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.111.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345661/; classtype:trojan-activity;sid:84208761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.122.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345658/; classtype:trojan-activity;sid:84208758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.89.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345659/; classtype:trojan-activity;sid:84208759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.189.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345657/; classtype:trojan-activity;sid:84208757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.252.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345655/; classtype:trojan-activity;sid:84208755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.41.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345656/; classtype:trojan-activity;sid:84208756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.114.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345654/; classtype:trojan-activity;sid:84208754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.222.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345653/; classtype:trojan-activity;sid:84208753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.6.180"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345651/; classtype:trojan-activity;sid:84208751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.136.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345652/; classtype:trojan-activity;sid:84208752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.1.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345650/; classtype:trojan-activity;sid:84208750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.112.100.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345649/; classtype:trojan-activity;sid:84208749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.219.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345648/; classtype:trojan-activity;sid:84208748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.159.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345647/; classtype:trojan-activity;sid:84208747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.120.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345646/; classtype:trojan-activity;sid:84208746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.139.220.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345644/; classtype:trojan-activity;sid:84208744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345645/; classtype:trojan-activity;sid:84208745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345643)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.31.201.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345643/; classtype:trojan-activity;sid:84208743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.100.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345449/; classtype:trojan-activity;sid:84208549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.103.153.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345446/; classtype:trojan-activity;sid:84208546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.103.153.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345436/; classtype:trojan-activity;sid:84208536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345363/; classtype:trojan-activity;sid:84208463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345362/; classtype:trojan-activity;sid:84208462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345358/; classtype:trojan-activity;sid:84208458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345343/; classtype:trojan-activity;sid:84208443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345289)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.180.176.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345289/; classtype:trojan-activity;sid:84208389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345262/; classtype:trojan-activity;sid:84208362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345127)"; flow:established,from_client; content:"GET"; http_method; content:"/no_dropper.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cuenta-ntflx.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345127/; classtype:trojan-activity;sid:84208227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345126)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cuenta-ntflx.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345126/; classtype:trojan-activity;sid:84208226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.240.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345124/; classtype:trojan-activity;sid:84208224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.2.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345120/; classtype:trojan-activity;sid:84208220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.50.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345113/; classtype:trojan-activity;sid:84208213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.240.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345104/; classtype:trojan-activity;sid:84208204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.50.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345096/; classtype:trojan-activity;sid:84208196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345094)"; flow:established,from_client; content:"GET"; http_method; content:"/download/neofindsetup.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"download.emailorganizer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345094/; classtype:trojan-activity;sid:84208194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345092)"; flow:established,from_client; content:"GET"; http_method; content:"/isnackycracky/keepassrdp/releases/latest/download/keepassrdp_v2.2.2.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345092/; classtype:trojan-activity;sid:84208192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345089)"; flow:established,from_client; content:"GET"; http_method; content:"/n00b69/woasetup/releases/download/installers/dxwebsetup.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345089/; classtype:trojan-activity;sid:84208189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345086)"; flow:established,from_client; content:"GET"; http_method; content:"/fcxcx.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.81.68.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345086/; classtype:trojan-activity;sid:84208186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345087)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rmx.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345087/; classtype:trojan-activity;sid:84208187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345085)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/refs/heads/main/outping.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345085/; classtype:trojan-activity;sid:84208185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345080)"; flow:established,from_client; content:"GET"; http_method; content:"/oct24.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"goalvaidclub.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345080/; classtype:trojan-activity;sid:84208180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345081)"; flow:established,from_client; content:"GET"; http_method; content:"/gmedusa135/nano/refs/heads/main/mbemimm.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345081/; classtype:trojan-activity;sid:84208181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345074)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/themes/darkblue_orange/img/!help_sos.hta"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345074/; classtype:trojan-activity;sid:84208174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345076)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345076/; classtype:trojan-activity;sid:84208176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345077)"; flow:established,from_client; content:"GET"; http_method; content:"/thanhtung19944/ok-/raw/refs/heads/main/outping.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345077/; classtype:trojan-activity;sid:84208177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345078)"; flow:established,from_client; content:"GET"; http_method; content:"/oct24.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.goalvaidclub.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345078/; classtype:trojan-activity;sid:84208178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345062)"; flow:established,from_client; content:"GET"; http_method; content:"/ys558pd/start.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"device.redirec.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345062/; classtype:trojan-activity;sid:84208162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345064)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/themes/darkblue_orange/!help_sos.hta"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345064/; classtype:trojan-activity;sid:84208164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.70.180.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345005/; classtype:trojan-activity;sid:84208105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344963)"; flow:established,from_client; content:"GET"; http_method; content:"/web/w8.jar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.3.220.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3344963/; classtype:trojan-activity;sid:84208063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.204.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3344795/; classtype:trojan-activity;sid:84207895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344791)"; flow:established,from_client; content:"GET"; http_method; content:"/itaxyhi.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.84.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3344791/; classtype:trojan-activity;sid:84207891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344792)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.84.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3344792/; classtype:trojan-activity;sid:84207892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3344719/; classtype:trojan-activity;sid:84207819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.151.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3344675/; classtype:trojan-activity;sid:84207775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.226.212.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3344661/; classtype:trojan-activity;sid:84207761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.102.187.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3344576/; classtype:trojan-activity;sid:84207676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.123.204.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3344448/; classtype:trojan-activity;sid:84207548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.204.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344429/; classtype:trojan-activity;sid:84207529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.168.0.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344337/; classtype:trojan-activity;sid:84207437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344310)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"137.220.194.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344310/; classtype:trojan-activity;sid:84207410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.97.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344266/; classtype:trojan-activity;sid:84207366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344259)"; flow:established,from_client; content:"GET"; http_method; content:"/5mhiopxjktprnvo.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344259/; classtype:trojan-activity;sid:84207359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344257)"; flow:established,from_client; content:"GET"; http_method; content:"/s/yqgmdksdofkpggt/download|3f|id=bb6aa222-3f20-42d0-a421-2079368e2857"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"i0004.clarodrive.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344257/; classtype:trojan-activity;sid:84207357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344247)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/ds7.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344247/; classtype:trojan-activity;sid:84207347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344248)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/ds6.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344248/; classtype:trojan-activity;sid:84207348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344246)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ad/old/dll.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344246/; classtype:trojan-activity;sid:84207346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.21.172.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344114/; classtype:trojan-activity;sid:84207214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.21.172.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340657/; classtype:trojan-activity;sid:84203757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340597)"; flow:established,from_client; content:"GET"; http_method; content:"/gost-linux-armv8"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"220.158.232.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340597/; classtype:trojan-activity;sid:84203697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340598)"; flow:established,from_client; content:"GET"; http_method; content:"/gost-linux-amd64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"220.158.232.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340598/; classtype:trojan-activity;sid:84203698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340599)"; flow:established,from_client; content:"GET"; http_method; content:"/payload"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"220.158.232.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340599/; classtype:trojan-activity;sid:84203699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340595)"; flow:established,from_client; content:"GET"; http_method; content:"/hide"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.158.232.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340595/; classtype:trojan-activity;sid:84203695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340489)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.arm7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340489/; classtype:trojan-activity;sid:84203589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340488)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.x86"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340488/; classtype:trojan-activity;sid:84203588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340486)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.ppc"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340486/; classtype:trojan-activity;sid:84203586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340487)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.arm6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340487/; classtype:trojan-activity;sid:84203587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340479)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.sh4"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340479/; classtype:trojan-activity;sid:84203579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340480)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.arm"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340480/; classtype:trojan-activity;sid:84203580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340481)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.mips"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340481/; classtype:trojan-activity;sid:84203581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340482)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.m68k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340482/; classtype:trojan-activity;sid:84203582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340483)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.mpsl"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340483/; classtype:trojan-activity;sid:84203583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340484)"; flow:established,from_client; content:"GET"; http_method; content:"/rapoffbeat/special-stuff/refs/heads/main/.5r3fqt67ew531has4231.arm5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340484/; classtype:trojan-activity;sid:84203584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340444)"; flow:established,from_client; content:"GET"; http_method; content:"/just-cmd-1909/am/refs/heads/main/loader.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340444/; classtype:trojan-activity;sid:84203544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340440)"; flow:established,from_client; content:"GET"; http_method; content:"/dis3j/wagnerhook/releases/download/release/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340440/; classtype:trojan-activity;sid:84203540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.87.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340436/; classtype:trojan-activity;sid:84203536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340424)"; flow:established,from_client; content:"GET"; http_method; content:"/stressedb/redengine/refs/heads/main/loader.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340424/; classtype:trojan-activity;sid:84203524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340418)"; flow:established,from_client; content:"GET"; http_method; content:"/697b92cb4e247842/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"92.255.57.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340418/; classtype:trojan-activity;sid:84203518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340419)"; flow:established,from_client; content:"GET"; http_method; content:"/697b92cb4e247842/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"92.255.57.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340419/; classtype:trojan-activity;sid:84203519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340413)"; flow:established,from_client; content:"GET"; http_method; content:"/697b92cb4e247842/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"92.255.57.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340413/; classtype:trojan-activity;sid:84203513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340414)"; flow:established,from_client; content:"GET"; http_method; content:"/697b92cb4e247842/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"92.255.57.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340414/; classtype:trojan-activity;sid:84203514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340415)"; flow:established,from_client; content:"GET"; http_method; content:"/697b92cb4e247842/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"92.255.57.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340415/; classtype:trojan-activity;sid:84203515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340416)"; flow:established,from_client; content:"GET"; http_method; content:"/697b92cb4e247842/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"92.255.57.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340416/; classtype:trojan-activity;sid:84203516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340417)"; flow:established,from_client; content:"GET"; http_method; content:"/697b92cb4e247842/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"92.255.57.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340417/; classtype:trojan-activity;sid:84203517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.72.96.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340405/; classtype:trojan-activity;sid:84203505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340399)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest%20v1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340399/; classtype:trojan-activity;sid:84203499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340398)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/complexo%20v4.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340398/; classtype:trojan-activity;sid:84203498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340395)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/box3d.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340395/; classtype:trojan-activity;sid:84203495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340396)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/lkwan.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340396/; classtype:trojan-activity;sid:84203496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340397)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/flunix9.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340397/; classtype:trojan-activity;sid:84203497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340392)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/elzhas%20pannel.dll"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340392/; classtype:trojan-activity;sid:84203492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340393)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/morovip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340393/; classtype:trojan-activity;sid:84203493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340394)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/hazaxd.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340394/; classtype:trojan-activity;sid:84203494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340391)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340391/; classtype:trojan-activity;sid:84203491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340390)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/blue_and_white.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340390/; classtype:trojan-activity;sid:84203490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340363)"; flow:established,from_client; content:"GET"; http_method; content:"/huuuuggga/aaaaa1/refs/heads/main/srtware.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340363/; classtype:trojan-activity;sid:84203463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.72.96.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340359/; classtype:trojan-activity;sid:84203459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340322)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340322/; classtype:trojan-activity;sid:84203422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.174.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340308/; classtype:trojan-activity;sid:84203408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340216)"; flow:established,from_client; content:"GET"; http_method; content:"/rarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340216/; classtype:trojan-activity;sid:84203316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340076)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin1.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.117.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340076/; classtype:trojan-activity;sid:84203176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340074)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin2.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.117.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340074/; classtype:trojan-activity;sid:84203174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340075)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin3.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.117.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340075/; classtype:trojan-activity;sid:84203175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340072)"; flow:established,from_client; content:"GET"; http_method; content:"/node/autohotkeyu64.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340072/; classtype:trojan-activity;sid:84203172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340071)"; flow:established,from_client; content:"GET"; http_method; content:"/node/setup.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340071/; classtype:trojan-activity;sid:84203171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340031)"; flow:established,from_client; content:"GET"; http_method; content:"/htaaa.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mandarin.net.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340031/; classtype:trojan-activity;sid:84203131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340026)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/test-rat-do-not-download-exe/refs/heads/main/downloader.hta"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340026/; classtype:trojan-activity;sid:84203126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.58.130.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3339994/; classtype:trojan-activity;sid:84203094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.58.130.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3339977/; classtype:trojan-activity;sid:84203077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339934)"; flow:established,from_client; content:"GET"; http_method; content:"/apqskvtvd60sdam.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3339934/; classtype:trojan-activity;sid:84203034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339931)"; flow:established,from_client; content:"GET"; http_method; content:"/hkp098767890hj.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3339931/; classtype:trojan-activity;sid:84203031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.108.76.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3339907/; classtype:trojan-activity;sid:84203007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339609)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7403972632/c1j7svw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3339609/; classtype:trojan-activity;sid:84202709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339529)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rodriakd-8413d.appspot.com/o/dll%2fdllrodita.txt|3f|alt=media|7c|26|7c|token=e71965a3-c432-4759-9f03-7fe4e0c99072"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339529/; classtype:trojan-activity;sid:84202629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339528)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/phpmwbp6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339528/; classtype:trojan-activity;sid:84202628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.2.94.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339515/; classtype:trojan-activity;sid:84202615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.125.212.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339501/; classtype:trojan-activity;sid:84202601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339499/; classtype:trojan-activity;sid:84202599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.33.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339399/; classtype:trojan-activity;sid:84202499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.33.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339389/; classtype:trojan-activity;sid:84202489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339341)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl-wrt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339341/; classtype:trojan-activity;sid:84202441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339342)"; flow:established,from_client; content:"GET"; http_method; content:"/csky"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339342/; classtype:trojan-activity;sid:84202442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"198.2.94.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339329/; classtype:trojan-activity;sid:84202429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339298)"; flow:established,from_client; content:"GET"; http_method; content:"/hackervnone/keydoid/refs/heads/main/xmetavn"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339298/; classtype:trojan-activity;sid:84202398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339297)"; flow:established,from_client; content:"GET"; http_method; content:"/vietnamplug.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ai-kling.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339297/; classtype:trojan-activity;sid:84202397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339296)"; flow:established,from_client; content:"GET"; http_method; content:"/vietnamplug.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ai-kling.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339296/; classtype:trojan-activity;sid:84202396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339266)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.125.133.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339266/; classtype:trojan-activity;sid:84202366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339269)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.52.16.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339269/; classtype:trojan-activity;sid:84202369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339271)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.178.115.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339271/; classtype:trojan-activity;sid:84202371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.203.150.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339262/; classtype:trojan-activity;sid:84202362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339264)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.23.51.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339264/; classtype:trojan-activity;sid:84202364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.203.105.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339255/; classtype:trojan-activity;sid:84202355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339256)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.202.71.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339256/; classtype:trojan-activity;sid:84202356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339257)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.14.187"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339257/; classtype:trojan-activity;sid:84202357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.144.10.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339258/; classtype:trojan-activity;sid:84202358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.166.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339250/; classtype:trojan-activity;sid:84202350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339252)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339252/; classtype:trojan-activity;sid:84202352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.40.68.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339244/; classtype:trojan-activity;sid:84202344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339245)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.138.107.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339245/; classtype:trojan-activity;sid:84202345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339247)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.125.133.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339247/; classtype:trojan-activity;sid:84202347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339241)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.23.51.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339241/; classtype:trojan-activity;sid:84202341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339238)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.245.244.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339238/; classtype:trojan-activity;sid:84202338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339239)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.211.187.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339239/; classtype:trojan-activity;sid:84202339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.233.95.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339240/; classtype:trojan-activity;sid:84202340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339236)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.15.137.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339236/; classtype:trojan-activity;sid:84202336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339226)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.223.44.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339226/; classtype:trojan-activity;sid:84202326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339227)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.236.0.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339227/; classtype:trojan-activity;sid:84202327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339228)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.173.151.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339228/; classtype:trojan-activity;sid:84202328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.12.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339230/; classtype:trojan-activity;sid:84202330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339234)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.147.222.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339234/; classtype:trojan-activity;sid:84202334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339224)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.90.15.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339224/; classtype:trojan-activity;sid:84202324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.144.235.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339223/; classtype:trojan-activity;sid:84202323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339216)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.136.193.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339216/; classtype:trojan-activity;sid:84202316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339217)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.188.34.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339217/; classtype:trojan-activity;sid:84202317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.20.27.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339219/; classtype:trojan-activity;sid:84202319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339220)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.101.230.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339220/; classtype:trojan-activity;sid:84202320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339221)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.93.83.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339221/; classtype:trojan-activity;sid:84202321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339222)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339222/; classtype:trojan-activity;sid:84202322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339215)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.222.2.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339215/; classtype:trojan-activity;sid:84202315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339209)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.96.1.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339209/; classtype:trojan-activity;sid:84202309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339202)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.34.205.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339202/; classtype:trojan-activity;sid:84202302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339203)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.43.74.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339203/; classtype:trojan-activity;sid:84202303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339207)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.25.237.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339207/; classtype:trojan-activity;sid:84202307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339200)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.165.170.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339200/; classtype:trojan-activity;sid:84202300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339185)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.2.14.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339185/; classtype:trojan-activity;sid:84202285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339186)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.206.205.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339186/; classtype:trojan-activity;sid:84202286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339181)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.236.133.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339181/; classtype:trojan-activity;sid:84202281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339175)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.183.247.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339175/; classtype:trojan-activity;sid:84202275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339177)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.236.129.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339177/; classtype:trojan-activity;sid:84202277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.209.164.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339178/; classtype:trojan-activity;sid:84202278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339179)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.49.114.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339179/; classtype:trojan-activity;sid:84202279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339172)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.86.12.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339172/; classtype:trojan-activity;sid:84202272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339173)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.122.54.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339173/; classtype:trojan-activity;sid:84202273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.110.204.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339168/; classtype:trojan-activity;sid:84202268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.151.185.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339169/; classtype:trojan-activity;sid:84202269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339171)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.57.125.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339171/; classtype:trojan-activity;sid:84202271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.37.126.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339165/; classtype:trojan-activity;sid:84202265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.233.125.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339162/; classtype:trojan-activity;sid:84202262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339154)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"152.231.66.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339154/; classtype:trojan-activity;sid:84202254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339155)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.41.63.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339155/; classtype:trojan-activity;sid:84202255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339156)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339156/; classtype:trojan-activity;sid:84202256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339157)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.148.113.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339157/; classtype:trojan-activity;sid:84202257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339159)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.236.239.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339159/; classtype:trojan-activity;sid:84202259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339148)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.90.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339148/; classtype:trojan-activity;sid:84202248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339149)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.32.20.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339149/; classtype:trojan-activity;sid:84202249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339152)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339152/; classtype:trojan-activity;sid:84202252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339145)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.144.235.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339145/; classtype:trojan-activity;sid:84202245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339147)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.254.186.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339147/; classtype:trojan-activity;sid:84202247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.162.140.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339142/; classtype:trojan-activity;sid:84202242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339140)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"163.182.13.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339140/; classtype:trojan-activity;sid:84202240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339131)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.110.210.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339131/; classtype:trojan-activity;sid:84202231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339132/; classtype:trojan-activity;sid:84202232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339135)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"99.240.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339135/; classtype:trojan-activity;sid:84202235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339136)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.101.157.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339136/; classtype:trojan-activity;sid:84202236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339118)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.218.189.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339118/; classtype:trojan-activity;sid:84202218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.216.107.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339121/; classtype:trojan-activity;sid:84202221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339122)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.91.8.192"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339122/; classtype:trojan-activity;sid:84202222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339124)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339124/; classtype:trojan-activity;sid:84202224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339126)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.236.135.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339126/; classtype:trojan-activity;sid:84202226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"173.178.94.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339127/; classtype:trojan-activity;sid:84202227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339128)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.200.109.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339128/; classtype:trojan-activity;sid:84202228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339129)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.144.235.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339129/; classtype:trojan-activity;sid:84202229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339130)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.194.129.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339130/; classtype:trojan-activity;sid:84202230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339116)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339116/; classtype:trojan-activity;sid:84202216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339113)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"207.113.208.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339113/; classtype:trojan-activity;sid:84202213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339114)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339114/; classtype:trojan-activity;sid:84202214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339111)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.121.195.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339111/; classtype:trojan-activity;sid:84202211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339106)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339106/; classtype:trojan-activity;sid:84202206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339109)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339109/; classtype:trojan-activity;sid:84202209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339105)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.34.137.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339105/; classtype:trojan-activity;sid:84202205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339093)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.205.84.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339093/; classtype:trojan-activity;sid:84202193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339094)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.51.189.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339094/; classtype:trojan-activity;sid:84202194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339096)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.103.184.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339096/; classtype:trojan-activity;sid:84202196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339097)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.117.240.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339097/; classtype:trojan-activity;sid:84202197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339099)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.233.95.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339099/; classtype:trojan-activity;sid:84202199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.125.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339100/; classtype:trojan-activity;sid:84202200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339084)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.85.166.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339084/; classtype:trojan-activity;sid:84202184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339086)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.121.33.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339086/; classtype:trojan-activity;sid:84202186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339089)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.108.228.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339089/; classtype:trojan-activity;sid:84202189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339092)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.214.196.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339092/; classtype:trojan-activity;sid:84202192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339081)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.176.149.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339081/; classtype:trojan-activity;sid:84202181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339082)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339082/; classtype:trojan-activity;sid:84202182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339083)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.63.79.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339083/; classtype:trojan-activity;sid:84202183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339066)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.70.206.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339066/; classtype:trojan-activity;sid:84202166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339065)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.158.158.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339065/; classtype:trojan-activity;sid:84202165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339061)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.153.52.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339061/; classtype:trojan-activity;sid:84202161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339029)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.244.167.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339029/; classtype:trojan-activity;sid:84202129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339023)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.94.204.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339023/; classtype:trojan-activity;sid:84202123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339021)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"touduanyiyuan.bugmakerx.cn"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339021/; classtype:trojan-activity;sid:84202121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339018)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.226.125.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339018/; classtype:trojan-activity;sid:84202118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339019)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.106.152.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339019/; classtype:trojan-activity;sid:84202119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339020)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ec2-18-166-176-228.ap-east-1.compute.amazonaws.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339020/; classtype:trojan-activity;sid:84202120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339014)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.180.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339014/; classtype:trojan-activity;sid:84202114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339017)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"59.110.136.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339017/; classtype:trojan-activity;sid:84202117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339010)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"44.243.209.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339010/; classtype:trojan-activity;sid:84202110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339011)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.27.160.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339011/; classtype:trojan-activity;sid:84202111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339004)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.212.60.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339004/; classtype:trojan-activity;sid:84202104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339006)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.133.229.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339006/; classtype:trojan-activity;sid:84202106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339008)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.180.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339008/; classtype:trojan-activity;sid:84202108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338995)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.10.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338995/; classtype:trojan-activity;sid:84202095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338996)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.229.187.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338996/; classtype:trojan-activity;sid:84202096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338997)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.94.204.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338997/; classtype:trojan-activity;sid:84202097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338989)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.92.14.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338989/; classtype:trojan-activity;sid:84202089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338985)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"148.135.77.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338985/; classtype:trojan-activity;sid:84202085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338987)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.10.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338987/; classtype:trojan-activity;sid:84202087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338980)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.71.202.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338980/; classtype:trojan-activity;sid:84202080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338981)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.226.125.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338981/; classtype:trojan-activity;sid:84202081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338976)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.51.37.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338976/; classtype:trojan-activity;sid:84202076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338977)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.51.37.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338977/; classtype:trojan-activity;sid:84202077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338971)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"44.243.209.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338971/; classtype:trojan-activity;sid:84202071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338972)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.45.171.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338972/; classtype:trojan-activity;sid:84202072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338973)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"170.130.165.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338973/; classtype:trojan-activity;sid:84202073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338975)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.184.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338975/; classtype:trojan-activity;sid:84202075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338963)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.24.38.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338963/; classtype:trojan-activity;sid:84202063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338964)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.236.244.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338964/; classtype:trojan-activity;sid:84202064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338967)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.62.69.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338967/; classtype:trojan-activity;sid:84202067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338969)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dev.cyberark-igiwax.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338969/; classtype:trojan-activity;sid:84202069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338955)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.90.142.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338955/; classtype:trojan-activity;sid:84202055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338958)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.180.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338958/; classtype:trojan-activity;sid:84202058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338954)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.28.129.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338954/; classtype:trojan-activity;sid:84202054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338948)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.104.22.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338948/; classtype:trojan-activity;sid:84202048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338941)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.222.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338941/; classtype:trojan-activity;sid:84202041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338942)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.189.79.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338942/; classtype:trojan-activity;sid:84202042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338943)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.46.28.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338943/; classtype:trojan-activity;sid:84202043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338944)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.180.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338944/; classtype:trojan-activity;sid:84202044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338945)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.173.57.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338945/; classtype:trojan-activity;sid:84202045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338936)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"api.co-operativefinance.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338936/; classtype:trojan-activity;sid:84202036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338931)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.32.37.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338931/; classtype:trojan-activity;sid:84202031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338933)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.127.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338933/; classtype:trojan-activity;sid:84202033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338934)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"18.166.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338934/; classtype:trojan-activity;sid:84202034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338928)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"admin.aishangzhua.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338928/; classtype:trojan-activity;sid:84202028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338922)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.170.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338922/; classtype:trojan-activity;sid:84202022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338923)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.75.61.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338923/; classtype:trojan-activity;sid:84202023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338919)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338919/; classtype:trojan-activity;sid:84202019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338920)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.114.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338920/; classtype:trojan-activity;sid:84202020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338921)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.117.93.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338921/; classtype:trojan-activity;sid:84202021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338917)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.12.226.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338917/; classtype:trojan-activity;sid:84202017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338918)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338918/; classtype:trojan-activity;sid:84202018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338914)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.118.170.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338914/; classtype:trojan-activity;sid:84202014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338915)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"59.110.136.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338915/; classtype:trojan-activity;sid:84202015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338906)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.41.89.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338906/; classtype:trojan-activity;sid:84202006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338910)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.105.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338910/; classtype:trojan-activity;sid:84202010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338903)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dev.cyberark-igiwax.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338903/; classtype:trojan-activity;sid:84202003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338904)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ecs-123-60-182-88.compute.hwclouds-dns.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338904/; classtype:trojan-activity;sid:84202004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338898)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.90.142.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338898/; classtype:trojan-activity;sid:84201998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338892)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"29.251.196.35.bc.googleusercontent.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338892/; classtype:trojan-activity;sid:84201992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338893)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.20.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338893/; classtype:trojan-activity;sid:84201993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338882)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.143.143.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338882/; classtype:trojan-activity;sid:84201982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338883)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.164.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338883/; classtype:trojan-activity;sid:84201983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338885)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.37.66.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338885/; classtype:trojan-activity;sid:84201985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338886)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"173.231.247.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338886/; classtype:trojan-activity;sid:84201986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338889)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.89.212.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338889/; classtype:trojan-activity;sid:84201989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338879)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.98.197.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338879/; classtype:trojan-activity;sid:84201979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338881)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"license.bugmakerx.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338881/; classtype:trojan-activity;sid:84201981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338871)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"59.110.136.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338871/; classtype:trojan-activity;sid:84201971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338861)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.158.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338861/; classtype:trojan-activity;sid:84201961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338862)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.252.183.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338862/; classtype:trojan-activity;sid:84201962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338853)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"service.bugmakerx.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338853/; classtype:trojan-activity;sid:84201953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338854)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.112.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338854/; classtype:trojan-activity;sid:84201954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338855)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.95.44.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338855/; classtype:trojan-activity;sid:84201955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338856)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338856/; classtype:trojan-activity;sid:84201956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338858)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"52.238.29.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338858/; classtype:trojan-activity;sid:84201958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338859)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.99.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338859/; classtype:trojan-activity;sid:84201959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338840)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.113.217.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338840/; classtype:trojan-activity;sid:84201940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338842)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.246.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338842/; classtype:trojan-activity;sid:84201942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338843)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.63.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338843/; classtype:trojan-activity;sid:84201943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338844)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.201.247.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338844/; classtype:trojan-activity;sid:84201944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338845)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"110.40.177.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338845/; classtype:trojan-activity;sid:84201945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338848)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.131.50.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338848/; classtype:trojan-activity;sid:84201948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338849)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.226.125.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338849/; classtype:trojan-activity;sid:84201949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338852)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.173.118.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338852/; classtype:trojan-activity;sid:84201952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338839)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.50.181.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338839/; classtype:trojan-activity;sid:84201939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338835)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.23.75.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338835/; classtype:trojan-activity;sid:84201935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338832)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ylmcbeta-invite.bugmakerx.cn"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338832/; classtype:trojan-activity;sid:84201932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338813)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin2.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338813/; classtype:trojan-activity;sid:84201913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338810)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin1.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338810/; classtype:trojan-activity;sid:84201910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338811)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin2.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338811/; classtype:trojan-activity;sid:84201911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338812)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin1.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338812/; classtype:trojan-activity;sid:84201912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338758)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/berekegift.apk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338758/; classtype:trojan-activity;sid:84201858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338755)"; flow:established,from_client; content:"GET"; http_method; content:"/l0venxn22/eulenmodmenu/main/loader.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338755/; classtype:trojan-activity;sid:84201855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338729)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/europe123.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338729/; classtype:trojan-activity;sid:84201829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338728)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/l3bevvn7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338728/; classtype:trojan-activity;sid:84201828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338727)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/k1de2zkz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338727/; classtype:trojan-activity;sid:84201827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338726)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/d8rb24m3.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338726/; classtype:trojan-activity;sid:84201826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338724)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lu4421.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338724/; classtype:trojan-activity;sid:84201824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338717)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lega.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338717/; classtype:trojan-activity;sid:84201817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338718)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/g9win6bb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338718/; classtype:trojan-activity;sid:84201818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338719)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dmn6qzwr.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338719/; classtype:trojan-activity;sid:84201819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338722)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kxfh9qhs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338722/; classtype:trojan-activity;sid:84201822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338715)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338715/; classtype:trojan-activity;sid:84201815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338714)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/app.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338714/; classtype:trojan-activity;sid:84201814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338712)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/game.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338712/; classtype:trojan-activity;sid:84201812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338708)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/set-up-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338708/; classtype:trojan-activity;sid:84201808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338709)"; flow:established,from_client; content:"GET"; http_method; content:"/client/pap46e1ukz.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"scan-echo.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338709/; classtype:trojan-activity;sid:84201809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338710)"; flow:established,from_client; content:"GET"; http_method; content:"/uploadcsv/file/uploadcsvv416.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"tianyinsoft.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338710/; classtype:trojan-activity;sid:84201810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338706)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/main/mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338706/; classtype:trojan-activity;sid:84201806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338703)"; flow:established,from_client; content:"GET"; http_method; content:"/factura.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338703/; classtype:trojan-activity;sid:84201803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338702)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v_dolg.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338702/; classtype:trojan-activity;sid:84201802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338692)"; flow:established,from_client; content:"GET"; http_method; content:"/h8hsp6zrmtji2hc.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338692/; classtype:trojan-activity;sid:84201792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338693)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/sh4"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338693/; classtype:trojan-activity;sid:84201793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338695)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/aqbjn3fl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338695/; classtype:trojan-activity;sid:84201795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338696)"; flow:established,from_client; content:"GET"; http_method; content:"/client_main/hwid.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"keyser-api.eu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338696/; classtype:trojan-activity;sid:84201796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338697)"; flow:established,from_client; content:"GET"; http_method; content:"/h8hsp6zrmtji2hc.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338697/; classtype:trojan-activity;sid:84201797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338687)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t8wl838w.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338687/; classtype:trojan-activity;sid:84201787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338690)"; flow:established,from_client; content:"GET"; http_method; content:"/factura098765678.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338690/; classtype:trojan-activity;sid:84201790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338684)"; flow:established,from_client; content:"GET"; http_method; content:"/po076567890000.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338684/; classtype:trojan-activity;sid:84201784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338680)"; flow:established,from_client; content:"GET"; http_method; content:"/factura098765678.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338680/; classtype:trojan-activity;sid:84201780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338677)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dragonhack.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338677/; classtype:trojan-activity;sid:84201777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338675)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/zeropersca.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338675/; classtype:trojan-activity;sid:84201775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338671)"; flow:established,from_client; content:"GET"; http_method; content:"/phjg9876789000.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338671/; classtype:trojan-activity;sid:84201771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338669)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/trru7rd2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338669/; classtype:trojan-activity;sid:84201769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338668)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5hvzv2sl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338668/; classtype:trojan-activity;sid:84201768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338664)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/atleqqxo.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338664/; classtype:trojan-activity;sid:84201764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338658)"; flow:established,from_client; content:"GET"; http_method; content:"/factura-09876rt567800.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338658/; classtype:trojan-activity;sid:84201758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338655)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/autoupdate.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338655/; classtype:trojan-activity;sid:84201755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338656)"; flow:established,from_client; content:"GET"; http_method; content:"/kabot/unix-privilege-escalation-exploits-pack/master/2012/vmsplice-local-root-exploit"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338656/; classtype:trojan-activity;sid:84201756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338654)"; flow:established,from_client; content:"GET"; http_method; content:"/po076567890000.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338654/; classtype:trojan-activity;sid:84201754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338653)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nsoft.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338653/; classtype:trojan-activity;sid:84201753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338650)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidthmonitor.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338650/; classtype:trojan-activity;sid:84201750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338644)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5hvzv2sl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338644/; classtype:trojan-activity;sid:84201744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338642)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338642/; classtype:trojan-activity;sid:84201742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338641)"; flow:established,from_client; content:"GET"; http_method; content:"/dfsa0987789000po.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338641/; classtype:trojan-activity;sid:84201741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338638)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin3.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338638/; classtype:trojan-activity;sid:84201738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338639)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex2022.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338639/; classtype:trojan-activity;sid:84201739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338640)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338640/; classtype:trojan-activity;sid:84201740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338637)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/quzfesaq.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338637/; classtype:trojan-activity;sid:84201737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338636)"; flow:established,from_client; content:"GET"; http_method; content:"/client_main/loader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"keyser-api.eu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338636/; classtype:trojan-activity;sid:84201736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338635)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qpg08oli.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338635/; classtype:trojan-activity;sid:84201735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338634)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.204.97.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338634/; classtype:trojan-activity;sid:84201734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338633)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xmbld.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338633/; classtype:trojan-activity;sid:84201733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338631)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/d4cye08a.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338631/; classtype:trojan-activity;sid:84201731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338629)"; flow:established,from_client; content:"GET"; http_method; content:"/images/8fc809.jpg"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jtpdev.co.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338629/; classtype:trojan-activity;sid:84201729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338627)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xao8gh38.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338627/; classtype:trojan-activity;sid:84201727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338628)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338628/; classtype:trojan-activity;sid:84201728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338626)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/autoupdate.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"103.167.88.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338626/; classtype:trojan-activity;sid:84201726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338624)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex2025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338624/; classtype:trojan-activity;sid:84201724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338625)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/p4cof96p.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338625/; classtype:trojan-activity;sid:84201725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338623)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/r42aoop5.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338623/; classtype:trojan-activity;sid:84201723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338622)"; flow:established,from_client; content:"GET"; http_method; content:"/ib9876789000.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338622/; classtype:trojan-activity;sid:84201722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338621)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/visagiftcardgen.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338621/; classtype:trojan-activity;sid:84201721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338620)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2kudv4ea.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338620/; classtype:trojan-activity;sid:84201720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338619)"; flow:established,from_client; content:"GET"; http_method; content:"/factura-09876rt567800.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338619/; classtype:trojan-activity;sid:84201719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338617)"; flow:established,from_client; content:"GET"; http_method; content:"/fact0987789000900.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338617/; classtype:trojan-activity;sid:84201717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338614)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/x6uvjuko.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338614/; classtype:trojan-activity;sid:84201714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338615)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338615/; classtype:trojan-activity;sid:84201715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338606)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/roblox1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338606/; classtype:trojan-activity;sid:84201706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338602)"; flow:established,from_client; content:"GET"; http_method; content:"/uploadbaby/file/uploadbabyv538.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"tianyinsoft.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338602/; classtype:trojan-activity;sid:84201702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338603)"; flow:established,from_client; content:"GET"; http_method; content:"/ib9876789000.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338603/; classtype:trojan-activity;sid:84201703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338599)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zk1b090h.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338599/; classtype:trojan-activity;sid:84201699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338591)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex2025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338591/; classtype:trojan-activity;sid:84201691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338590)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/szo0xbx8.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338590/; classtype:trojan-activity;sid:84201690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338589)"; flow:established,from_client; content:"GET"; http_method; content:"/fdr9876567000.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338589/; classtype:trojan-activity;sid:84201689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338581)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex2022.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338581/; classtype:trojan-activity;sid:84201681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338578)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"t.0000o.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338578/; classtype:trojan-activity;sid:84201678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338576)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1fxm3u0d.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338576/; classtype:trojan-activity;sid:84201676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338573)"; flow:established,from_client; content:"GET"; http_method; content:"/test/am209.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338573/; classtype:trojan-activity;sid:84201673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338572)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2v6wf6kn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338572/; classtype:trojan-activity;sid:84201672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338570)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.36.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338570/; classtype:trojan-activity;sid:84201670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338567)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/305iz8bs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338567/; classtype:trojan-activity;sid:84201667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338565)"; flow:established,from_client; content:"GET"; http_method; content:"/na56785590-.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338565/; classtype:trojan-activity;sid:84201665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338563)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mzjfgebm.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338563/; classtype:trojan-activity;sid:84201663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338557)"; flow:established,from_client; content:"GET"; http_method; content:"/net/boot.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338557/; classtype:trojan-activity;sid:84201657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338559)"; flow:established,from_client; content:"GET"; http_method; content:"/phjg9876789000.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338559/; classtype:trojan-activity;sid:84201659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338560)"; flow:established,from_client; content:"GET"; http_method; content:"/ga13372/jv/main/javaw.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338560/; classtype:trojan-activity;sid:84201660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338561)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3zv8x9q7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338561/; classtype:trojan-activity;sid:84201661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338552)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice-9876.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338552/; classtype:trojan-activity;sid:84201652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338554)"; flow:established,from_client; content:"GET"; http_method; content:"/jhpatchouli/payload/raw/master/artifact.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gitee.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338554/; classtype:trojan-activity;sid:84201654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338550)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/n8um2y9v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338550/; classtype:trojan-activity;sid:84201650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338548)"; flow:established,from_client; content:"GET"; http_method; content:"/nicxlau/alfa-shell/master/alfa-obfuscated.php"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338548/; classtype:trojan-activity;sid:84201648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338545)"; flow:established,from_client; content:"GET"; http_method; content:"/fdr9876567000.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338545/; classtype:trojan-activity;sid:84201645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338546)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/image/inlandspom.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.clubedasluluzinhasro.com.br"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338546/; classtype:trojan-activity;sid:84201646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338542)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zq6a1iqg.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338542/; classtype:trojan-activity;sid:84201642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338538)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338538/; classtype:trojan-activity;sid:84201638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338534)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scj7cm7v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338534/; classtype:trojan-activity;sid:84201634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338535)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/arm6"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338535/; classtype:trojan-activity;sid:84201635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338527)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/app.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338527/; classtype:trojan-activity;sid:84201627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338524)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xmbld.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338524/; classtype:trojan-activity;sid:84201624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338525)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/szo0xbx8.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338525/; classtype:trojan-activity;sid:84201625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338526)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zk1b090h.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338526/; classtype:trojan-activity;sid:84201626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338518)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/l3bevvn7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338518/; classtype:trojan-activity;sid:84201618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338519)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/x6uvjuko.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338519/; classtype:trojan-activity;sid:84201619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338520)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/set-up-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338520/; classtype:trojan-activity;sid:84201620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338521)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/trru7rd2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338521/; classtype:trojan-activity;sid:84201621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338522)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/d8rb24m3.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338522/; classtype:trojan-activity;sid:84201622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338516)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/europe123.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338516/; classtype:trojan-activity;sid:84201616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338517)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kxfh9qhs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338517/; classtype:trojan-activity;sid:84201617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338515)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lu4421.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338515/; classtype:trojan-activity;sid:84201615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338514)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/atleqqxo.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338514/; classtype:trojan-activity;sid:84201614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338513)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lega.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338513/; classtype:trojan-activity;sid:84201613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338512)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidthmonitor.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338512/; classtype:trojan-activity;sid:84201612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338511)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v_dolg.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338511/; classtype:trojan-activity;sid:84201611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338509)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qpg08oli.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338509/; classtype:trojan-activity;sid:84201609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338510)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t8wl838w.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338510/; classtype:trojan-activity;sid:84201610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338506)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/d4cye08a.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338506/; classtype:trojan-activity;sid:84201606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338507)"; flow:established,from_client; content:"GET"; http_method; content:"/aissardp/payload/main/payload.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338507/; classtype:trojan-activity;sid:84201607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338508)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nsoft.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338508/; classtype:trojan-activity;sid:84201608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338505)"; flow:established,from_client; content:"GET"; http_method; content:"/cracker1337uwu/rrr/main/bypass.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338505/; classtype:trojan-activity;sid:84201605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338502)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mzjfgebm.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338502/; classtype:trojan-activity;sid:84201602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338501)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/aqbjn3fl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338501/; classtype:trojan-activity;sid:84201601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338500)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/visagiftcardgen.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338500/; classtype:trojan-activity;sid:84201600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338497)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/305iz8bs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338497/; classtype:trojan-activity;sid:84201597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338499)"; flow:established,from_client; content:"GET"; http_method; content:"/g1vi/cve-2023-2640-cve-2023-32629/main/exploit.sh"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338499/; classtype:trojan-activity;sid:84201599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338496)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/g9win6bb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338496/; classtype:trojan-activity;sid:84201596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338495)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/quzfesaq.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338495/; classtype:trojan-activity;sid:84201595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338493)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenmanmkt/repo1/main/exploit-2"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338493/; classtype:trojan-activity;sid:84201593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338492)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/self-injection/self-injection.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338492/; classtype:trojan-activity;sid:84201592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338489)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/r42aoop5.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338489/; classtype:trojan-activity;sid:84201589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338490)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin3.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338490/; classtype:trojan-activity;sid:84201590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338486)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zq6a1iqg.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338486/; classtype:trojan-activity;sid:84201586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338487)"; flow:established,from_client; content:"GET"; http_method; content:"/cyberhunter00/remote_hijack/master/uac_bypass.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338487/; classtype:trojan-activity;sid:84201587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338483)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xao8gh38.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338483/; classtype:trojan-activity;sid:84201583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338477)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/roblox1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338477/; classtype:trojan-activity;sid:84201577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338481)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/p4cof96p.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338481/; classtype:trojan-activity;sid:84201581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338482)"; flow:established,from_client; content:"GET"; http_method; content:"/files/cos.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"drdavidfishbein.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338482/; classtype:trojan-activity;sid:84201582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338473)"; flow:established,from_client; content:"GET"; http_method; content:"/fromfranceanb/d46c38bce2b0d9c6hcffa6baea82ece29fa6d238/main/injection.js"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338473/; classtype:trojan-activity;sid:84201573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338474)"; flow:established,from_client; content:"GET"; http_method; content:"/test/am209.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338474/; classtype:trojan-activity;sid:84201574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338475)"; flow:established,from_client; content:"GET"; http_method; content:"/cocomelonc/2022-01-14-malware-injection-13/master/hack.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338475/; classtype:trojan-activity;sid:84201575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338476)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/n8um2y9v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338476/; classtype:trojan-activity;sid:84201576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338462)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1fxm3u0d.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338462/; classtype:trojan-activity;sid:84201562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338463)"; flow:established,from_client; content:"GET"; http_method; content:"/justforexela/injection/main/injection.js"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338463/; classtype:trojan-activity;sid:84201563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338464)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scj7cm7v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338464/; classtype:trojan-activity;sid:84201564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338466)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dmn6qzwr.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338466/; classtype:trojan-activity;sid:84201566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338467)"; flow:established,from_client; content:"GET"; http_method; content:"/fxtazz/injection/main/index.js"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338467/; classtype:trojan-activity;sid:84201567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338469)"; flow:established,from_client; content:"GET"; http_method; content:"/file/125.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"drdavidfishbein.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338469/; classtype:trojan-activity;sid:84201569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338470)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2v6wf6kn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338470/; classtype:trojan-activity;sid:84201570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338471)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/process-injection/process-injection.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338471/; classtype:trojan-activity;sid:84201571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338459)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2kudv4ea.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338459/; classtype:trojan-activity;sid:84201559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338460)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/k1de2zkz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338460/; classtype:trojan-activity;sid:84201560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338458)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3zv8x9q7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338458/; classtype:trojan-activity;sid:84201558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338454)"; flow:established,from_client; content:"GET"; http_method; content:"/files/128.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"drdavidfishbein.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338454/; classtype:trojan-activity;sid:84201554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338451)"; flow:established,from_client; content:"GET"; http_method; content:"/sixaknow/uac_bypass_/main/module_377498327498dcxvc32434.dll"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338451/; classtype:trojan-activity;sid:84201551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338443)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/master/standalone_payload.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338443/; classtype:trojan-activity;sid:84201543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338437)"; flow:established,from_client; content:"GET"; http_method; content:"/hector4576--/noviembre19/downloads/sos19nov.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338437/; classtype:trojan-activity;sid:84201537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338428)"; flow:established,from_client; content:"GET"; http_method; content:"/rrats.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"164.68.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338428/; classtype:trojan-activity;sid:84201528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338434)"; flow:established,from_client; content:"GET"; http_method; content:"/sanzaz/phantomious/main/injection-clean.js"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338434/; classtype:trojan-activity;sid:84201534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338411)"; flow:established,from_client; content:"GET"; http_method; content:"/d699f5d4-2fd8-4489-b946-e5705c6f2372/payload-c17f7df6-cf80-43d5-8c60-eca90366debb.exe"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"vmd67898.contaboserver.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338411/; classtype:trojan-activity;sid:84201511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338140)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/indentif.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338140/; classtype:trojan-activity;sid:84201240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338138)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hashed.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338138/; classtype:trojan-activity;sid:84201238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338139)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification-1.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338139/; classtype:trojan-activity;sid:84201239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338136)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/set-up.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338136/; classtype:trojan-activity;sid:84201236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338137)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338137/; classtype:trojan-activity;sid:84201237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338135)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338135/; classtype:trojan-activity;sid:84201235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338134)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installer.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338134/; classtype:trojan-activity;sid:84201234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338133)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/team.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338133/; classtype:trojan-activity;sid:84201233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338132)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338132/; classtype:trojan-activity;sid:84201232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338131)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/probnik.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338131/; classtype:trojan-activity;sid:84201231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338130)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ji2xlo1f.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338130/; classtype:trojan-activity;sid:84201230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338129)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338129/; classtype:trojan-activity;sid:84201229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338128)"; flow:established,from_client; content:"GET"; http_method; content:"/reko/valid.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338128/; classtype:trojan-activity;sid:84201228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338127)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ven_protected.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338127/; classtype:trojan-activity;sid:84201227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338126)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client_protected.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338126/; classtype:trojan-activity;sid:84201226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338125)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/worker.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338125/; classtype:trojan-activity;sid:84201225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338124)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/resex.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338124/; classtype:trojan-activity;sid:84201224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338123)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qqq.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338123/; classtype:trojan-activity;sid:84201223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338122)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/semiconductornot.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338122/; classtype:trojan-activity;sid:84201222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338120)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold1234.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338120/; classtype:trojan-activity;sid:84201220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338121)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diff.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338121/; classtype:trojan-activity;sid:84201221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338118)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrar-x64-701.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338118/; classtype:trojan-activity;sid:84201218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338119)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/creal.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338119/; classtype:trojan-activity;sid:84201219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338116)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac222222.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338116/; classtype:trojan-activity;sid:84201216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338117)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/seo.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338117/; classtype:trojan-activity;sid:84201217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338113)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t3.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338113/; classtype:trojan-activity;sid:84201213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338114)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pichon.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338114/; classtype:trojan-activity;sid:84201214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338115)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nano.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338115/; classtype:trojan-activity;sid:84201215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338112)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/octus.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338112/; classtype:trojan-activity;sid:84201212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338109)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bundle.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338109/; classtype:trojan-activity;sid:84201209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338110)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cbmefxrmnv.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338110/; classtype:trojan-activity;sid:84201210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338111)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/main.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338111/; classtype:trojan-activity;sid:84201211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338108)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/psfei0ez.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338108/; classtype:trojan-activity;sid:84201208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338107)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clcs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338107/; classtype:trojan-activity;sid:84201207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338105)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/msedge.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338105/; classtype:trojan-activity;sid:84201205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338106)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338106/; classtype:trojan-activity;sid:84201206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338104)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mobiletrans.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338104/; classtype:trojan-activity;sid:84201204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338101)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rage.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338101/; classtype:trojan-activity;sid:84201201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338102)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clsid.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338102/; classtype:trojan-activity;sid:84201202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338103)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zts.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338103/; classtype:trojan-activity;sid:84201203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338100)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xt.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338100/; classtype:trojan-activity;sid:84201200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338099)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cnyvvl.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338099/; classtype:trojan-activity;sid:84201199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338097)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338097/; classtype:trojan-activity;sid:84201197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338098)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dccrypt.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338098/; classtype:trojan-activity;sid:84201198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338095)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/prem1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338095/; classtype:trojan-activity;sid:84201195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338094)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kp8dnpa9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338094/; classtype:trojan-activity;sid:84201194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338090)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winx86.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338090/; classtype:trojan-activity;sid:84201190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338091)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j86piuq9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338091/; classtype:trojan-activity;sid:84201191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338092)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338092/; classtype:trojan-activity;sid:84201192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338093)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build555.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338093/; classtype:trojan-activity;sid:84201193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338089)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lgendpremium.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338089/; classtype:trojan-activity;sid:84201189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338088)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yxrd0ob7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338088/; classtype:trojan-activity;sid:84201188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338087)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/splwow64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338087/; classtype:trojan-activity;sid:84201187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338086)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338086/; classtype:trojan-activity;sid:84201186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338084)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gift-info.lmg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338084/; classtype:trojan-activity;sid:84201184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338085)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/penis.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338085/; classtype:trojan-activity;sid:84201185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338082)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/doc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338082/; classtype:trojan-activity;sid:84201182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338083)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/myrdx.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338083/; classtype:trojan-activity;sid:84201183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338081)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diskutility.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338081/; classtype:trojan-activity;sid:84201181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338079)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jb4w5s2l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338079/; classtype:trojan-activity;sid:84201179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338080)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/purlog.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338080/; classtype:trojan-activity;sid:84201180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338075)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewpeloxttug.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338075/; classtype:trojan-activity;sid:84201175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338076)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/q1wnx5ir.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338076/; classtype:trojan-activity;sid:84201176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338077)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummetc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338077/; classtype:trojan-activity;sid:84201177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338078)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tu%d1%80111.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338078/; classtype:trojan-activity;sid:84201178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338073)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338073/; classtype:trojan-activity;sid:84201173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338074)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vn70wvxw.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338074/; classtype:trojan-activity;sid:84201174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338072)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ukodbcdcl.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338072/; classtype:trojan-activity;sid:84201172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338071)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/h5a71wdy.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338071/; classtype:trojan-activity;sid:84201171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338070)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ovrflw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338070/; classtype:trojan-activity;sid:84201170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338068)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gsprout.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338068/; classtype:trojan-activity;sid:84201168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338069)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/meta.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338069/; classtype:trojan-activity;sid:84201169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338066)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unit.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338066/; classtype:trojan-activity;sid:84201166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338067)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338067/; classtype:trojan-activity;sid:84201167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338065)"; flow:established,from_client; content:"GET"; http_method; content:"/off/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338065/; classtype:trojan-activity;sid:84201165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338063)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installeraus.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338063/; classtype:trojan-activity;sid:84201163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338060)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/decryptjohn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338060/; classtype:trojan-activity;sid:84201160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338061)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hvnc1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338061/; classtype:trojan-activity;sid:84201161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338062)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default2.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338062/; classtype:trojan-activity;sid:84201162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338058)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bwapp.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338058/; classtype:trojan-activity;sid:84201158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338059)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/shopfree.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338059/; classtype:trojan-activity;sid:84201159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338057)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/frap.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338057/; classtype:trojan-activity;sid:84201157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338055)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338055/; classtype:trojan-activity;sid:84201155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338056)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyl64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338056/; classtype:trojan-activity;sid:84201156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338054)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/explorer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338054/; classtype:trojan-activity;sid:84201154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338052)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/major.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338052/; classtype:trojan-activity;sid:84201152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338053)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338053/; classtype:trojan-activity;sid:84201153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338050)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/torque.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338050/; classtype:trojan-activity;sid:84201150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338051)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mk.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338051/; classtype:trojan-activity;sid:84201151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338049)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/softina.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338049/; classtype:trojan-activity;sid:84201149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338048)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338048/; classtype:trojan-activity;sid:84201148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338045)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/edge.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338045/; classtype:trojan-activity;sid:84201145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338046)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/completestudio.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338046/; classtype:trojan-activity;sid:84201146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338047)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/redsystem.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338047/; classtype:trojan-activity;sid:84201147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338044)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svchost.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338044/; classtype:trojan-activity;sid:84201144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338043)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe|3f|y"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338043/; classtype:trojan-activity;sid:84201143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338042)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ghost_0x000263826b9a9b91.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338042/; classtype:trojan-activity;sid:84201142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338041)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338041/; classtype:trojan-activity;sid:84201141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338039)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338039/; classtype:trojan-activity;sid:84201139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338040)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/surfex.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338040/; classtype:trojan-activity;sid:84201140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338037)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/noll.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338037/; classtype:trojan-activity;sid:84201137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338038)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identifications.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338038/; classtype:trojan-activity;sid:84201138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338036)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338036/; classtype:trojan-activity;sid:84201136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338034)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uhigdbf.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338034/; classtype:trojan-activity;sid:84201134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338035)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zxcv.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338035/; classtype:trojan-activity;sid:84201135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338033)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neonn.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338033/; classtype:trojan-activity;sid:84201133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338031)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rstxdhuj.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338031/; classtype:trojan-activity;sid:84201131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338032)"; flow:established,from_client; content:"GET"; http_method; content:"/lumma/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338032/; classtype:trojan-activity;sid:84201132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338029)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/considerablewinners.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338029/; classtype:trojan-activity;sid:84201129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338030)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338030/; classtype:trojan-activity;sid:84201130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338028)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338028/; classtype:trojan-activity;sid:84201128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338027)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338027/; classtype:trojan-activity;sid:84201127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338025)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vhpcde.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338025/; classtype:trojan-activity;sid:84201125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338026)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzzz1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338026/; classtype:trojan-activity;sid:84201126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338024)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pctoccurred.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338024/; classtype:trojan-activity;sid:84201124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338021)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338021/; classtype:trojan-activity;sid:84201121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338022)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xyaw4fkp.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338022/; classtype:trojan-activity;sid:84201122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338023)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/deliciouspart.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338023/; classtype:trojan-activity;sid:84201123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338020)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dsds.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338020/; classtype:trojan-activity;sid:84201120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338018)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/utility-inst.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338018/; classtype:trojan-activity;sid:84201118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338019)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/contorax.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338019/; classtype:trojan-activity;sid:84201119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338017)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/firefox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338017/; classtype:trojan-activity;sid:84201117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338016)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_valenciga.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338016/; classtype:trojan-activity;sid:84201116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338014)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gdn5yfjd.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338014/; classtype:trojan-activity;sid:84201114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338012)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338012/; classtype:trojan-activity;sid:84201112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338013)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsui.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338013/; classtype:trojan-activity;sid:84201113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338009)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/microsoft.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338009/; classtype:trojan-activity;sid:84201109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338010)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/tn8cdkzn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338010/; classtype:trojan-activity;sid:84201110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338011)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ubi-inst.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338011/; classtype:trojan-activity;sid:84201111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338008)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/northsperm.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338008/; classtype:trojan-activity;sid:84201108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338007)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338007/; classtype:trojan-activity;sid:84201107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338006)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clip.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338006/; classtype:trojan-activity;sid:84201106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338001)"; flow:established,from_client; content:"GET"; http_method; content:"/store/vidar.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338001/; classtype:trojan-activity;sid:84201101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338002)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338002/; classtype:trojan-activity;sid:84201102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338003)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewrvuh.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338003/; classtype:trojan-activity;sid:84201103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338004)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xm.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338004/; classtype:trojan-activity;sid:84201104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338005)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ohtie89k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338005/; classtype:trojan-activity;sid:84201105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338000)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/install2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338000/; classtype:trojan-activity;sid:84201100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337999)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unison.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337999/; classtype:trojan-activity;sid:84201099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337998)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/legas.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337998/; classtype:trojan-activity;sid:84201098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337997)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dtrade_v1.3.6.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337997/; classtype:trojan-activity;sid:84201097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337994)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/te3tlsre.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337994/; classtype:trojan-activity;sid:84201094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337995)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build9.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337995/; classtype:trojan-activity;sid:84201095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337996)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/exclude.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337996/; classtype:trojan-activity;sid:84201096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337993)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cclent.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337993/; classtype:trojan-activity;sid:84201093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337992)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/singerjudy.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337992/; classtype:trojan-activity;sid:84201092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337991)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out_test_sig.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337991/; classtype:trojan-activity;sid:84201091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337990)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337990/; classtype:trojan-activity;sid:84201090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337989)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac22222.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337989/; classtype:trojan-activity;sid:84201089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337988)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build11.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337988/; classtype:trojan-activity;sid:84201088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337985)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vlst.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337985/; classtype:trojan-activity;sid:84201085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337986)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/buildred.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337986/; classtype:trojan-activity;sid:84201086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337987)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/systems.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337987/; classtype:trojan-activity;sid:84201087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337984)"; flow:established,from_client; content:"GET"; http_method; content:"/lego/ama.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337984/; classtype:trojan-activity;sid:84201084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337983)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rdx123456.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337983/; classtype:trojan-activity;sid:84201083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337982)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pkcontent.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337982/; classtype:trojan-activity;sid:84201082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337980)"; flow:established,from_client; content:"GET"; http_method; content:"/off/random.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337980/; classtype:trojan-activity;sid:84201080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337981)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/operation6572.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337981/; classtype:trojan-activity;sid:84201081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337979)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loadnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337979/; classtype:trojan-activity;sid:84201079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337978)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kill.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337978/; classtype:trojan-activity;sid:84201078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337975)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337975/; classtype:trojan-activity;sid:84201075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337976)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/test.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337976/; classtype:trojan-activity;sid:84201076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337977)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsexecutable.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337977/; classtype:trojan-activity;sid:84201077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337974)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mswgoudnv.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337974/; classtype:trojan-activity;sid:84201074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337972)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/survox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337972/; classtype:trojan-activity;sid:84201072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337973)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/feb9sxwk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337973/; classtype:trojan-activity;sid:84201073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337971)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/freedom.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337971/; classtype:trojan-activity;sid:84201071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337966)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld611114.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337966/; classtype:trojan-activity;sid:84201066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337967)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/coreplugin.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337967/; classtype:trojan-activity;sid:84201067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337968)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337968/; classtype:trojan-activity;sid:84201068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337969)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ldqj18tn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337969/; classtype:trojan-activity;sid:84201069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337970)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cudo.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337970/; classtype:trojan-activity;sid:84201070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337965)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cccc2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337965/; classtype:trojan-activity;sid:84201065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337963)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337963/; classtype:trojan-activity;sid:84201063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337964)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rms1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337964/; classtype:trojan-activity;sid:84201064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337959)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kmvcsaed.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337959/; classtype:trojan-activity;sid:84201059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337960)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hhnjqu9y.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337960/; classtype:trojan-activity;sid:84201060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337961)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loader_5879465914.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337961/; classtype:trojan-activity;sid:84201061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337962)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kiyan.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337962/; classtype:trojan-activity;sid:84201062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337958)"; flow:established,from_client; content:"GET"; http_method; content:"/store/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337958/; classtype:trojan-activity;sid:84201058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337956)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidar.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337956/; classtype:trojan-activity;sid:84201056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337957)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/taskhost.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337957/; classtype:trojan-activity;sid:84201057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337955)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/needmoney.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337955/; classtype:trojan-activity;sid:84201055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337954)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337954/; classtype:trojan-activity;sid:84201054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337953)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neon.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337953/; classtype:trojan-activity;sid:84201053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337952)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pimer_bbbcontents7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337952/; classtype:trojan-activity;sid:84201052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337951)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new_v8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337951/; classtype:trojan-activity;sid:84201051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337950)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/golden.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337950/; classtype:trojan-activity;sid:84201050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337947)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted8888.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337947/; classtype:trojan-activity;sid:84201047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337948)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kitty.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337948/; classtype:trojan-activity;sid:84201048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337949)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v7wa24td.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337949/; classtype:trojan-activity;sid:84201049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337946)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cookie250.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337946/; classtype:trojan-activity;sid:84201046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337945)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pharmaciesdetection.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337945/; classtype:trojan-activity;sid:84201045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337944)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/server.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337944/; classtype:trojan-activity;sid:84201044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337941)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yoyf.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337941/; classtype:trojan-activity;sid:84201041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337942)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/f86nrrc6.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337942/; classtype:trojan-activity;sid:84201042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337943)"; flow:established,from_client; content:"GET"; http_method; content:"/luma/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337943/; classtype:trojan-activity;sid:84201043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337938)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sgx4824p.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337938/; classtype:trojan-activity;sid:84201038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337939)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337939/; classtype:trojan-activity;sid:84201039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337940)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chicken123.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337940/; classtype:trojan-activity;sid:84201040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337937)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scheduledllama.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337937/; classtype:trojan-activity;sid:84201037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337935)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrarinstall.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337935/; classtype:trojan-activity;sid:84201035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337936)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxl.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337936/; classtype:trojan-activity;sid:84201036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337934)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/drchoe.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337934/; classtype:trojan-activity;sid:84201034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337932)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/launcher.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337932/; classtype:trojan-activity;sid:84201032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337933)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxxx.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337933/; classtype:trojan-activity;sid:84201033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337931)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ufw.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337931/; classtype:trojan-activity;sid:84201031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337930)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gaozw40v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337930/; classtype:trojan-activity;sid:84201030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337928)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dcratbuild.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337928/; classtype:trojan-activity;sid:84201028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337929)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winn.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337929/; classtype:trojan-activity;sid:84201029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337926)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337926/; classtype:trojan-activity;sid:84201026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337927)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ha7dur10.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337927/; classtype:trojan-activity;sid:84201027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337923)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337923/; classtype:trojan-activity;sid:84201023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337924)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/consoleapp3.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337924/; classtype:trojan-activity;sid:84201024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337925)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/univ.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337925/; classtype:trojan-activity;sid:84201025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337920)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/controlledaccesspoint.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337920/; classtype:trojan-activity;sid:84201020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337921)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337921/; classtype:trojan-activity;sid:84201021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337922)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337922/; classtype:trojan-activity;sid:84201022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337919)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337919/; classtype:trojan-activity;sid:84201019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337916)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/influencednervous.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337916/; classtype:trojan-activity;sid:84201016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337917)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newfile.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337917/; classtype:trojan-activity;sid:84201017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337918)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337918/; classtype:trojan-activity;sid:84201018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337914)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337914/; classtype:trojan-activity;sid:84201014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337915)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mynewrdx.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337915/; classtype:trojan-activity;sid:84201015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337913)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_daval.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337913/; classtype:trojan-activity;sid:84201013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337912)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/googleupdate.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337912/; classtype:trojan-activity;sid:84201012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337911)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/final.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337911/; classtype:trojan-activity;sid:84201011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337910)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xclient_protected.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337910/; classtype:trojan-activity;sid:84201010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337908)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qth5kdee.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337908/; classtype:trojan-activity;sid:84201008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337909)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gagagggagagag.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337909/; classtype:trojan-activity;sid:84201009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337905)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/divinedialogue.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337905/; classtype:trojan-activity;sid:84201005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337906)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rorukal.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337906/; classtype:trojan-activity;sid:84201006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337907)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvv.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337907/; classtype:trojan-activity;sid:84201007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337904)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidsusername.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337904/; classtype:trojan-activity;sid:84201004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337902)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvimelugfq.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337902/; classtype:trojan-activity;sid:84201002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337903)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j4vzzuai.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337903/; classtype:trojan-activity;sid:84201003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337896)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/opdxdyeul.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337896/; classtype:trojan-activity;sid:84200996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337897)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onedrive.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337897/; classtype:trojan-activity;sid:84200997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337898)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/request.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337898/; classtype:trojan-activity;sid:84200998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337899)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/whiteheroin.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337899/; classtype:trojan-activity;sid:84200999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337901)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onlysteal.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337901/; classtype:trojan-activity;sid:84201001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337894)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle2.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337894/; classtype:trojan-activity;sid:84200994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337895)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/robotic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337895/; classtype:trojan-activity;sid:84200995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337890)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stub.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337890/; classtype:trojan-activity;sid:84200990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337891)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cc2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337891/; classtype:trojan-activity;sid:84200991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337892)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dos.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337892/; classtype:trojan-activity;sid:84200992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337893)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mepaxil.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337893/; classtype:trojan-activity;sid:84200993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337889)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhostc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337889/; classtype:trojan-activity;sid:84200989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337884)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted25.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337884/; classtype:trojan-activity;sid:84200984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337885)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/runtime.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337885/; classtype:trojan-activity;sid:84200985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337886)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/js.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337886/; classtype:trojan-activity;sid:84200986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337887)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uctgkfb7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337887/; classtype:trojan-activity;sid:84200987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337888)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/morphic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337888/; classtype:trojan-activity;sid:84200988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337883)"; flow:established,from_client; content:"GET"; http_method; content:"/test/do.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337883/; classtype:trojan-activity;sid:84200983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337882)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator222.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337882/; classtype:trojan-activity;sid:84200982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337881)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337881/; classtype:trojan-activity;sid:84200981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337880)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7777.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337880/; classtype:trojan-activity;sid:84200980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337879)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/8.11.9-windows.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337879/; classtype:trojan-activity;sid:84200979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337878)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bitcoincore.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337878/; classtype:trojan-activity;sid:84200978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337877)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1111.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337877/; classtype:trojan-activity;sid:84200977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337876)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337876/; classtype:trojan-activity;sid:84200976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337875)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337875/; classtype:trojan-activity;sid:84200975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337874)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3yh8gdte.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337874/; classtype:trojan-activity;sid:84200974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337872)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/battlegermany.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337872/; classtype:trojan-activity;sid:84200972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337873)"; flow:established,from_client; content:"GET"; http_method; content:"/clip/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337873/; classtype:trojan-activity;sid:84200973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337871)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/41m98slk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337871/; classtype:trojan-activity;sid:84200971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337870)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadeus.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337870/; classtype:trojan-activity;sid:84200970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337869)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/blackload.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337869/; classtype:trojan-activity;sid:84200969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337868)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3546345.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337868/; classtype:trojan-activity;sid:84200968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337867)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bqkriy6l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337867/; classtype:trojan-activity;sid:84200967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337866)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/broadcom5.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337866/; classtype:trojan-activity;sid:84200966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337863)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bildnewl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337863/; classtype:trojan-activity;sid:84200963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337864)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2r61ahry.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337864/; classtype:trojan-activity;sid:84200964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337865)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/30072024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337865/; classtype:trojan-activity;sid:84200965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337862)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88851n80.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337862/; classtype:trojan-activity;sid:84200962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337861)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337861/; classtype:trojan-activity;sid:84200961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337860)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/18ijuw13.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337860/; classtype:trojan-activity;sid:84200960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337858)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/99awhy8l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337858/; classtype:trojan-activity;sid:84200958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337859)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337859/; classtype:trojan-activity;sid:84200959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337854)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/23c2343.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337854/; classtype:trojan-activity;sid:84200954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337855)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/343dsxs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337855/; classtype:trojan-activity;sid:84200955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337856)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6190317556063017550.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337856/; classtype:trojan-activity;sid:84200956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337857)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3544436.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337857/; classtype:trojan-activity;sid:84200957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337853)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadey.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337853/; classtype:trojan-activity;sid:84200953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337851)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5gevcp8z.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337851/; classtype:trojan-activity;sid:84200951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337852)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/anticheat.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337852/; classtype:trojan-activity;sid:84200952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337850)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6253708004881862888.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337850/; classtype:trojan-activity;sid:84200950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337847)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88aext0k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337847/; classtype:trojan-activity;sid:84200947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337848)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337848/; classtype:trojan-activity;sid:84200948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337849)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/87f3f2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337849/; classtype:trojan-activity;sid:84200949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337846)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337846/; classtype:trojan-activity;sid:84200946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ai2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337844/; classtype:trojan-activity;sid:84200944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337845)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5knchalah.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337845/; classtype:trojan-activity;sid:84200945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337842)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/6nteyex7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337842/; classtype:trojan-activity;sid:84200942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337843)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64_1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337843/; classtype:trojan-activity;sid:84200943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337841)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidth_monitor.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337841/; classtype:trojan-activity;sid:84200941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337839)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/0b44ippu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337839/; classtype:trojan-activity;sid:84200939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337840)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/annesalt.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337840/; classtype:trojan-activity;sid:84200940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337838)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armadegon.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337838/; classtype:trojan-activity;sid:84200938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337832)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armanivenntii_crypted_easy.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337832/; classtype:trojan-activity;sid:84200932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337833)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/baddstore.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337833/; classtype:trojan-activity;sid:84200933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337834)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337834/; classtype:trojan-activity;sid:84200934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337835)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7cl16anh.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337835/; classtype:trojan-activity;sid:84200935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337836)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337836/; classtype:trojan-activity;sid:84200936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337829)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/06082025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337829/; classtype:trojan-activity;sid:84200929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337830)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/12.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337830/; classtype:trojan-activity;sid:84200930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337831)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/300.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337831/; classtype:trojan-activity;sid:84200931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337825)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/123.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337825/; classtype:trojan-activity;sid:84200925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337826)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-24_23-16.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337826/; classtype:trojan-activity;sid:84200926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337827)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337827/; classtype:trojan-activity;sid:84200927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337828)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/14082024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337828/; classtype:trojan-activity;sid:84200928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337823)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-27_00-41.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337823/; classtype:trojan-activity;sid:84200923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337824)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4434.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337824/; classtype:trojan-activity;sid:84200924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337822)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-25_20-56.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337822/; classtype:trojan-activity;sid:84200922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337821)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/processclass.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337821/; classtype:trojan-activity;sid:84200921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337819)"; flow:established,from_client; content:"GET"; http_method; content:"/test/num.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337819/; classtype:trojan-activity;sid:84200919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337820)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337820/; classtype:trojan-activity;sid:84200920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337798)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/lol/zip/refs/heads/main"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337798/; classtype:trojan-activity;sid:84200898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337794)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/f/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337794/; classtype:trojan-activity;sid:84200894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337795)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/c/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337795/; classtype:trojan-activity;sid:84200895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337796)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337796/; classtype:trojan-activity;sid:84200896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337797)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/i/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337797/; classtype:trojan-activity;sid:84200897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337766)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/erlx7ust"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337766/; classtype:trojan-activity;sid:84200866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337653/; classtype:trojan-activity;sid:84200753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337649/; classtype:trojan-activity;sid:84200749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.122.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337533/; classtype:trojan-activity;sid:84200633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.238.67.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337529/; classtype:trojan-activity;sid:84200629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.122.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337497/; classtype:trojan-activity;sid:84200597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.150.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337279/; classtype:trojan-activity;sid:84200379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337223)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337223/; classtype:trojan-activity;sid:84200323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337224)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337224/; classtype:trojan-activity;sid:84200324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337218)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337218/; classtype:trojan-activity;sid:84200318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337219)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337219/; classtype:trojan-activity;sid:84200319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337220)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337220/; classtype:trojan-activity;sid:84200320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337221)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337221/; classtype:trojan-activity;sid:84200321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337217)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337217/; classtype:trojan-activity;sid:84200317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337215)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337215/; classtype:trojan-activity;sid:84200315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337216)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337216/; classtype:trojan-activity;sid:84200316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337212)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337212/; classtype:trojan-activity;sid:84200312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337213)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337213/; classtype:trojan-activity;sid:84200313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337214)"; flow:established,from_client; content:"GET"; http_method; content:"/gbotbins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337214/; classtype:trojan-activity;sid:84200314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337211)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337211/; classtype:trojan-activity;sid:84200311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337209/; classtype:trojan-activity;sid:84200309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.100.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337153/; classtype:trojan-activity;sid:84200253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.240.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337105/; classtype:trojan-activity;sid:84200205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.222.147.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337042/; classtype:trojan-activity;sid:84200142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337038)"; flow:established,from_client; content:"GET"; http_method; content:"/distrwt/du2013wt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.carambis.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337038/; classtype:trojan-activity;sid:84200138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337034)"; flow:established,from_client; content:"GET"; http_method; content:"/fdr9876567000.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337034/; classtype:trojan-activity;sid:84200134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337035)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmoundll/kak/main/glew64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337035/; classtype:trojan-activity;sid:84200135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337036)"; flow:established,from_client; content:"GET"; http_method; content:"/phjg9876789000.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337036/; classtype:trojan-activity;sid:84200136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337026)"; flow:established,from_client; content:"GET"; http_method; content:"/nkaslq1/ankrnl/refs/heads/main/alphatweaks.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337026/; classtype:trojan-activity;sid:84200126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337032)"; flow:established,from_client; content:"GET"; http_method; content:"/haa15/driver-shitty/main/kdmapper_release.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337032/; classtype:trojan-activity;sid:84200132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337033)"; flow:established,from_client; content:"GET"; http_method; content:"/factura-0987678.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337033/; classtype:trojan-activity;sid:84200133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337022)"; flow:established,from_client; content:"GET"; http_method; content:"/avevasion.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"158.101.196.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337022/; classtype:trojan-activity;sid:84200122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337024)"; flow:established,from_client; content:"GET"; http_method; content:"/execute.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"158.101.196.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337024/; classtype:trojan-activity;sid:84200124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337017)"; flow:established,from_client; content:"GET"; http_method; content:"/factura-09876rt567800.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337017/; classtype:trojan-activity;sid:84200117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337015)"; flow:established,from_client; content:"GET"; http_method; content:"/v0lt/virtualdub2/releases/download/2.1.3/virtualdub2_v2.1.3.667_win32.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337015/; classtype:trojan-activity;sid:84200115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337012)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337012/; classtype:trojan-activity;sid:84200112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337009)"; flow:established,from_client; content:"GET"; http_method; content:"/titan3/us/world/titan.w1.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.pharorg.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337009/; classtype:trojan-activity;sid:84200109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337010)"; flow:established,from_client; content:"GET"; http_method; content:"/cgpro/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337010/; classtype:trojan-activity;sid:84200110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337008)"; flow:established,from_client; content:"GET"; http_method; content:"/uploadvltt/autokeoxe.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"quanly.jxmienphi.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337008/; classtype:trojan-activity;sid:84200108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337007)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lsks.volamngayxua.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337007/; classtype:trojan-activity;sid:84200107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337005)"; flow:established,from_client; content:"GET"; http_method; content:"/nielclean/ddddddd/raw/refs/heads/main/yo.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337005/; classtype:trojan-activity;sid:84200105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337004)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidixelaina/wuselaina/raw/refs/heads/main/build.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337004/; classtype:trojan-activity;sid:84200104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336997)"; flow:established,from_client; content:"GET"; http_method; content:"/jewellery/jewelkyupdates.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"globesql.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336997/; classtype:trojan-activity;sid:84200097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336996)"; flow:established,from_client; content:"GET"; http_method; content:"/po076567890000.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336996/; classtype:trojan-activity;sid:84200096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336992)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/taskmoder.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336992/; classtype:trojan-activity;sid:84200092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336993)"; flow:established,from_client; content:"GET"; http_method; content:"/z-beam/movaflag/releases/download/1.0.2/mova.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336993/; classtype:trojan-activity;sid:84200093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336991)"; flow:established,from_client; content:"GET"; http_method; content:"/spoolsv.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"l3monrat.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336991/; classtype:trojan-activity;sid:84200091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336990)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/cssgo.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336990/; classtype:trojan-activity;sid:84200090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336986)"; flow:established,from_client; content:"GET"; http_method; content:"/fact0987789000900.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336986/; classtype:trojan-activity;sid:84200086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336987)"; flow:established,from_client; content:"GET"; http_method; content:"/net/boot.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336987/; classtype:trojan-activity;sid:84200087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336984)"; flow:established,from_client; content:"GET"; http_method; content:"/sutil.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.witrin.hu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336984/; classtype:trojan-activity;sid:84200084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336982)"; flow:established,from_client; content:"GET"; http_method; content:"/b6fab9a8-3dab-4bf8-a2cb-b955b0c00ce8-11f44531fb088d31307d87b01e8eabff.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"files-ld.s3.us-east-2.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336982/; classtype:trojan-activity;sid:84200082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336983)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/raw/refs/heads/main/black.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336983/; classtype:trojan-activity;sid:84200083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336975)"; flow:established,from_client; content:"GET"; http_method; content:"/un2/uhard.dat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.94.31.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336975/; classtype:trojan-activity;sid:84200075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336974)"; flow:established,from_client; content:"GET"; http_method; content:"/un1/uhard.dat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.94.31.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336974/; classtype:trojan-activity;sid:84200074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336973)"; flow:established,from_client; content:"GET"; http_method; content:"/purchase%20order%20006-2024%20gia-av%20rev%201_pdf.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"163.123.142.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336973/; classtype:trojan-activity;sid:84200073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336972)"; flow:established,from_client; content:"GET"; http_method; content:"/buildmanu.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.169.13.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336972/; classtype:trojan-activity;sid:84200072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336683)"; flow:established,from_client; content:"GET"; http_method; content:"/z"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336683/; classtype:trojan-activity;sid:84199783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336684)"; flow:established,from_client; content:"GET"; http_method; content:"/h"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336684/; classtype:trojan-activity;sid:84199784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336685)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336685/; classtype:trojan-activity;sid:84199785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336686)"; flow:established,from_client; content:"GET"; http_method; content:"/yak.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336686/; classtype:trojan-activity;sid:84199786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336663)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336663/; classtype:trojan-activity;sid:84199763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336665)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336665/; classtype:trojan-activity;sid:84199765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336666)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336666/; classtype:trojan-activity;sid:84199766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336670)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336670/; classtype:trojan-activity;sid:84199770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336671)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336671/; classtype:trojan-activity;sid:84199771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336672)"; flow:established,from_client; content:"GET"; http_method; content:"/get.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336672/; classtype:trojan-activity;sid:84199772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336674)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336674/; classtype:trojan-activity;sid:84199774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336678)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336678/; classtype:trojan-activity;sid:84199778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336679)"; flow:established,from_client; content:"GET"; http_method; content:"/v"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336679/; classtype:trojan-activity;sid:84199779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336681)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336681/; classtype:trojan-activity;sid:84199781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336656)"; flow:established,from_client; content:"GET"; http_method; content:"/c1"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336656/; classtype:trojan-activity;sid:84199756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336657)"; flow:established,from_client; content:"GET"; http_method; content:"/e"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336657/; classtype:trojan-activity;sid:84199757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336658/; classtype:trojan-activity;sid:84199758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336659)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336659/; classtype:trojan-activity;sid:84199759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336660)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336660/; classtype:trojan-activity;sid:84199760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336661)"; flow:established,from_client; content:"GET"; http_method; content:"/splash.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336661/; classtype:trojan-activity;sid:84199761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336662)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336662/; classtype:trojan-activity;sid:84199762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336640)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336640/; classtype:trojan-activity;sid:84199740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336636)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336636/; classtype:trojan-activity;sid:84199736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336633)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrigarm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336633/; classtype:trojan-activity;sid:84199733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336630)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336630/; classtype:trojan-activity;sid:84199730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336606)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336606/; classtype:trojan-activity;sid:84199706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336607)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336607/; classtype:trojan-activity;sid:84199707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336608)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336608/; classtype:trojan-activity;sid:84199708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336609)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336609/; classtype:trojan-activity;sid:84199709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336610)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336610/; classtype:trojan-activity;sid:84199710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336611)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336611/; classtype:trojan-activity;sid:84199711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336612)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336612/; classtype:trojan-activity;sid:84199712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336613)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336613/; classtype:trojan-activity;sid:84199713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336614)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336614/; classtype:trojan-activity;sid:84199714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336615)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336615/; classtype:trojan-activity;sid:84199715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336616)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336616/; classtype:trojan-activity;sid:84199716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336617)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336617/; classtype:trojan-activity;sid:84199717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336618)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336618/; classtype:trojan-activity;sid:84199718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336619)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336619/; classtype:trojan-activity;sid:84199719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336620)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336620/; classtype:trojan-activity;sid:84199720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336621)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336621/; classtype:trojan-activity;sid:84199721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336622)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336622/; classtype:trojan-activity;sid:84199722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336623)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336623/; classtype:trojan-activity;sid:84199723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336624)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336624/; classtype:trojan-activity;sid:84199724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336625)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336625/; classtype:trojan-activity;sid:84199725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336626)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336626/; classtype:trojan-activity;sid:84199726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336627)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336627/; classtype:trojan-activity;sid:84199727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336628)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336628/; classtype:trojan-activity;sid:84199728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336629)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336629/; classtype:trojan-activity;sid:84199729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336605)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336605/; classtype:trojan-activity;sid:84199705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336555)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yak.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336555/; classtype:trojan-activity;sid:84199655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336556)"; flow:established,from_client; content:"GET"; http_method; content:"/a/u"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336556/; classtype:trojan-activity;sid:84199656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336557)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336557/; classtype:trojan-activity;sid:84199657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336558)"; flow:established,from_client; content:"GET"; http_method; content:"/a/wget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336558/; classtype:trojan-activity;sid:84199658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336559)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336559/; classtype:trojan-activity;sid:84199659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336560)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336560/; classtype:trojan-activity;sid:84199660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336561)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/l"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336561/; classtype:trojan-activity;sid:84199661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336562)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336562/; classtype:trojan-activity;sid:84199662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336563)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yak.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336563/; classtype:trojan-activity;sid:84199663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336564)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/bins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336564/; classtype:trojan-activity;sid:84199664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336565)"; flow:established,from_client; content:"GET"; http_method; content:"/a/bins.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336565/; classtype:trojan-activity;sid:84199665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336566)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336566/; classtype:trojan-activity;sid:84199666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336567)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/u"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336567/; classtype:trojan-activity;sid:84199667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336568)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/wget.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336568/; classtype:trojan-activity;sid:84199668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336549)"; flow:established,from_client; content:"GET"; http_method; content:"/a/z"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336549/; classtype:trojan-activity;sid:84199649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336550)"; flow:established,from_client; content:"GET"; http_method; content:"/a/l"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336550/; classtype:trojan-activity;sid:84199650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336551)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yak.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336551/; classtype:trojan-activity;sid:84199651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336552)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/z"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336552/; classtype:trojan-activity;sid:84199652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336554)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336554/; classtype:trojan-activity;sid:84199654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336530)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336530/; classtype:trojan-activity;sid:84199630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336531)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336531/; classtype:trojan-activity;sid:84199631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336532)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336532/; classtype:trojan-activity;sid:84199632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336533)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336533/; classtype:trojan-activity;sid:84199633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336516)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336516/; classtype:trojan-activity;sid:84199616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336517)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336517/; classtype:trojan-activity;sid:84199617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336518)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336518/; classtype:trojan-activity;sid:84199618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336519)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336519/; classtype:trojan-activity;sid:84199619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336520)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336520/; classtype:trojan-activity;sid:84199620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336521)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336521/; classtype:trojan-activity;sid:84199621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336522)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/dlr.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336522/; classtype:trojan-activity;sid:84199622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336523)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336523/; classtype:trojan-activity;sid:84199623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336524)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336524/; classtype:trojan-activity;sid:84199624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336525)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336525/; classtype:trojan-activity;sid:84199625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336526)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336526/; classtype:trojan-activity;sid:84199626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336527)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336527/; classtype:trojan-activity;sid:84199627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336528)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336528/; classtype:trojan-activity;sid:84199628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336529)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336529/; classtype:trojan-activity;sid:84199629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336509)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336509/; classtype:trojan-activity;sid:84199609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336510)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336510/; classtype:trojan-activity;sid:84199610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336511)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/dlr.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336511/; classtype:trojan-activity;sid:84199611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336512)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336512/; classtype:trojan-activity;sid:84199612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336513)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.sparc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336513/; classtype:trojan-activity;sid:84199613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336514)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336514/; classtype:trojan-activity;sid:84199614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336515)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336515/; classtype:trojan-activity;sid:84199615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336508)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336508/; classtype:trojan-activity;sid:84199608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336507)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336507/; classtype:trojan-activity;sid:84199607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336501)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/dlr.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336501/; classtype:trojan-activity;sid:84199601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336502)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/dlr.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336502/; classtype:trojan-activity;sid:84199602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336503)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336503/; classtype:trojan-activity;sid:84199603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336504)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336504/; classtype:trojan-activity;sid:84199604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336505)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/dlr.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336505/; classtype:trojan-activity;sid:84199605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336506)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336506/; classtype:trojan-activity;sid:84199606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336494)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336494/; classtype:trojan-activity;sid:84199594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336495)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.mipsel"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336495/; classtype:trojan-activity;sid:84199595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336496)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336496/; classtype:trojan-activity;sid:84199596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336497)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336497/; classtype:trojan-activity;sid:84199597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336498)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/dlr.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336498/; classtype:trojan-activity;sid:84199598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336499)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/dlr.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336499/; classtype:trojan-activity;sid:84199599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336500)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336500/; classtype:trojan-activity;sid:84199600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336485)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336485/; classtype:trojan-activity;sid:84199585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336486)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/dlr.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336486/; classtype:trojan-activity;sid:84199586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336487)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336487/; classtype:trojan-activity;sid:84199587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336488)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336488/; classtype:trojan-activity;sid:84199588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336489)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.arm4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336489/; classtype:trojan-activity;sid:84199589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336490)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336490/; classtype:trojan-activity;sid:84199590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336491)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336491/; classtype:trojan-activity;sid:84199591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336492)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336492/; classtype:trojan-activity;sid:84199592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336493)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336493/; classtype:trojan-activity;sid:84199593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336469/; classtype:trojan-activity;sid:84199569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336470)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336470/; classtype:trojan-activity;sid:84199570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336471)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/dlr.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336471/; classtype:trojan-activity;sid:84199571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336472)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336472/; classtype:trojan-activity;sid:84199572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336473)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.i586"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336473/; classtype:trojan-activity;sid:84199573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336474)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.sparc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336474/; classtype:trojan-activity;sid:84199574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336475)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336475/; classtype:trojan-activity;sid:84199575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336476)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336476/; classtype:trojan-activity;sid:84199576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336477)"; flow:established,from_client; content:"GET"; http_method; content:"/a/dlr.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336477/; classtype:trojan-activity;sid:84199577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336478)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/dlr.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336478/; classtype:trojan-activity;sid:84199578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336479)"; flow:established,from_client; content:"GET"; http_method; content:"/a/yakuza.mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336479/; classtype:trojan-activity;sid:84199579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336480)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/yakuza.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336480/; classtype:trojan-activity;sid:84199580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336481)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336481/; classtype:trojan-activity;sid:84199581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336482)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336482/; classtype:trojan-activity;sid:84199582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336483)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/dlr.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336483/; classtype:trojan-activity;sid:84199583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336484)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336484/; classtype:trojan-activity;sid:84199584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336467)"; flow:established,from_client; content:"GET"; http_method; content:"/dead/yakuza.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336467/; classtype:trojan-activity;sid:84199567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336468)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b/dlr.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pirati.privatedns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336468/; classtype:trojan-activity;sid:84199568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336291/; classtype:trojan-activity;sid:84199391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336275)"; flow:established,from_client; content:"GET"; http_method; content:"/leetspoofer.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.141.26.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336275/; classtype:trojan-activity;sid:84199375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.99.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336272/; classtype:trojan-activity;sid:84199372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336238)"; flow:established,from_client; content:"GET"; http_method; content:"/3nftk7/rs.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.83.122.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336238/; classtype:trojan-activity;sid:84199338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336109)"; flow:established,from_client; content:"GET"; http_method; content:"/404.docx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336109/; classtype:trojan-activity;sid:84199209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336095)"; flow:established,from_client; content:"GET"; http_method; content:"/stubgenerator/stub/main/stub.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336095/; classtype:trojan-activity;sid:84199195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336094)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/main/stub.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336094/; classtype:trojan-activity;sid:84199194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336093)"; flow:established,from_client; content:"GET"; http_method; content:"/xworm-bat.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.112.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336093/; classtype:trojan-activity;sid:84199193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336091)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/module/stub.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ellesmerefamilyhealth.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336091/; classtype:trojan-activity;sid:84199191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336092)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeyrizz/stub/refs/heads/main/stub.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336092/; classtype:trojan-activity;sid:84199192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.31.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336090/; classtype:trojan-activity;sid:84199190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336085)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336085/; classtype:trojan-activity;sid:84199185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336084)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkmpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336084/; classtype:trojan-activity;sid:84199184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336083)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336083/; classtype:trojan-activity;sid:84199183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336082)"; flow:established,from_client; content:"GET"; http_method; content:"/yzm/bd.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"m.gutousoft.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336082/; classtype:trojan-activity;sid:84199182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336077)"; flow:established,from_client; content:"GET"; http_method; content:"/nikolaevich23/make-pkg-bat/master/setup.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336077/; classtype:trojan-activity;sid:84199177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336072)"; flow:established,from_client; content:"GET"; http_method; content:"/eirxne/valorant-axeprime/main/axeprime.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336072/; classtype:trojan-activity;sid:84199172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336068)"; flow:established,from_client; content:"GET"; http_method; content:"/stephenfewer/reflectivedllinjection/refs/heads/master/bin/reflective_dll.dll"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336068/; classtype:trojan-activity;sid:84199168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336066)"; flow:established,from_client; content:"GET"; http_method; content:"/patcher/patch/game.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"deloth2.in"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336066/; classtype:trojan-activity;sid:84199166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336062)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkmips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336062/; classtype:trojan-activity;sid:84199162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336058)"; flow:established,from_client; content:"GET"; http_method; content:"/anessdev/talha/main/talha.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336058/; classtype:trojan-activity;sid:84199158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336057)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336057/; classtype:trojan-activity;sid:84199157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336052)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336052/; classtype:trojan-activity;sid:84199152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336054)"; flow:established,from_client; content:"GET"; http_method; content:"/d00mt3l/xworm-5.6/refs/heads/main/xwormloader.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336054/; classtype:trojan-activity;sid:84199154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336056)"; flow:established,from_client; content:"GET"; http_method; content:"/3nftk7/zzh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.83.122.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336056/; classtype:trojan-activity;sid:84199156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336051)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336051/; classtype:trojan-activity;sid:84199151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336049)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/zip/refs/heads/main"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336049/; classtype:trojan-activity;sid:84199149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336050)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/refs/heads/main/dllyide.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336050/; classtype:trojan-activity;sid:84199150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336046)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/main/xworm.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336046/; classtype:trojan-activity;sid:84199146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336014/; classtype:trojan-activity;sid:84199114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.45.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3335823/; classtype:trojan-activity;sid:84198923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.120.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335588/; classtype:trojan-activity;sid:84198688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.14.140.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335396/; classtype:trojan-activity;sid:84198496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.122.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335361/; classtype:trojan-activity;sid:84198461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.214.245.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335356/; classtype:trojan-activity;sid:84198456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.169.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335327/; classtype:trojan-activity;sid:84198427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.73.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335277/; classtype:trojan-activity;sid:84198377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335259)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/lc/att/12166185/4805b50e05c8900bb89f67c3b5a747d0/chrome.apk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"cdn.livechat-files.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335259/; classtype:trojan-activity;sid:84198359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.64.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335258/; classtype:trojan-activity;sid:84198358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.208.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335251/; classtype:trojan-activity;sid:84198351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.208.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335245/; classtype:trojan-activity;sid:84198345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335208)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/rage.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335208/; classtype:trojan-activity;sid:84198308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335209)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335209/; classtype:trojan-activity;sid:84198309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335211)"; flow:established,from_client; content:"GET"; http_method; content:"/zalacznik/106"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"maciejowice.dobrybip.pl"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335211/; classtype:trojan-activity;sid:84198311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335212)"; flow:established,from_client; content:"GET"; http_method; content:"/document/microsoft.doc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"seniorcomc.sslblindado.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335212/; classtype:trojan-activity;sid:84198312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335201)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice09000.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335201/; classtype:trojan-activity;sid:84198301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335204)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice-9876.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335204/; classtype:trojan-activity;sid:84198304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335205)"; flow:established,from_client; content:"GET"; http_method; content:"/factura-0987678.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335205/; classtype:trojan-activity;sid:84198305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335197)"; flow:established,from_client; content:"GET"; http_method; content:"/factura09876567000.bat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335197/; classtype:trojan-activity;sid:84198297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335198)"; flow:established,from_client; content:"GET"; http_method; content:"/8105/trojan/master/update.bat"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335198/; classtype:trojan-activity;sid:84198298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335199)"; flow:established,from_client; content:"GET"; http_method; content:"/phm/brive/recepisse/202403/10/doc2lgpu2jwfets.tif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"195.101.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335199/; classtype:trojan-activity;sid:84198299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335200)"; flow:established,from_client; content:"GET"; http_method; content:"/phm/distrimobile/recepisse/202407/30/fuss983_20240725_150732.tif"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"195.101.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335200/; classtype:trojan-activity;sid:84198300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335189)"; flow:established,from_client; content:"GET"; http_method; content:"/dc09.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335189/; classtype:trojan-activity;sid:84198289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335193)"; flow:established,from_client; content:"GET"; http_method; content:"/zalacznik/108"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"maciejowice.dobrybip.pl"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335193/; classtype:trojan-activity;sid:84198293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335178)"; flow:established,from_client; content:"GET"; http_method; content:"/na56785590-.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335178/; classtype:trojan-activity;sid:84198278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335175)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks32_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335175/; classtype:trojan-activity;sid:84198275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335174)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowforce2008_64_add.vmp.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335174/; classtype:trojan-activity;sid:84198274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335173)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks64_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335173/; classtype:trojan-activity;sid:84198273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335168)"; flow:established,from_client; content:"GET"; http_method; content:"/zalacznik/932/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"maciejowice.dobrybip.pl"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335168/; classtype:trojan-activity;sid:84198268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335160)"; flow:established,from_client; content:"GET"; http_method; content:"/cb8373ac6348bc41/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"178.22.31.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335160/; classtype:trojan-activity;sid:84198260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335163)"; flow:established,from_client; content:"GET"; http_method; content:"/weedapache2"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.112.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335163/; classtype:trojan-activity;sid:84198263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335165)"; flow:established,from_client; content:"GET"; http_method; content:"/weedcron"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.120.112.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335165/; classtype:trojan-activity;sid:84198265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335166)"; flow:established,from_client; content:"GET"; http_method; content:"/upm2008.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335166/; classtype:trojan-activity;sid:84198266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335156)"; flow:established,from_client; content:"GET"; http_method; content:"/ndisinstaller3.2.32.1.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335156/; classtype:trojan-activity;sid:84198256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335157)"; flow:established,from_client; content:"GET"; http_method; content:"/s7vctk/patchgame/_autovlbs19_new/trainjx.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"gachetroi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335157/; classtype:trojan-activity;sid:84198257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335158)"; flow:established,from_client; content:"GET"; http_method; content:"/weedbash"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.120.112.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335158/; classtype:trojan-activity;sid:84198258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335149)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/2018-11/20181122103207926164.doc"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"xww.bucea.edu.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335149/; classtype:trojan-activity;sid:84198249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335154)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335154/; classtype:trojan-activity;sid:84198254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335145)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zzj59mdz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335145/; classtype:trojan-activity;sid:84198245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335147)"; flow:established,from_client; content:"GET"; http_method; content:"/iatinfect2008_64.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335147/; classtype:trojan-activity;sid:84198247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335141)"; flow:established,from_client; content:"GET"; http_method; content:"/winsetaccess64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335141/; classtype:trojan-activity;sid:84198241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335142)"; flow:established,from_client; content:"GET"; http_method; content:"/net/run.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335142/; classtype:trojan-activity;sid:84198242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335143)"; flow:established,from_client; content:"GET"; http_method; content:"/weedopenssh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.112.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335143/; classtype:trojan-activity;sid:84198243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335144)"; flow:established,from_client; content:"GET"; http_method; content:"/cb8373ac6348bc41/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"178.22.31.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335144/; classtype:trojan-activity;sid:84198244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335135)"; flow:established,from_client; content:"GET"; http_method; content:"/writedat.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335135/; classtype:trojan-activity;sid:84198235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335136)"; flow:established,from_client; content:"GET"; http_method; content:"/mport.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335136/; classtype:trojan-activity;sid:84198236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335137)"; flow:established,from_client; content:"GET"; http_method; content:"/zalacznik/925"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"maciejowice.dobrybip.pl"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335137/; classtype:trojan-activity;sid:84198237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335133)"; flow:established,from_client; content:"GET"; http_method; content:"/cb8373ac6348bc41/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.22.31.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335133/; classtype:trojan-activity;sid:84198233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335134)"; flow:established,from_client; content:"GET"; http_method; content:"/iland.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335134/; classtype:trojan-activity;sid:84198234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335132)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335132/; classtype:trojan-activity;sid:84198232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335129)"; flow:established,from_client; content:"GET"; http_method; content:"/cb8373ac6348bc41/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.22.31.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335129/; classtype:trojan-activity;sid:84198229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335131)"; flow:established,from_client; content:"GET"; http_method; content:"/cb8373ac6348bc41/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.22.31.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335131/; classtype:trojan-activity;sid:84198231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335126)"; flow:established,from_client; content:"GET"; http_method; content:"/cb8373ac6348bc41/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"178.22.31.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335126/; classtype:trojan-activity;sid:84198226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335119)"; flow:established,from_client; content:"GET"; http_method; content:"/mytime/files/3.3.7.0/mytime.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"down.ruanmei.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335119/; classtype:trojan-activity;sid:84198219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335117)"; flow:established,from_client; content:"GET"; http_method; content:"/f/f89/steamworks.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"by.haory.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335117/; classtype:trojan-activity;sid:84198217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335118)"; flow:established,from_client; content:"GET"; http_method; content:"/cg70/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335118/; classtype:trojan-activity;sid:84198218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335110)"; flow:established,from_client; content:"GET"; http_method; content:"/downloader/0.8780099094758285"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"rb3.ftnt.io"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335110/; classtype:trojan-activity;sid:84198210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335111)"; flow:established,from_client; content:"GET"; http_method; content:"/s7vctk/patchgame/_autovlbs19_new/trainjx2.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"gachetroi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335111/; classtype:trojan-activity;sid:84198211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335105)"; flow:established,from_client; content:"GET"; http_method; content:"/factura.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335105/; classtype:trojan-activity;sid:84198205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335107)"; flow:established,from_client; content:"GET"; http_method; content:"/ion67898700.cmd"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"grupodulcemar.pe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335107/; classtype:trojan-activity;sid:84198207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335096)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335096/; classtype:trojan-activity;sid:84198196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335099)"; flow:established,from_client; content:"GET"; http_method; content:"/factory/steel.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.113.115.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335099/; classtype:trojan-activity;sid:84198199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335090)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/73cceb_de0cf39691b24825b9733575e081f7fa.rtf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"73cceb63-7ecd-45e2-9eab-f8d98aab177f.usrfiles.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335090/; classtype:trojan-activity;sid:84198190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335094)"; flow:established,from_client; content:"GET"; http_method; content:"/misc/tools/exporttabletester.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ximonite.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335094/; classtype:trojan-activity;sid:84198194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335095)"; flow:established,from_client; content:"GET"; http_method; content:"/weedntpd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.120.112.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335095/; classtype:trojan-activity;sid:84198195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335088)"; flow:established,from_client; content:"GET"; http_method; content:"/albiononline/fras.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"arteflordeliz.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335088/; classtype:trojan-activity;sid:84198188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335089)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"l3monrat.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335089/; classtype:trojan-activity;sid:84198189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335080)"; flow:established,from_client; content:"GET"; http_method; content:"/weedshit"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.120.112.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335080/; classtype:trojan-activity;sid:84198180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335081)"; flow:established,from_client; content:"GET"; http_method; content:"/weedsh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.120.112.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335081/; classtype:trojan-activity;sid:84198181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335082)"; flow:established,from_client; content:"GET"; http_method; content:"/weedtftp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.120.112.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335082/; classtype:trojan-activity;sid:84198182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335083)"; flow:established,from_client; content:"GET"; http_method; content:"/weedsshd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.120.112.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335083/; classtype:trojan-activity;sid:84198183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335074)"; flow:established,from_client; content:"GET"; http_method; content:"/_upload/article/files/90/f4/62d98f264ab0abc4a1f14a32607a/089c9dc1-8248-47b5-b35d-310cd70469b4.doc"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"hhbs.hhu.edu.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335074/; classtype:trojan-activity;sid:84198174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335073)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/453903/wqc7f5s8lhm8mu0clzhwbl3lp|3f|token=eyjhbgcioijkaxiilcjlbmmioijbmti4q0jdluhtmju2in0..kok-c08tg1sb0rkwxyurvg.7ptb2bey9etqrwrfe3gvzgp-gdctw-nokzbirrowi-iwjtdmjfntorattitqom-5eqrbhzpurovcmmmjxks4knjpxbahy0bahdwidwtu6cuucpoigdw4l9jv2px7wsngjqoqp_dy8fpl_1z6j2no0z_rrawi5g3dj3vggkr-wcthkncz5a8o6febbffjiyc7oij5okn6o4janis5qd7btxoqqitdsic5s2bduud6ozsfsdjsc54szpt2gg4zgz8iuag3pv4apwyt_eo-owc_8q.o9d2owtjtv0voyqxis2afq"; http_uri; depth:427; isdataat:!1,relative; nocase; content:"p20.zdusercontent.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335073/; classtype:trojan-activity;sid:84198173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3334714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.32.30.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3334714/; classtype:trojan-activity;sid:84197814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3334274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.45.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3334274/; classtype:trojan-activity;sid:84197374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3334175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.139.220.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3334175/; classtype:trojan-activity;sid:84197275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3334167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.35.78.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3334167/; classtype:trojan-activity;sid:84197267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3334162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.59.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3334162/; classtype:trojan-activity;sid:84197262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333897)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333897/; classtype:trojan-activity;sid:84196997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333896)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333896/; classtype:trojan-activity;sid:84196996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333895)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333895/; classtype:trojan-activity;sid:84196995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.33.218.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333859/; classtype:trojan-activity;sid:84196959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.33.218.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333840/; classtype:trojan-activity;sid:84196940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.174.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333795/; classtype:trojan-activity;sid:84196895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333657)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333657/; classtype:trojan-activity;sid:84196757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333658)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main1.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333658/; classtype:trojan-activity;sid:84196758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333656)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/refs/heads/main/main1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333656/; classtype:trojan-activity;sid:84196756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333653)"; flow:established,from_client; content:"GET"; http_method; content:"/hillbertdev/insertnamehere/raw/main/1.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333653/; classtype:trojan-activity;sid:84196753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333651)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/raw/refs/heads/main/main1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333651/; classtype:trojan-activity;sid:84196751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333650)"; flow:established,from_client; content:"GET"; http_method; content:"/hillbertdev/insertnamehere/raw/main/2.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333650/; classtype:trojan-activity;sid:84196750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333649)"; flow:established,from_client; content:"GET"; http_method; content:"/hillbertdev/insertnamehere/raw/main/3.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333649/; classtype:trojan-activity;sid:84196749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333648)"; flow:established,from_client; content:"GET"; http_method; content:"/hillbertdev/insertnamehere/raw/main/4.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333648/; classtype:trojan-activity;sid:84196748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333647)"; flow:established,from_client; content:"GET"; http_method; content:"/hillbertdev/insertnamehere/raw/main/5.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333647/; classtype:trojan-activity;sid:84196747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333645)"; flow:established,from_client; content:"GET"; http_method; content:"/t1client.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.230.200.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333645/; classtype:trojan-activity;sid:84196745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333646)"; flow:established,from_client; content:"GET"; http_method; content:"/t1server.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.230.200.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333646/; classtype:trojan-activity;sid:84196746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333641)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"51.20.2.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333641/; classtype:trojan-activity;sid:84196741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333633/; classtype:trojan-activity;sid:84196733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333591)"; flow:established,from_client; content:"GET"; http_method; content:"/9ejay9gkq0.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333591/; classtype:trojan-activity;sid:84196691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333589)"; flow:established,from_client; content:"GET"; http_method; content:"/eps9m380cn.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333589/; classtype:trojan-activity;sid:84196689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333590)"; flow:established,from_client; content:"GET"; http_method; content:"/m7lgy8vtbo.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333590/; classtype:trojan-activity;sid:84196690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333588)"; flow:established,from_client; content:"GET"; http_method; content:"/j62r8dhpa1.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333588/; classtype:trojan-activity;sid:84196688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333587)"; flow:established,from_client; content:"GET"; http_method; content:"/b3bctsyl58.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333587/; classtype:trojan-activity;sid:84196687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333586)"; flow:established,from_client; content:"GET"; http_method; content:"/wpql8w82kh.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333586/; classtype:trojan-activity;sid:84196686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333585)"; flow:established,from_client; content:"GET"; http_method; content:"/pjxho1wlkp.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333585/; classtype:trojan-activity;sid:84196685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333584)"; flow:established,from_client; content:"GET"; http_method; content:"/rj2wofc38q.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333584/; classtype:trojan-activity;sid:84196684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333583)"; flow:established,from_client; content:"GET"; http_method; content:"/dh2hwkx4xg.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333583/; classtype:trojan-activity;sid:84196683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333582)"; flow:established,from_client; content:"GET"; http_method; content:"/h81ikvqnzy.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333582/; classtype:trojan-activity;sid:84196682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333580)"; flow:established,from_client; content:"GET"; http_method; content:"/xesqdlx6s4.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333580/; classtype:trojan-activity;sid:84196680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333581)"; flow:established,from_client; content:"GET"; http_method; content:"/uf0kqlbtga.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333581/; classtype:trojan-activity;sid:84196681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333579)"; flow:established,from_client; content:"GET"; http_method; content:"/3ks44u6x45.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.5.242.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333579/; classtype:trojan-activity;sid:84196679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333574)"; flow:established,from_client; content:"GET"; http_method; content:"/security.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"85.203.4.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333574/; classtype:trojan-activity;sid:84196674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nscmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333571/; classtype:trojan-activity;sid:84196671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333542)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/logo.jpg"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"onlineshoppe.semilinktech.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333542/; classtype:trojan-activity;sid:84196642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333534)"; flow:established,from_client; content:"GET"; http_method; content:"/.akcqrfutuo"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333534/; classtype:trojan-activity;sid:84196634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333528)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl|3f|ddos"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333528/; classtype:trojan-activity;sid:84196628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333527)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/pthlearning.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chinaapper.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333527/; classtype:trojan-activity;sid:84196627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333524)"; flow:established,from_client; content:"GET"; http_method; content:"/cuahangcamera/yoosee/zip/refs/tags/1.0.0.54"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333524/; classtype:trojan-activity;sid:84196624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333522)"; flow:established,from_client; content:"GET"; http_method; content:"/azertyuiopexe/fud-crypter/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333522/; classtype:trojan-activity;sid:84196622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333521)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/main/document.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333521/; classtype:trojan-activity;sid:84196621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333519)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/refs/heads/main/ttok18.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333519/; classtype:trojan-activity;sid:84196619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333520)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/tiktokdesktop18.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333520/; classtype:trojan-activity;sid:84196620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333518)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.8"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333518/; classtype:trojan-activity;sid:84196618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333517)"; flow:established,from_client; content:"GET"; http_method; content:"/censorliber/zapret/zip/refs/heads/main"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333517/; classtype:trojan-activity;sid:84196617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333515)"; flow:established,from_client; content:"GET"; http_method; content:"/0xrose/rose-stealer_old/zip/refs/heads/main"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333515/; classtype:trojan-activity;sid:84196615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333516)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/refs/heads/main/enigma32g.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333516/; classtype:trojan-activity;sid:84196616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333513)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.10"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333513/; classtype:trojan-activity;sid:84196613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333514)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.3"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333514/; classtype:trojan-activity;sid:84196614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333511)"; flow:established,from_client; content:"GET"; http_method; content:"/hwangyounggul33/windows10/refs/heads/main/privacypolicy.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333511/; classtype:trojan-activity;sid:84196611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333512)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/lkyhjksefa.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333512/; classtype:trojan-activity;sid:84196612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333509)"; flow:established,from_client; content:"GET"; http_method; content:"/caocaocc/yacd/zip/refs/heads/gh-pages"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333509/; classtype:trojan-activity;sid:84196609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333510)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.2"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333510/; classtype:trojan-activity;sid:84196610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333506)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/refs/heads/main/mtbkkesfthae.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333506/; classtype:trojan-activity;sid:84196606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333507)"; flow:established,from_client; content:"GET"; http_method; content:"/lokelo1488/ss11/refs/heads/main/xdd.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333507/; classtype:trojan-activity;sid:84196607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333508)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.11"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333508/; classtype:trojan-activity;sid:84196608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333505)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/refs/heads/main/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333505/; classtype:trojan-activity;sid:84196605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333504)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/x86_64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333504/; classtype:trojan-activity;sid:84196604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333499)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/agentnov.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333499/; classtype:trojan-activity;sid:84196599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333500)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/refs/heads/main/jtkhikadjthsad.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333500/; classtype:trojan-activity;sid:84196600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333501)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/refs/heads/main/tyhkamwdmrg.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333501/; classtype:trojan-activity;sid:84196601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333502)"; flow:established,from_client; content:"GET"; http_method; content:"/cirosantilli/china-dictatorship/zip/refs/heads/master"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333502/; classtype:trojan-activity;sid:84196602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333503)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.8.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333503/; classtype:trojan-activity;sid:84196603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333495)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.5"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333495/; classtype:trojan-activity;sid:84196595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333496)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.7"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333496/; classtype:trojan-activity;sid:84196596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333497)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/main/wefhrf.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333497/; classtype:trojan-activity;sid:84196597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333498)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/adjthjawdth.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333498/; classtype:trojan-activity;sid:84196598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333493)"; flow:established,from_client; content:"GET"; http_method; content:"/d-7uble/invoke-phant0m/zip/refs/heads/master"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333493/; classtype:trojan-activity;sid:84196593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333494)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.7.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333494/; classtype:trojan-activity;sid:84196594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333490)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/refs/heads/main/hjgesadfseawd.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333490/; classtype:trojan-activity;sid:84196590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333491)"; flow:established,from_client; content:"GET"; http_method; content:"/anonyketa/exm-tweaking-utility-premium/zip/refs/heads/main"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333491/; classtype:trojan-activity;sid:84196591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333488)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/instali%d0%b5r-x86.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333488/; classtype:trojan-activity;sid:84196588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333489)"; flow:established,from_client; content:"GET"; http_method; content:"/54n4l/mimikatzwindows/zip/refs/heads/master"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333489/; classtype:trojan-activity;sid:84196589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333485)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333485/; classtype:trojan-activity;sid:84196585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333482)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.1"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333482/; classtype:trojan-activity;sid:84196582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333480)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/refs/heads/main/vorpgkadeg.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333480/; classtype:trojan-activity;sid:84196580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333481)"; flow:established,from_client; content:"GET"; http_method; content:"/crowly-ai/hello-world/refs/heads/main/zubovlekciya.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333481/; classtype:trojan-activity;sid:84196581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333478)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/jhnykawfkth.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333478/; classtype:trojan-activity;sid:84196578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333479)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333479/; classtype:trojan-activity;sid:84196579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333474)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/cli.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333474/; classtype:trojan-activity;sid:84196574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333475)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/ttdesktop18.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333475/; classtype:trojan-activity;sid:84196575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333476)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/mpsl"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333476/; classtype:trojan-activity;sid:84196576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333477)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/pghsefyjhsef.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333477/; classtype:trojan-activity;sid:84196577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333472)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/lfcdgbuksf.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333472/; classtype:trojan-activity;sid:84196572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333473)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/refs/heads/main/ktyhpldea.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333473/; classtype:trojan-activity;sid:84196573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333470)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodhoundad/bloodhound/master/collectors/sharphound.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333470/; classtype:trojan-activity;sid:84196570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333468)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/nthnaedltg.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333468/; classtype:trojan-activity;sid:84196568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333469)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/refs/heads/main/piotjhjadkaw.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333469/; classtype:trojan-activity;sid:84196569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333464)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/tt18.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333464/; classtype:trojan-activity;sid:84196564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333466)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/refs/heads/main/mrdgasdthawed.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333466/; classtype:trojan-activity;sid:84196566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333458)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar/setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333458/; classtype:trojan-activity;sid:84196558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333457)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333457/; classtype:trojan-activity;sid:84196557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333456)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333456/; classtype:trojan-activity;sid:84196556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333455)"; flow:established,from_client; content:"GET"; http_method; content:"/instrumental/list.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.113.115.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333455/; classtype:trojan-activity;sid:84196555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333439)"; flow:established,from_client; content:"GET"; http_method; content:"/ytisf/thezoo/refs/heads/master/malware/binaries/ransomware.wannacry/ransomware.wannacry.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333439/; classtype:trojan-activity;sid:84196539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333435)"; flow:established,from_client; content:"GET"; http_method; content:"/newlog/exploiting/refs/heads/master/training/windows/practical_malware_analysis/labs/chapter_1l/lab01-02.exe"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333435/; classtype:trojan-activity;sid:84196535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333432)"; flow:established,from_client; content:"GET"; http_method; content:"/factory/steel.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.113.115.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333432/; classtype:trojan-activity;sid:84196532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333433)"; flow:established,from_client; content:"GET"; http_method; content:"/instrumental/basx.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.113.115.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333433/; classtype:trojan-activity;sid:84196533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.243.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333376/; classtype:trojan-activity;sid:84196476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333370)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/main/play.bin"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333370/; classtype:trojan-activity;sid:84196470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333368)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/refs/heads/main/my.bin"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333368/; classtype:trojan-activity;sid:84196468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333369)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/donut.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333369/; classtype:trojan-activity;sid:84196469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333364)"; flow:established,from_client; content:"GET"; http_method; content:"/mellat.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mobile-bank.pages.dev"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333364/; classtype:trojan-activity;sid:84196464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333362)"; flow:established,from_client; content:"GET"; http_method; content:"/llq.rar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xingpai.weilay.com.cn"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333362/; classtype:trojan-activity;sid:84196462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333358)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dszzxtes"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333358/; classtype:trojan-activity;sid:84196458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333359)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333359/; classtype:trojan-activity;sid:84196459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333355)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333355/; classtype:trojan-activity;sid:84196455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333357)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333357/; classtype:trojan-activity;sid:84196457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333347)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/main/play.bin"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333347/; classtype:trojan-activity;sid:84196447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333349)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0xkgtisn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333349/; classtype:trojan-activity;sid:84196449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333350)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/raw/master/donut.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333350/; classtype:trojan-activity;sid:84196450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333351)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333351/; classtype:trojan-activity;sid:84196451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333352)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333352/; classtype:trojan-activity;sid:84196452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333353)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333353/; classtype:trojan-activity;sid:84196453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333343)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333343/; classtype:trojan-activity;sid:84196443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333344)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/33z1jp6j"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333344/; classtype:trojan-activity;sid:84196444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333346)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/z1f7z7ty"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333346/; classtype:trojan-activity;sid:84196446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333338)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j6asrwbh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333338/; classtype:trojan-activity;sid:84196438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333340)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/my.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333340/; classtype:trojan-activity;sid:84196440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333342)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kmmjuuqp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333342/; classtype:trojan-activity;sid:84196442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333323)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/q4hwu8yx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333323/; classtype:trojan-activity;sid:84196423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333322)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333322/; classtype:trojan-activity;sid:84196422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333321)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333321/; classtype:trojan-activity;sid:84196421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333315)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kyafgrc4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333315/; classtype:trojan-activity;sid:84196415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333316)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333316/; classtype:trojan-activity;sid:84196416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333317)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333317/; classtype:trojan-activity;sid:84196417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333320)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qyqj8yjr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333320/; classtype:trojan-activity;sid:84196420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333302)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zw0gampc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333302/; classtype:trojan-activity;sid:84196402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333307)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yebccfzc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333307/; classtype:trojan-activity;sid:84196407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333308)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nemt49fh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333308/; classtype:trojan-activity;sid:84196408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333309)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wkqrbwlc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333309/; classtype:trojan-activity;sid:84196409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333310)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bza26rsa"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333310/; classtype:trojan-activity;sid:84196410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.174.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333155/; classtype:trojan-activity;sid:84196255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.101.91.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333140/; classtype:trojan-activity;sid:84196240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333059/; classtype:trojan-activity;sid:84196159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.139.220.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333060/; classtype:trojan-activity;sid:84196160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.208.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332983/; classtype:trojan-activity;sid:84196083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332961)"; flow:established,from_client; content:"GET"; http_method; content:"/williamreport/lwpath/main/main.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332961/; classtype:trojan-activity;sid:84196061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332958)"; flow:established,from_client; content:"GET"; http_method; content:"/kidxnox/image-logger/refs/heads/main/image%20logger.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332958/; classtype:trojan-activity;sid:84196058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332959)"; flow:established,from_client; content:"GET"; http_method; content:"/server/222.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332959/; classtype:trojan-activity;sid:84196059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332960)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/main/tcp.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332960/; classtype:trojan-activity;sid:84196060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332957)"; flow:established,from_client; content:"GET"; http_method; content:"/server/release.rar"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332957/; classtype:trojan-activity;sid:84196057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332955)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%98%85%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%98%85.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332955/; classtype:trojan-activity;sid:84196055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332954)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%ab%b8%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%ab%b7.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332954/; classtype:trojan-activity;sid:84196054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332949)"; flow:established,from_client; content:"GET"; http_method; content:"/server/600%202024.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332949/; classtype:trojan-activity;sid:84196049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332950)"; flow:established,from_client; content:"GET"; http_method; content:"/server/fzbkui.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332950/; classtype:trojan-activity;sid:84196050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332952)"; flow:established,from_client; content:"GET"; http_method; content:"/server/get%20meta/alli.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332952/; classtype:trojan-activity;sid:84196052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332946)"; flow:established,from_client; content:"GET"; http_method; content:"/server/get%20meta/meta.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332946/; classtype:trojan-activity;sid:84196046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332947)"; flow:established,from_client; content:"GET"; http_method; content:"/server/get%20meta/zipforge.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332947/; classtype:trojan-activity;sid:84196047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332948)"; flow:established,from_client; content:"GET"; http_method; content:"/server/get%20meta/h.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332948/; classtype:trojan-activity;sid:84196048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332944)"; flow:established,from_client; content:"GET"; http_method; content:"/server/get%20meta/send-to-rdp.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332944/; classtype:trojan-activity;sid:84196044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332945)"; flow:established,from_client; content:"GET"; http_method; content:"/server/x.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332945/; classtype:trojan-activity;sid:84196045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332942)"; flow:established,from_client; content:"GET"; http_method; content:"/darkneonglitch/prooes/refs/heads/main/sync.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332942/; classtype:trojan-activity;sid:84196042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332943)"; flow:established,from_client; content:"GET"; http_method; content:"/server/get%20meta/code%20send%20meta%20discord%20exe.ps1"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332943/; classtype:trojan-activity;sid:84196043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332933)"; flow:established,from_client; content:"GET"; http_method; content:"/server/8888.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332933/; classtype:trojan-activity;sid:84196033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332936)"; flow:established,from_client; content:"GET"; http_method; content:"/server/32%20vpn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332936/; classtype:trojan-activity;sid:84196036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332930)"; flow:established,from_client; content:"GET"; http_method; content:"/server/850.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"minlsteres.linkpc.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332930/; classtype:trojan-activity;sid:84196030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332925)"; flow:established,from_client; content:"GET"; http_method; content:"/kidxnox/image-logger/raw/refs/heads/main/image%20logger.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332925/; classtype:trojan-activity;sid:84196025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332921)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedk97/xwqd21waddqwdv/releases/download/1.0/server.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332921/; classtype:trojan-activity;sid:84196021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332920)"; flow:established,from_client; content:"GET"; http_method; content:"/darkneonglitch/prooes/raw/refs/heads/main/sync.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332920/; classtype:trojan-activity;sid:84196020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.214.245.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332916/; classtype:trojan-activity;sid:84196016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332904)"; flow:established,from_client; content:"GET"; http_method; content:"/download/moghararat-1402/moghararat-1402.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"www.totya.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332904/; classtype:trojan-activity;sid:84196004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332902)"; flow:established,from_client; content:"GET"; http_method; content:"/rviance/ubiquitous-fortnight/releases/download/toolwin/toolwin.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332902/; classtype:trojan-activity;sid:84196002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332854)"; flow:established,from_client; content:"GET"; http_method; content:"/zs3q9ygn3x1aivl.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"52575815-38-20200406120634.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332854/; classtype:trojan-activity;sid:84195954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332844)"; flow:established,from_client; content:"GET"; http_method; content:"/get/19f3c14691d28ab174a7935987ce2182/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"loader.oxy.st"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332844/; classtype:trojan-activity;sid:84195944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332833)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/refs/heads/main/crack.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332833/; classtype:trojan-activity;sid:84195933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332792)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332792/; classtype:trojan-activity;sid:84195892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332789)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332789/; classtype:trojan-activity;sid:84195889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332783)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/raw/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332783/; classtype:trojan-activity;sid:84195883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332780)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/raw/refs/heads/main/connector1.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332780/; classtype:trojan-activity;sid:84195880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332770)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/refs/heads/main/hbfgjhhesfd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332770/; classtype:trojan-activity;sid:84195870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332771)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/main/critscript.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332771/; classtype:trojan-activity;sid:84195871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332768)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/nbothjkd.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332768/; classtype:trojan-activity;sid:84195868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332764)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/main/system.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332764/; classtype:trojan-activity;sid:84195864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332765)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332765/; classtype:trojan-activity;sid:84195865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332766)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/main/1434orz.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332766/; classtype:trojan-activity;sid:84195866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332767)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/jgesfyhjsefa.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332767/; classtype:trojan-activity;sid:84195867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332762)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/refs/heads/main/njrat.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332762/; classtype:trojan-activity;sid:84195862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332763)"; flow:established,from_client; content:"GET"; http_method; content:"/anonam0369/am/refs/heads/main/runtimebroker.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332763/; classtype:trojan-activity;sid:84195863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332761)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/refs/heads/main/jrockekcurje.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332761/; classtype:trojan-activity;sid:84195861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332757)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/raw/main/system.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332757/; classtype:trojan-activity;sid:84195857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332758)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/refs/heads/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332758/; classtype:trojan-activity;sid:84195858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332759)"; flow:established,from_client; content:"GET"; http_method; content:"/anonam0369/am/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332759/; classtype:trojan-activity;sid:84195859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332753)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/raw/refs/heads/main/client-built.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332753/; classtype:trojan-activity;sid:84195853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332754)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332754/; classtype:trojan-activity;sid:84195854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332755)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/raw/main/client-built.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332755/; classtype:trojan-activity;sid:84195855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332756)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/raw/main/seksiak.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332756/; classtype:trojan-activity;sid:84195856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332752)"; flow:established,from_client; content:"GET"; http_method; content:"/waynesson/rocitizens/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332752/; classtype:trojan-activity;sid:84195852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332751)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332751/; classtype:trojan-activity;sid:84195851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332749)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/nbothjkd.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332749/; classtype:trojan-activity;sid:84195849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332750)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/jgesfyhjsefa.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332750/; classtype:trojan-activity;sid:84195850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332746)"; flow:established,from_client; content:"GET"; http_method; content:"/akumaheo/heoe/refs/heads/main/heo.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332746/; classtype:trojan-activity;sid:84195846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332747)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/raw/refs/heads/main/2klz.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332747/; classtype:trojan-activity;sid:84195847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332668)"; flow:established,from_client; content:"GET"; http_method; content:"/akumaheo/heoe/raw/refs/heads/main/heo.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332668/; classtype:trojan-activity;sid:84195768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332662)"; flow:established,from_client; content:"GET"; http_method; content:"/cb8373ac6348bc41/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.22.31.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332662/; classtype:trojan-activity;sid:84195762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.154.19.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332660/; classtype:trojan-activity;sid:84195760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332647)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0v6vhvpb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332647/; classtype:trojan-activity;sid:84195747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332622)"; flow:established,from_client; content:"GET"; http_method; content:"/medned.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.255.85.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332622/; classtype:trojan-activity;sid:84195722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332617)"; flow:established,from_client; content:"GET"; http_method; content:"/luma0212.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"92.255.85.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332617/; classtype:trojan-activity;sid:84195717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332618)"; flow:established,from_client; content:"GET"; http_method; content:"/meta.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.255.85.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332618/; classtype:trojan-activity;sid:84195718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332619)"; flow:established,from_client; content:"GET"; http_method; content:"/bartnew.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"92.255.85.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332619/; classtype:trojan-activity;sid:84195719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332620)"; flow:established,from_client; content:"GET"; http_method; content:"/bartv4.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.255.85.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332620/; classtype:trojan-activity;sid:84195720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332621)"; flow:established,from_client; content:"GET"; http_method; content:"/lumma.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.255.85.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332621/; classtype:trojan-activity;sid:84195721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332595)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64xxxx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332595/; classtype:trojan-activity;sid:84195695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332596)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386xxx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332596/; classtype:trojan-activity;sid:84195696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332592)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ko.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.41.244.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332592/; classtype:trojan-activity;sid:84195692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.57.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332476/; classtype:trojan-activity;sid:84195576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.57.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332438/; classtype:trojan-activity;sid:84195538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.64.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332340/; classtype:trojan-activity;sid:84195440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.64.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332314/; classtype:trojan-activity;sid:84195414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331919)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/opyhjdase.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331919/; classtype:trojan-activity;sid:84195019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331918)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/enigma32g.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331918/; classtype:trojan-activity;sid:84195018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331912)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/pothjmawdtrg.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331912/; classtype:trojan-activity;sid:84195012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331915)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/kisteruop.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331915/; classtype:trojan-activity;sid:84195015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331916)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/hjgesadfseawd.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331916/; classtype:trojan-activity;sid:84195016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331911)"; flow:established,from_client; content:"GET"; http_method; content:"/robomusk52/test/refs/heads/main/formule.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331911/; classtype:trojan-activity;sid:84195011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331904)"; flow:established,from_client; content:"GET"; http_method; content:"/robomusk52/test/refs/heads/main/formule1.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331904/; classtype:trojan-activity;sid:84195004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331905)"; flow:established,from_client; content:"GET"; http_method; content:"/robomusk52/test/refs/heads/main/jekd.dll"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331905/; classtype:trojan-activity;sid:84195005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331906)"; flow:established,from_client; content:"GET"; http_method; content:"/robomusk52/tester/refs/heads/main/jekd.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331906/; classtype:trojan-activity;sid:84195006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331909)"; flow:established,from_client; content:"GET"; http_method; content:"/robomusk52/tester/refs/heads/main/ajikhdg.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331909/; classtype:trojan-activity;sid:84195009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331901)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/ttdesktop18.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331901/; classtype:trojan-activity;sid:84195001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331902)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/jygadfbnbnpfsa.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331902/; classtype:trojan-activity;sid:84195002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331895)"; flow:established,from_client; content:"GET"; http_method; content:"/robomusk52/tester/refs/heads/main/workout.rar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331895/; classtype:trojan-activity;sid:84194995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331890)"; flow:established,from_client; content:"GET"; http_method; content:"/akgifdi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331890/; classtype:trojan-activity;sid:84194990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331893)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/vovdawdrg.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331893/; classtype:trojan-activity;sid:84194993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331894)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/gdwadtyjuesfshas.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331894/; classtype:trojan-activity;sid:84194994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331883)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/mnftyjkrgjsae.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331883/; classtype:trojan-activity;sid:84194983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331886)"; flow:established,from_client; content:"GET"; http_method; content:"/robomusk52/tester/refs/heads/main/main.py"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331886/; classtype:trojan-activity;sid:84194986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331889)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/kisloyat.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331889/; classtype:trojan-activity;sid:84194989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331882)"; flow:established,from_client; content:"GET"; http_method; content:"/robomusk52/test/refs/heads/main/main.py"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331882/; classtype:trojan-activity;sid:84194982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331875)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/hyfdaethfhfaed.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331875/; classtype:trojan-activity;sid:84194975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331874)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/jdrgsotrti.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331874/; classtype:trojan-activity;sid:84194974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331871)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/nbjekadkthgawd.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331871/; classtype:trojan-activity;sid:84194971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331873)"; flow:established,from_client; content:"GET"; http_method; content:"/kfmmhfi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331873/; classtype:trojan-activity;sid:84194973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331869)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/ghdtawedtrgh.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331869/; classtype:trojan-activity;sid:84194969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331867)"; flow:established,from_client; content:"GET"; http_method; content:"/eekdcrc.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331867/; classtype:trojan-activity;sid:84194967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331862)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/popapoers.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331862/; classtype:trojan-activity;sid:84194962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331863)"; flow:established,from_client; content:"GET"; http_method; content:"/robomusk52/test/refs/heads/main/ajikhdg.dll"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331863/; classtype:trojan-activity;sid:84194963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331858)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/ljgksdtihd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331858/; classtype:trojan-activity;sid:84194958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331852)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/tyhkamwdmrg.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331852/; classtype:trojan-activity;sid:84194952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331846)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/baedawdgh.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331846/; classtype:trojan-activity;sid:84194946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331850)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/pfntjejghjsdkr.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331850/; classtype:trojan-activity;sid:84194950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331851)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/hsefawdrthg.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331851/; classtype:trojan-activity;sid:84194951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331844)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/jgurtgjasdth.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331844/; classtype:trojan-activity;sid:84194944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331841)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/gweadtrgh.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331841/; classtype:trojan-activity;sid:84194941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331840)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/mfcthased.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331840/; classtype:trojan-activity;sid:84194940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331837)"; flow:established,from_client; content:"GET"; http_method; content:"/robomusk52/tester/refs/heads/main/7installer.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331837/; classtype:trojan-activity;sid:84194937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331839)"; flow:established,from_client; content:"GET"; http_method; content:"/kspbfaj.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331839/; classtype:trojan-activity;sid:84194939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331833)"; flow:established,from_client; content:"GET"; http_method; content:"/robomusk52/tester/refs/heads/main/workout.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331833/; classtype:trojan-activity;sid:84194933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331827)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/mrdgasdthawed.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331827/; classtype:trojan-activity;sid:84194927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331828)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/vikings.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331828/; classtype:trojan-activity;sid:84194928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331829)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/daytjhasdawd.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331829/; classtype:trojan-activity;sid:84194929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331830)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/nothjgdwa.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331830/; classtype:trojan-activity;sid:84194930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331831)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/mthimskef.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331831/; classtype:trojan-activity;sid:84194931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331826)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/bnkrigkawd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331826/; classtype:trojan-activity;sid:84194926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331819)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/lbtkksefa.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331819/; classtype:trojan-activity;sid:84194919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331787)"; flow:established,from_client; content:"GET"; http_method; content:"/ff/m.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.113.115.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331787/; classtype:trojan-activity;sid:84194887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331786)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/fkydjyhjadg.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331786/; classtype:trojan-activity;sid:84194886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331782)"; flow:established,from_client; content:"GET"; http_method; content:"/lv2d7fgdopb/plugins/cred64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"94.156.177.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331782/; classtype:trojan-activity;sid:84194882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331783)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/lfcdgbuksf.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331783/; classtype:trojan-activity;sid:84194883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331784)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/jhnykawfkth.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331784/; classtype:trojan-activity;sid:84194884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331780)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7403972632/gu8nd0g.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331780/; classtype:trojan-activity;sid:84194880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331781)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/adjthjawdth.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331781/; classtype:trojan-activity;sid:84194881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331778)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/pghsefyjhsef.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331778/; classtype:trojan-activity;sid:84194878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331776)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/nbothjkd.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331776/; classtype:trojan-activity;sid:84194876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331775)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/nthnaedltg.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331775/; classtype:trojan-activity;sid:84194875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331774)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/bxftjhksaef.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331774/; classtype:trojan-activity;sid:84194874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331773)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/gjawedrtg.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331773/; classtype:trojan-activity;sid:84194873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331772)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331772/; classtype:trojan-activity;sid:84194872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331768)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/nhbjsekfkjtyhja.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331768/; classtype:trojan-activity;sid:84194868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331769)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/kthkksefd.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331769/; classtype:trojan-activity;sid:84194869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331767)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/kyjjrfgjjsedf.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331767/; classtype:trojan-activity;sid:84194867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331765)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/instali%d0%b5r-x86.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331765/; classtype:trojan-activity;sid:84194865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331766)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331766/; classtype:trojan-activity;sid:84194866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331763)"; flow:established,from_client; content:"GET"; http_method; content:"/files/martin/random.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331763/; classtype:trojan-activity;sid:84194863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331764)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/kohjaekdfth.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331764/; classtype:trojan-activity;sid:84194864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331760)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/nothjgdwa.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331760/; classtype:trojan-activity;sid:84194860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331761)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331761/; classtype:trojan-activity;sid:84194861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331759)"; flow:established,from_client; content:"GET"; http_method; content:"/lv2d7fgdopb/plugins/clip.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"94.156.177.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331759/; classtype:trojan-activity;sid:84194859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331758)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/krgawdtyjawd.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331758/; classtype:trojan-activity;sid:84194858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331753)"; flow:established,from_client; content:"GET"; http_method; content:"/files/martin/random.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331753/; classtype:trojan-activity;sid:84194853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331756)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/cli.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331756/; classtype:trojan-activity;sid:84194856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331750)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/lkyhjksefa.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331750/; classtype:trojan-activity;sid:84194850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331751)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/kyhjasehs.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331751/; classtype:trojan-activity;sid:84194851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331752)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/hfaewdth.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331752/; classtype:trojan-activity;sid:84194852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331748)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331748/; classtype:trojan-activity;sid:84194848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331749)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/fsyjawdr.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331749/; classtype:trojan-activity;sid:84194849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331745)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7403972632/gu8nd0g.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331745/; classtype:trojan-activity;sid:84194845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331746)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/dujkgsf.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331746/; classtype:trojan-activity;sid:84194846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331743)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/lyjdfjthawd.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331743/; classtype:trojan-activity;sid:84194843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331741)"; flow:established,from_client; content:"GET"; http_method; content:"/lv2d7fgdopb/plugins/cred.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"94.156.177.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331741/; classtype:trojan-activity;sid:84194841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331738)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/tt18.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331738/; classtype:trojan-activity;sid:84194838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331739)"; flow:established,from_client; content:"GET"; http_method; content:"/lv2d7fgdopb/plugins/clip64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"94.156.177.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331739/; classtype:trojan-activity;sid:84194839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331736)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/jgesfyhjsefa.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331736/; classtype:trojan-activity;sid:84194836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331733)"; flow:established,from_client; content:"GET"; http_method; content:"/ff/1.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.113.115.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331733/; classtype:trojan-activity;sid:84194833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331735)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/fdaerghawd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331735/; classtype:trojan-activity;sid:84194835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331719)"; flow:established,from_client; content:"GET"; http_method; content:"/tutithuybi123/-/main/client-built.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331719/; classtype:trojan-activity;sid:84194819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331716)"; flow:established,from_client; content:"GET"; http_method; content:"/files/_k150nfjy5/download/file.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"api.hostize.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331716/; classtype:trojan-activity;sid:84194816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331712)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/main/client-built.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331712/; classtype:trojan-activity;sid:84194812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331711)"; flow:established,from_client; content:"GET"; http_method; content:"/ballshot/payload/main/client-built.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331711/; classtype:trojan-activity;sid:84194811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331710)"; flow:established,from_client; content:"GET"; http_method; content:"/test_img.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331710/; classtype:trojan-activity;sid:84194810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331708)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331708/; classtype:trojan-activity;sid:84194808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331709)"; flow:established,from_client; content:"GET"; http_method; content:"/faokun1/aaa/main/client-built.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331709/; classtype:trojan-activity;sid:84194809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331707)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/main/client-built.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331707/; classtype:trojan-activity;sid:84194807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331705)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/main/client-built.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331705/; classtype:trojan-activity;sid:84194805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331697)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/main/client-built.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331697/; classtype:trojan-activity;sid:84194797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331698)"; flow:established,from_client; content:"GET"; http_method; content:"/manyak-cmd/a/main/a/client-built.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331698/; classtype:trojan-activity;sid:84194798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331699)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331699/; classtype:trojan-activity;sid:84194799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331701)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/refs/heads/main/gweadtrgh.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331701/; classtype:trojan-activity;sid:84194801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331696)"; flow:established,from_client; content:"GET"; http_method; content:"/adammmikso/wu/main/client-built.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331696/; classtype:trojan-activity;sid:84194796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331693)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/refs/heads/main/pyjnkasedf.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331693/; classtype:trojan-activity;sid:84194793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331694)"; flow:established,from_client; content:"GET"; http_method; content:"/m4hvh2/dwadwa/main/client-built.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331694/; classtype:trojan-activity;sid:84194794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331691)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331691/; classtype:trojan-activity;sid:84194791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331690)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/image/scragglingijsw.ps1"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"clubedasluluzinhasro.com.br"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331690/; classtype:trojan-activity;sid:84194790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331680)"; flow:established,from_client; content:"GET"; http_method; content:"/files/zipghbxlck/download/file.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"api.hostize.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331680/; classtype:trojan-activity;sid:84194780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331679)"; flow:established,from_client; content:"GET"; http_method; content:"/n12.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"anphatnam.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331679/; classtype:trojan-activity;sid:84194779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331675)"; flow:established,from_client; content:"GET"; http_method; content:"/api/aq_course/app/v2/course/addstudylog/client_built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"agapi.cqjjb.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331675/; classtype:trojan-activity;sid:84194775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331669)"; flow:established,from_client; content:"GET"; http_method; content:"/fofit-rater/1/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331669/; classtype:trojan-activity;sid:84194769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331670)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/master/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331670/; classtype:trojan-activity;sid:84194770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331672)"; flow:established,from_client; content:"GET"; http_method; content:"/evil-d-e-v/m/refs/heads/main/xclient.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331672/; classtype:trojan-activity;sid:84194772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331664)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/long-glade-33dc08/original//rump_img.jpeg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331664/; classtype:trojan-activity;sid:84194764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331665)"; flow:established,from_client; content:"GET"; http_method; content:"/abhidadatg/worm/refs/heads/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331665/; classtype:trojan-activity;sid:84194765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331667)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/main/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331667/; classtype:trojan-activity;sid:84194767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331661)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331661/; classtype:trojan-activity;sid:84194761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331655)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/jtkhikadjthsad.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331655/; classtype:trojan-activity;sid:84194755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331653)"; flow:established,from_client; content:"GET"; http_method; content:"/zonicleaks/yappadabbadoo/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331653/; classtype:trojan-activity;sid:84194753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331648)"; flow:established,from_client; content:"GET"; http_method; content:"/jikoos/rrr/main/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331648/; classtype:trojan-activity;sid:84194748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331644)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/wrwrwr/main/xclient.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331644/; classtype:trojan-activity;sid:84194744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331643)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/adad/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331643/; classtype:trojan-activity;sid:84194743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331638)"; flow:established,from_client; content:"GET"; http_method; content:"/lohoainam/-at/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331638/; classtype:trojan-activity;sid:84194738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331639)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/deferred-metadata/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331639/; classtype:trojan-activity;sid:84194739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331640)"; flow:established,from_client; content:"GET"; http_method; content:"/whois-black/qew123/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331640/; classtype:trojan-activity;sid:84194740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331637)"; flow:established,from_client; content:"GET"; http_method; content:"/goldhourse/optimizer/main/xclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331637/; classtype:trojan-activity;sid:84194737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331636)"; flow:established,from_client; content:"GET"; http_method; content:"/paco321312312/cautious-sniffle/main/xclient.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331636/; classtype:trojan-activity;sid:84194736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331631)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient543/miniature-tribble/main/xclient.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331631/; classtype:trojan-activity;sid:84194731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331633)"; flow:established,from_client; content:"GET"; http_method; content:"/joeljosephpajeet/testexe/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331633/; classtype:trojan-activity;sid:84194733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331628)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/fsfsf/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331628/; classtype:trojan-activity;sid:84194728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331630)"; flow:established,from_client; content:"GET"; http_method; content:"/cheetz/nishang/master/gather/keylogger.ps1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331630/; classtype:trojan-activity;sid:84194730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331597)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/newwork.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.113.115.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331597/; classtype:trojan-activity;sid:84194697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331592)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/newwork.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.113.115.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331592/; classtype:trojan-activity;sid:84194692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331593)"; flow:established,from_client; content:"GET"; http_method; content:"/factory/steel.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.113.115.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331593/; classtype:trojan-activity;sid:84194693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331594)"; flow:established,from_client; content:"GET"; http_method; content:"/factory/steel.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.113.115.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331594/; classtype:trojan-activity;sid:84194694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331591)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/stail.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.113.115.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331591/; classtype:trojan-activity;sid:84194691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331588)"; flow:established,from_client; content:"GET"; http_method; content:"/cookieskush/pip-package-template/master/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331588/; classtype:trojan-activity;sid:84194688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331587)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ko.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331587/; classtype:trojan-activity;sid:84194687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331584)"; flow:established,from_client; content:"GET"; http_method; content:"/ff/2.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.113.115.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331584/; classtype:trojan-activity;sid:84194684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331580)"; flow:established,from_client; content:"GET"; http_method; content:"/1/items/detah-note-j_202410/detahnote_j.jpg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"ia600101.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331580/; classtype:trojan-activity;sid:84194680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331578)"; flow:established,from_client; content:"GET"; http_method; content:"/waynesson/rocitizens/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331578/; classtype:trojan-activity;sid:84194678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331577)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331577/; classtype:trojan-activity;sid:84194677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331576)"; flow:established,from_client; content:"GET"; http_method; content:"/get.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.34.205.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331576/; classtype:trojan-activity;sid:84194676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331574)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/refs/heads/master/xclient.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331574/; classtype:trojan-activity;sid:84194674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331575)"; flow:established,from_client; content:"GET"; http_method; content:"/x86.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.34.205.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331575/; classtype:trojan-activity;sid:84194675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331572)"; flow:established,from_client; content:"GET"; http_method; content:"/anglewings-lua/anglewings/main/petya.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331572/; classtype:trojan-activity;sid:84194672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331570)"; flow:established,from_client; content:"GET"; http_method; content:"/jaaaaaaaaaaaaaaaaa/im-not-hosting-malware-here/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331570/; classtype:trojan-activity;sid:84194670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331569)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/maintracy_gmeeulwt19.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"technotiempo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331569/; classtype:trojan-activity;sid:84194669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331548)"; flow:established,from_client; content:"GET"; http_method; content:"/lfgtrlqy/jquery.css"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sft-cloud.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331548/; classtype:trojan-activity;sid:84194648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331544)"; flow:established,from_client; content:"GET"; http_method; content:"/travel/1.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nabawitransport.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331544/; classtype:trojan-activity;sid:84194644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331539)"; flow:established,from_client; content:"GET"; http_method; content:"/okemgaiduma/oktata/downloads/update.ps1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331539/; classtype:trojan-activity;sid:84194639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331543)"; flow:established,from_client; content:"GET"; http_method; content:"/okemgaiduma/dangyeu/downloads/update.ps1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331543/; classtype:trojan-activity;sid:84194643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331492)"; flow:established,from_client; content:"GET"; http_method; content:"/khietdepttai/update-bat/downloads/bypass.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331492/; classtype:trojan-activity;sid:84194592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331501)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10wux24m2koxctzbcelr2d3t8tyb8y6dq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331501/; classtype:trojan-activity;sid:84194601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331486)"; flow:established,from_client; content:"GET"; http_method; content:"/khietdepttai/update-bat/downloads/update.ps1"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331486/; classtype:trojan-activity;sid:84194586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331487)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/decqq-cf20a.appspot.com/o/donchifile_vchfujk91.bin|3f|alt=media|7c|26|7c|token=c2737a65-ff1c-436c-a6f0-11d3a748f62f"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331487/; classtype:trojan-activity;sid:84194587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331459)"; flow:established,from_client; content:"GET"; http_method; content:"/mzmtrpwoe113eelxn/plugins/cred64.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"185.208.158.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331459/; classtype:trojan-activity;sid:84194559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.33.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331276/; classtype:trojan-activity;sid:84194376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.26.81.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331197/; classtype:trojan-activity;sid:84194297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330888)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/001-acta-2023-10-20-asamblea-ordinaria.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330888/; classtype:trojan-activity;sid:84193988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330889)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_unione-drill.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330889/; classtype:trojan-activity;sid:84193989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-2024-10-22-alle-11.27.30.png.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330890/; classtype:trojan-activity;sid:84193990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330891)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerypazrk-hals.jpgcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330891/; classtype:trojan-activity;sid:84193991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330892)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/campeonatos-comarcales-2023-1.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330892/; classtype:trojan-activity;sid:84193992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330893)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f3bcf01b-653b-7c45-3f40-34dec7009e77.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330893/; classtype:trojan-activity;sid:84193993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330894)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2.-formulario-de-solicitud-para-actividades-en-la-via-publica.pdf.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330894/; classtype:trojan-activity;sid:84193994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330885)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9480-533x800.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330885/; classtype:trojan-activity;sid:84193985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330886)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hcl2525252525252036.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330886/; classtype:trojan-activity;sid:84193986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330872)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asnaf-1-min.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330872/; classtype:trojan-activity;sid:84193972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330873)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/budynek-nr-3-lokal-nr-2.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330873/; classtype:trojan-activity;sid:84193973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330874)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-3.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330874/; classtype:trojan-activity;sid:84193974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330875)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20171025_155118-m2525252525252525252525252525252525c32525252525252525252525252525252525a1solata.jpg.lnk"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330875/; classtype:trojan-activity;sid:84193975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330876)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17315313938af2587722cd377713928e1d2fcdf1e3.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330876/; classtype:trojan-activity;sid:84193976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330877)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/37032479_897362283781881_454770237020045312_n_768x768.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330877/; classtype:trojan-activity;sid:84193977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330878)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0014.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330878/; classtype:trojan-activity;sid:84193978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330879)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-e-071322-1-02_1024x1024.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330879/; classtype:trojan-activity;sid:84193979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330880)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/applicator_training_bulletin__fundamentals_of_holiday_detection.pdf.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330880/; classtype:trojan-activity;sid:84193980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330881)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58928_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330881/; classtype:trojan-activity;sid:84193981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330882)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-titulo-1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330882/; classtype:trojan-activity;sid:84193982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330883)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20210325_204751_109.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330883/; classtype:trojan-activity;sid:84193983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330884)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin_audit_report_20241.9.7.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330884/; classtype:trojan-activity;sid:84193984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330863)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmd-bld-1r-1.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330863/; classtype:trojan-activity;sid:84193963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330864)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/velvet-gold-15-scaled.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330864/; classtype:trojan-activity;sid:84193964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330865)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bristol-spekkast-met-manden-100-cm-3-scaled.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330865/; classtype:trojan-activity;sid:84193965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330867)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/slide-1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330867/; classtype:trojan-activity;sid:84193967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330868)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baby-yoda-coloring-sheet-11.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330868/; classtype:trojan-activity;sid:84193968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330869)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/orientaciones-de-comunicacio2525252525252525252525252525cc252525252525252525252525252581n-efectiva.pdf.lnk"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330869/; classtype:trojan-activity;sid:84193969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330870)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-marzo-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330870/; classtype:trojan-activity;sid:84193970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330871)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/35452_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330871/; classtype:trojan-activity;sid:84193971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330861)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/main-upstairs.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330861/; classtype:trojan-activity;sid:84193961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330862)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.a-sem-i-to-iv-repeat-exam-timetable-dec-2020.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330862/; classtype:trojan-activity;sid:84193962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330857)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/173144738511da18ae73b93052816f25142b976281.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330857/; classtype:trojan-activity;sid:84193957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330858)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rapport-de-durabilite.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330858/; classtype:trojan-activity;sid:84193958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330859)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide-de-mise-en-jeu-uniswap-2024-2-9-9.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330859/; classtype:trojan-activity;sid:84193959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330853)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/240402-mc-salesperson-ne-us-job-description.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330853/; classtype:trojan-activity;sid:84193953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330854)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330854/; classtype:trojan-activity;sid:84193954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330855)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zestawienie-nr-03.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330855/; classtype:trojan-activity;sid:84193955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330856)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-7-1200x800.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330856/; classtype:trojan-activity;sid:84193956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330851)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-make-origami-boat-sailboat-diagram.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330851/; classtype:trojan-activity;sid:84193951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330852)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hardwell-live-at-nasimi-beach.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330852/; classtype:trojan-activity;sid:84193952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330845)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_ec166e54984fc160701a92cc7f5a1c04.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330845/; classtype:trojan-activity;sid:84193945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330846)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20211007202229_248a4402-scaled.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330846/; classtype:trojan-activity;sid:84193946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330847)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a17i5161.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330847/; classtype:trojan-activity;sid:84193947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the-grooming-bag--068312ckab-worn-1-0-0-800-800_g.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330848/; classtype:trojan-activity;sid:84193948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330849)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-1440x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330849/; classtype:trojan-activity;sid:84193949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330850)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-58.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330850/; classtype:trojan-activity;sid:84193950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330824)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-mola-curiosasmentes-2024.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330824/; classtype:trojan-activity;sid:84193924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330825)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0527.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330825/; classtype:trojan-activity;sid:84193925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330826)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-2023-03-07-alle-18.12.37.png.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330826/; classtype:trojan-activity;sid:84193926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330827)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/captain-cook-fishing24.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330827/; classtype:trojan-activity;sid:84193927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330828)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16-791.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330828/; classtype:trojan-activity;sid:84193928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330829)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/samsung-galaxy-a25-blue.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330829/; classtype:trojan-activity;sid:84193929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330830)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/343651464_165188469818361_4403843504932347735_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330830/; classtype:trojan-activity;sid:84193930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330831)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscina-30-elite.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330831/; classtype:trojan-activity;sid:84193931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330832)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jamaicablue_bigbrekkie_hires.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330832/; classtype:trojan-activity;sid:84193932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330833)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/emc100-detail-1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330833/; classtype:trojan-activity;sid:84193933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330834)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-submi.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330834/; classtype:trojan-activity;sid:84193934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330835)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_11b_var.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330835/; classtype:trojan-activity;sid:84193935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330836)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambios-situacion-financiera-2011.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330836/; classtype:trojan-activity;sid:84193936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330837)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59165_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330837/; classtype:trojan-activity;sid:84193937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330838)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/18-1440x1080.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330838/; classtype:trojan-activity;sid:84193938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330839)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-mini-kelly-20-epsom-cactus-silver-hardware-set-675x675.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330839/; classtype:trojan-activity;sid:84193939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330840)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/centrala-esprit-73825252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252b.jpg.lnk"; http_uri; depth:200; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330840/; classtype:trojan-activity;sid:84193940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330841)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-354-2023-ordenanza-que-aprueba-reajustar-los-arbitrios-municipales-con-el-indice-de-precios-al-consumidor-aplicable-en-el-ejercicio-fiscal-2024.pdf.lnk"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330841/; classtype:trojan-activity;sid:84193941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330842)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nje-saktesim-per-vendet-e-lira-dt.23.10.2024-per-portalin-24-25.pdf.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330842/; classtype:trojan-activity;sid:84193942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330843)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primary-section-annual-function-10.jpeg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330843/; classtype:trojan-activity;sid:84193943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330844)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171204_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330844/; classtype:trojan-activity;sid:84193944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-07-15-at-10.19.02-am.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330820/; classtype:trojan-activity;sid:84193920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330821)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/361.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330821/; classtype:trojan-activity;sid:84193921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330822)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shaking-water-bath-incubator-bt200.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330822/; classtype:trojan-activity;sid:84193922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330823)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lot-3664_js274_1_shot-1.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330823/; classtype:trojan-activity;sid:84193923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330802)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/emotion-coaching-for-caregivers-tips-and-tricks.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330802/; classtype:trojan-activity;sid:84193902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330803)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-42.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330803/; classtype:trojan-activity;sid:84193903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330804)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkinanatomy.gif.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330804/; classtype:trojan-activity;sid:84193904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330805)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-2023-11-28t143633.732.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330805/; classtype:trojan-activity;sid:84193905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330806)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-pipe-2023-1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330806/; classtype:trojan-activity;sid:84193906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330807)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cool-diy-wood-project-endearing-wooden-wall-decoration-ideas-website-picture-gallery-wall-decoration-with-wood.jpg.lnk"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330807/; classtype:trojan-activity;sid:84193907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330808)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agrinio_revengeporn1.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330808/; classtype:trojan-activity;sid:84193908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330809)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kto-celular-4a9fzf.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330809/; classtype:trojan-activity;sid:84193909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330810)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lot-1-blk-49-sec-d-rbs.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330810/; classtype:trojan-activity;sid:84193910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330811)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-jaketkonveksi-varsity.jpg.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330811/; classtype:trojan-activity;sid:84193911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330812)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/velvet-gold-sfeer-1-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330812/; classtype:trojan-activity;sid:84193912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330813)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8856-min-scaled.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330813/; classtype:trojan-activity;sid:84193913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330814)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59021_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330814/; classtype:trojan-activity;sid:84193914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330815)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7_ws2-exposed-cable-merchandising-guide-indonesia.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330815/; classtype:trojan-activity;sid:84193915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330816)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1676466495b0536d4ff2687145cb01b6812321163c.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330816/; classtype:trojan-activity;sid:84193916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330817)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/512937339056.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330817/; classtype:trojan-activity;sid:84193917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10-1.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330818/; classtype:trojan-activity;sid:84193918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330819)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/review_multhaupt_imagery_in_athletic_injury_rehabilitation_2018-3.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330819/; classtype:trojan-activity;sid:84193919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330789)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20240229_150730-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330789/; classtype:trojan-activity;sid:84193889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330790)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330790/; classtype:trojan-activity;sid:84193890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330791)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3533a.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330791/; classtype:trojan-activity;sid:84193891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2024101612070138-circ_2444_1a_tirada_lliga_catalana_3d_2024_2025.pdf.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330792/; classtype:trojan-activity;sid:84193892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330793)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ne_title_new_010122-1-scaled.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330793/; classtype:trojan-activity;sid:84193893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330794)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59421_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330794/; classtype:trojan-activity;sid:84193894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330795)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preeti-x-anupam-10-scaled.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330795/; classtype:trojan-activity;sid:84193895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330796)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gigabitvoucher24-917x570-1-800x497-1-850x4601-1.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330796/; classtype:trojan-activity;sid:84193896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330797)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/student_b.ed_2021-2023.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330797/; classtype:trojan-activity;sid:84193897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330798)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plants-vs-zombies-2-coloring-pages.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330798/; classtype:trojan-activity;sid:84193898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330799)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comunicat-coronavirus-sgeaf5783.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330799/; classtype:trojan-activity;sid:84193899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330800)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/custom-10x20-tent-768x768.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330800/; classtype:trojan-activity;sid:84193900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330801)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-tokenomics-report-20241.2.9.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330801/; classtype:trojan-activity;sid:84193901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_gift_bag_1577861940_f17c3f99_progressive.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330775/; classtype:trojan-activity;sid:84193875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2024-sfwsc-92-points-sherry-cask.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330776/; classtype:trojan-activity;sid:84193876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zero-gravity-3.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330777/; classtype:trojan-activity;sid:84193877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chemistry.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330778/; classtype:trojan-activity;sid:84193878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20210923_224903-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330779/; classtype:trojan-activity;sid:84193879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/poza-1.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330780/; classtype:trojan-activity;sid:84193880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-004-solicitud-nuevo-campeonato-comarcal.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330781/; classtype:trojan-activity;sid:84193881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/maxresdefault.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330782/; classtype:trojan-activity;sid:84193882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-16.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330783/; classtype:trojan-activity;sid:84193883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1753d_cp-gtc-t13r7.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330784/; classtype:trojan-activity;sid:84193884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20240131-plan-de-accion-1.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330785/; classtype:trojan-activity;sid:84193885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seleccionados-campamento-docentes-por-la-sustentabilidad-vf.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330786/; classtype:trojan-activity;sid:84193886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-bag-30cm-etoupe-togo-leather-women-s-purse-56.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330787/; classtype:trojan-activity;sid:84193887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20267532_50228779_600.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330788/; classtype:trojan-activity;sid:84193888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-47-radicado-3501952024-nombre-alba-esperanza-mendez-munoz.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330754/; classtype:trojan-activity;sid:84193854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330755)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zafer-gazetesi3.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330755/; classtype:trojan-activity;sid:84193855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330756)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3q6a0745-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330756/; classtype:trojan-activity;sid:84193856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190930_092444-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330757/; classtype:trojan-activity;sid:84193857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-clubes-cientificos-2024.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330758/; classtype:trojan-activity;sid:84193858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin25252525252525252525252525252525252525252525252520audit25252525252525252525252525252525252525252525252520report252525252525252525252525252525252525252525252525202024252525252525252525252525252525252525252525252525205.1.2.pdf.lnk"; http_uri; depth:247; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330759/; classtype:trojan-activity;sid:84193859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/316554-51357.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330760/; classtype:trojan-activity;sid:84193860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-defi-protocol-documentation-2024-5-7-9.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330762/; classtype:trojan-activity;sid:84193862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/713b831b-1bff-4c97-beb9-d03acba7db52-1-1200x750-1.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330763/; classtype:trojan-activity;sid:84193863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tu-ruou-canh-kinh.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330764/; classtype:trojan-activity;sid:84193864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-wonderspace-6.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330765/; classtype:trojan-activity;sid:84193865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56973_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330766/; classtype:trojan-activity;sid:84193866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a0009677-1024x768.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330767/; classtype:trojan-activity;sid:84193867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330768)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gerakan-ruku-dalam-shalat.png.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330768/; classtype:trojan-activity;sid:84193868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tcc-bases-2018.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330769/; classtype:trojan-activity;sid:84193869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cronica-del-i-campeonato-regional-de-palomos-jovenes.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330770/; classtype:trojan-activity;sid:84193870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryfilescrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330771/; classtype:trojan-activity;sid:84193871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/el-diablo-camiseta-amarilla-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330772/; classtype:trojan-activity;sid:84193872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330773)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pic_13.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330773/; classtype:trojan-activity;sid:84193873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kabah-scaled.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330774/; classtype:trojan-activity;sid:84193874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preeti-x-anupam-5-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330746/; classtype:trojan-activity;sid:84193846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m_wp_6431e469b635f8a70c845c5f.webp.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330747/; classtype:trojan-activity;sid:84193847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryanyfile.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330748/; classtype:trojan-activity;sid:84193848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d.el.ed-salary-acquitance-nov-.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330749/; classtype:trojan-activity;sid:84193849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330750)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa-03-pousada-piedade-mata-atlantica-ronco-do-bugio.png.png.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330750/; classtype:trojan-activity;sid:84193850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vpavic_211006_4796_0061.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330751/; classtype:trojan-activity;sid:84193851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo8.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330752/; classtype:trojan-activity;sid:84193852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boost.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330753/; classtype:trojan-activity;sid:84193853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-fetyc-2014-gam-explora-rm-norte.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330742/; classtype:trojan-activity;sid:84193842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-355-monaco-smoked-ebony.jpeg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330743/; classtype:trojan-activity;sid:84193843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/913341156467.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330744/; classtype:trojan-activity;sid:84193844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hk-vp-9-4.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330745/; classtype:trojan-activity;sid:84193845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diptico-olimpiada-de-ciencias-2015.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330735/; classtype:trojan-activity;sid:84193835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preeti-x-anupam-3-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330736/; classtype:trojan-activity;sid:84193836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phong-ngu-1.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330737/; classtype:trojan-activity;sid:84193837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330738)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_10b_var.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330738/; classtype:trojan-activity;sid:84193838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330739)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barbie-mermaid-coloring-pages.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330739/; classtype:trojan-activity;sid:84193839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330740)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9a4460a7656fc13c4a79485c9e75c28d.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330740/; classtype:trojan-activity;sid:84193840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330741)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c6ee731c-c1c1-4499-b782-fb1cb545584c.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330741/; classtype:trojan-activity;sid:84193841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carta.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330725/; classtype:trojan-activity;sid:84193825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330726)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/proyecto-evaluacion-ambiental-cuenca-aija-huarmey-final.pdf.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330726/; classtype:trojan-activity;sid:84193826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17309905541d23e557b69644efc5e61466354f8a47.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330727/; classtype:trojan-activity;sid:84193827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-tanpa-judul-87.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330728/; classtype:trojan-activity;sid:84193828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-store-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330729/; classtype:trojan-activity;sid:84193829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_ribstop-drill.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330730/; classtype:trojan-activity;sid:84193830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330731)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bk4.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330731/; classtype:trojan-activity;sid:84193831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330732)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/itapua-07.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330732/; classtype:trojan-activity;sid:84193832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/437542479_840484218122551_7842504678433078813_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330733/; classtype:trojan-activity;sid:84193833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/468613962_568524012795779_1420898726976408305_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330734/; classtype:trojan-activity;sid:84193834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330723)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rain-chamber.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330723/; classtype:trojan-activity;sid:84193823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nirf-2021.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330724/; classtype:trojan-activity;sid:84193824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cp-uvc-d1000l2a.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330719/; classtype:trojan-activity;sid:84193819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-audit-report-20245.1.7.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330720/; classtype:trojan-activity;sid:84193820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/booby-tape-the-original-breast-tape-nude-ebi-boo-tobtnu-228x228-1.jpg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330721/; classtype:trojan-activity;sid:84193821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/118860604_3598257833551820_6605334821481931796_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330722/; classtype:trojan-activity;sid:84193822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-531.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330714/; classtype:trojan-activity;sid:84193814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lower.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330715/; classtype:trojan-activity;sid:84193815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/62064_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330716/; classtype:trojan-activity;sid:84193816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330717)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paleocosas-2014.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330717/; classtype:trojan-activity;sid:84193817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-neutra-12.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330718/; classtype:trojan-activity;sid:84193818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330708)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6597.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330708/; classtype:trojan-activity;sid:84193808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330709)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monero_wallet_setup_guide_2024_4.2.2.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330709/; classtype:trojan-activity;sid:84193809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330710)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pi_oks_473_112341_en.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330710/; classtype:trojan-activity;sid:84193810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330711)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/new-noc_bodakdev-school-for-children-1.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330711/; classtype:trojan-activity;sid:84193811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330712)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1820.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330712/; classtype:trojan-activity;sid:84193812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330713)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_11.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330713/; classtype:trojan-activity;sid:84193813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330706)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/low-temperature-baths-blg100.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330706/; classtype:trojan-activity;sid:84193806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60174_24.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330707/; classtype:trojan-activity;sid:84193807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330703)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3410-scaled.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330703/; classtype:trojan-activity;sid:84193803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330704)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/instrukcja-uzytkowania-4020fb-4020fw-4030f-4050fw.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330704/; classtype:trojan-activity;sid:84193804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330699)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_6c36e4f3e3155f89012191441d2b279d.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330699/; classtype:trojan-activity;sid:84193799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330700)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/172891403049075af6a30dbb60c1f6cb58a625353e.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330700/; classtype:trojan-activity;sid:84193800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330701)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shaking-water-bath-incubator-bt100.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330701/; classtype:trojan-activity;sid:84193801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330694)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryanyfile.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330694/; classtype:trojan-activity;sid:84193794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330695)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/417446575_985829083267452_9035068799785284346_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330695/; classtype:trojan-activity;sid:84193795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330696)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fixedratio_20211108142806_nike_internationalist_gynaikeia_sneakers_polychroma_dh3865_100.jpeg.lnk"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330696/; classtype:trojan-activity;sid:84193796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330697)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/05.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330697/; classtype:trojan-activity;sid:84193797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330698)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/04-manual-interculturalidad.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330698/; classtype:trojan-activity;sid:84193798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330688)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-17-at-10.20.47_8747cd75.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330688/; classtype:trojan-activity;sid:84193788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330689)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zero_anilina.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330689/; classtype:trojan-activity;sid:84193789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330690)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-taxation-guide-20241.6.2.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330690/; classtype:trojan-activity;sid:84193790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330691)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/proteine-in-polvere-volchem-mirabol-senza-lattosio-soia-3.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330691/; classtype:trojan-activity;sid:84193791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330692)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dim_24_e_p14-15.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330692/; classtype:trojan-activity;sid:84193792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mx-m-5050-6050.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330693/; classtype:trojan-activity;sid:84193793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330683)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/71iupc-v39s._ac_sx425_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330683/; classtype:trojan-activity;sid:84193783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330685)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c7f1db60-0354-4f9d-84c2-466b51bb1933.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330685/; classtype:trojan-activity;sid:84193785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330686)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/500-tvd_p3_gerencia-planeacion.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330686/; classtype:trojan-activity;sid:84193786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330687)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/270104856_4660261404040118_5717245083901066131_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330687/; classtype:trojan-activity;sid:84193787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330678)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-marzo-2019.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330678/; classtype:trojan-activity;sid:84193778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330679)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59463_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330679/; classtype:trojan-activity;sid:84193779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330680)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/centralizator-contracte-achizitii-publice-2022.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330680/; classtype:trojan-activity;sid:84193780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330681)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dise25252525252525252525252525252525252525c325252525252525252525252525252525252525b1o-sin-t25252525252525252525252525252525252525c325252525252525252525252525252525252525adtulo-10.png.lnk"; http_uri; depth:197; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330681/; classtype:trojan-activity;sid:84193781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330682)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-51-4990_pdmc_maj_2021.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330682/; classtype:trojan-activity;sid:84193782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330668)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-tokenomics-report-2024-4-9-7.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330668/; classtype:trojan-activity;sid:84193768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330669)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-156-sinaloa-1105-col-roma-1.jpeg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330669/; classtype:trojan-activity;sid:84193769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330670)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04996-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330670/; classtype:trojan-activity;sid:84193770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330671)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/declaracion-de-renta-2019.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330671/; classtype:trojan-activity;sid:84193771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330672)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56295_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330672/; classtype:trojan-activity;sid:84193772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330673)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-label-recall.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330673/; classtype:trojan-activity;sid:84193773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330674)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200929_122328.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330674/; classtype:trojan-activity;sid:84193774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cape-fear-e1474908978963.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330675/; classtype:trojan-activity;sid:84193775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330676)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gu252525252525252525252525252525c3252525252525252525252525252525ada-mx252525252525252525252525252525c3252525252525252525252525252525b1-explora252525252525252525252525252525c3252525252525252525252525252525b1uble.pdf.lnk"; http_uri; depth:229; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330676/; classtype:trojan-activity;sid:84193776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330677)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/general-atomics-san-diego-aerial.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330677/; classtype:trojan-activity;sid:84193777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zestawienie-nr-04.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330664/; classtype:trojan-activity;sid:84193764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foragido-por-homicidio-e-preso-apos-furtar-produtos-de-mercado-vozibz.jpeg.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330665/; classtype:trojan-activity;sid:84193765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330666)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sfeerfoto-ef-0020-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330666/; classtype:trojan-activity;sid:84193766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330667)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fiche25252525252525252525252520intelligence25252525252525252525252520artifitielle.pdf.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330667/; classtype:trojan-activity;sid:84193767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/google-image.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330656/; classtype:trojan-activity;sid:84193756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cotton-combed_2_11zon.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330657/; classtype:trojan-activity;sid:84193757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-marvel-onyx-1.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330658/; classtype:trojan-activity;sid:84193758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-day-generic-agenda.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330659/; classtype:trojan-activity;sid:84193759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fire-noc-certificate-2022-23-2-year-valid.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330660/; classtype:trojan-activity;sid:84193760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330661)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gp-header08.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330661/; classtype:trojan-activity;sid:84193761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cso-leaders-covid-19-urgent-statement-myanmar.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330662/; classtype:trojan-activity;sid:84193762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/merlin_153074973_d1417cbe-a750-44f5-9fa8-716adb5a075b-articlelarge.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330663/; classtype:trojan-activity;sid:84193763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srishti-x-abhinav-1-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330648/; classtype:trojan-activity;sid:84193748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0157.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330649/; classtype:trojan-activity;sid:84193749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190615_095909_1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330650/; classtype:trojan-activity;sid:84193750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3232a1.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330651/; classtype:trojan-activity;sid:84193751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.-bitacora-2525252525252525252525252525252525252525c22525252525252525252525252525252525252525bfen-que2525252525252525252525252525252525252525cc252525252525252525252525252525252525252581-lugar-del-cosmos-estamos-situados-agp.pdf.lnk"; http_uri; depth:243; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330652/; classtype:trojan-activity;sid:84193752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-audit-report-2024-3-2-2.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330653/; classtype:trojan-activity;sid:84193753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/istmag-logo.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330654/; classtype:trojan-activity;sid:84193754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pi_oks_464_113686_en.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330655/; classtype:trojan-activity;sid:84193755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brown-minimalist-lifestyle-daily-vlog-youtube-thumbnail-7-vpnpq2.jpeg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330638/; classtype:trojan-activity;sid:84193738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/elisa.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330639/; classtype:trojan-activity;sid:84193739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hhhh_204.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330640/; classtype:trojan-activity;sid:84193740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscina-elite-4.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330641/; classtype:trojan-activity;sid:84193741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brochure_sorame.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330642/; classtype:trojan-activity;sid:84193742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12190796813_061ec79d6e_n.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330643/; classtype:trojan-activity;sid:84193743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20200218_115343-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330644/; classtype:trojan-activity;sid:84193744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h96.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330645/; classtype:trojan-activity;sid:84193745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wssk-aanmeldingsformulier.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330646/; classtype:trojan-activity;sid:84193746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/home-appliances-household-kitchen-technics-in-the-2023-11-27-05-33-16-utc-scaled-1.jpg.lnk"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330647/; classtype:trojan-activity;sid:84193747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pso_depart_of_psych_22_23.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330628/; classtype:trojan-activity;sid:84193728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thumbnail-nuoc-tam-goi-thao-duoc-bicare-organic.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330629/; classtype:trojan-activity;sid:84193729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vitamina-c-120-timed-release-life.png.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330630/; classtype:trojan-activity;sid:84193730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/v_16503112_1658768169228_bg_processed.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330631/; classtype:trojan-activity;sid:84193731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pujasera_3-e1659797492422.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330632/; classtype:trojan-activity;sid:84193732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/br_cnn_141124_ministro_padilha_frame_13259-e1731608982352-6g338n.jpeg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330633/; classtype:trojan-activity;sid:84193733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plants-vs-zombies-coloring-page.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330634/; classtype:trojan-activity;sid:84193734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-fetyc-2015---gam-explora-rm71641eb2ec6e6ec2bfdbff0000bf3c07.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330635/; classtype:trojan-activity;sid:84193735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/poza-3.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330636/; classtype:trojan-activity;sid:84193736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_8656219542d4066fcf726dc269e73119.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330637/; classtype:trojan-activity;sid:84193737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-min-1024x791.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330620/; classtype:trojan-activity;sid:84193720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-n252525252525252525252525252525252525252525c2252525252525252525252525252525252525252525b02-c-respaldo-proyecto-modalidad-aprendizaje-en-casa-2024.docx.lnk"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330621/; classtype:trojan-activity;sid:84193721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59607_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330622/; classtype:trojan-activity;sid:84193722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-kelly-caleche-woda-perfumowana-dla-kobiet-50-ml-181628.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330623/; classtype:trojan-activity;sid:84193723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2017-predictions-for-pr.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330624/; classtype:trojan-activity;sid:84193724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-tanpa-judul-83.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330625/; classtype:trojan-activity;sid:84193725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sharp-1.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330626/; classtype:trojan-activity;sid:84193726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0761.jpeg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330627/; classtype:trojan-activity;sid:84193727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330616)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1plan-maestro-de-movilidad.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330616/; classtype:trojan-activity;sid:84193716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52067_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330617/; classtype:trojan-activity;sid:84193717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/andaina1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330618/; classtype:trojan-activity;sid:84193718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171018_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330619/; classtype:trojan-activity;sid:84193719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-01-15-at-12.18.23-pm.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330614/; classtype:trojan-activity;sid:84193714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aakanksha-x-vivek-6-compressed-scaled.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330615/; classtype:trojan-activity;sid:84193715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a01_0535.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330613/; classtype:trojan-activity;sid:84193713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adag02.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330608/; classtype:trojan-activity;sid:84193708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koy2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330609/; classtype:trojan-activity;sid:84193709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-garden-party.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330610/; classtype:trojan-activity;sid:84193710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/laufen_palomba_-3.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330611/; classtype:trojan-activity;sid:84193711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resize-5.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330612/; classtype:trojan-activity;sid:84193712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_kelly_dog_extreme_1625933048_8b09d68d_progressive.jpg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330606/; classtype:trojan-activity;sid:84193706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-de.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:235; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330607/; classtype:trojan-activity;sid:84193707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpa-outdo20-rossignol-rsgl-bottom-pantalon-mujer-outdoor-azul-3.jpg.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330604/; classtype:trojan-activity;sid:84193704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-2-1.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330605/; classtype:trojan-activity;sid:84193705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3079a.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330603/; classtype:trojan-activity;sid:84193703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paramedic.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330597/; classtype:trojan-activity;sid:84193697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imagen-de-lente-tecnis-eyhance.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330598/; classtype:trojan-activity;sid:84193698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fb_img_1611423374338.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330599/; classtype:trojan-activity;sid:84193699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/radicchio-600x400.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330601/; classtype:trojan-activity;sid:84193701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/psma0154-800x533.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330602/; classtype:trojan-activity;sid:84193702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/434d95bf-7863-f327-1241-b7abbf910ab5.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330595/; classtype:trojan-activity;sid:84193695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solicitud-homologacion-rfeta-20221115.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330596/; classtype:trojan-activity;sid:84193696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-t2525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525adtulo-1-3.jpg.lnk"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330593/; classtype:trojan-activity;sid:84193693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49700_11.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330594/; classtype:trojan-activity;sid:84193694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/btn-tbs-600-da-62-1.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330584/; classtype:trojan-activity;sid:84193684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-52-radicado-20240310073641-nombre-peticionario-anonimo.pdf.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330586/; classtype:trojan-activity;sid:84193686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/strategia-de-dezvoltare-targu-frumos-2021-2027.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330587/; classtype:trojan-activity;sid:84193687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/axa_i4t_viaggio_singolo_condizioni_20210401.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330589/; classtype:trojan-activity;sid:84193689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-final-2t-promesasrfeta2312097.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330590/; classtype:trojan-activity;sid:84193690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rhs-200-300-tablas-de-perfiles.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330591/; classtype:trojan-activity;sid:84193691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flying-heroes-superman-juguete-volador-bandai-52257.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330592/; classtype:trojan-activity;sid:84193692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_0431.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330583/; classtype:trojan-activity;sid:84193683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/experts-tell-us-its-hard-to-configure-firewalls.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330582/; classtype:trojan-activity;sid:84193682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-deve.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:237; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330578/; classtype:trojan-activity;sid:84193678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/28-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330579/; classtype:trojan-activity;sid:84193679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circularanshoot.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330580/; classtype:trojan-activity;sid:84193680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binova-21-e1455811205892.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330581/; classtype:trojan-activity;sid:84193681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/evelyne-iii-29-bag--056277ck89-worn-1-0-0-1000-1000_g.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330574/; classtype:trojan-activity;sid:84193674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0445.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330575/; classtype:trojan-activity;sid:84193675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-13.jpeg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330576/; classtype:trojan-activity;sid:84193676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/luis-carlos-sarmiento.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330577/; classtype:trojan-activity;sid:84193677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3_3_11zon.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330573/; classtype:trojan-activity;sid:84193673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-make-origami-boat-floating-boat-diagram.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330569/; classtype:trojan-activity;sid:84193669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.-boletin-inscripcion-campeonato-regional-juvenil-4.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330570/; classtype:trojan-activity;sid:84193670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-mens-aw-22-3.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330571/; classtype:trojan-activity;sid:84193671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-256.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330572/; classtype:trojan-activity;sid:84193672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330564/; classtype:trojan-activity;sid:84193664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin-2157c283423c41dc86aff238d4c6d104.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330565/; classtype:trojan-activity;sid:84193665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thisismyworld.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330566/; classtype:trojan-activity;sid:84193666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-develop.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330567/; classtype:trojan-activity;sid:84193667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/42aff2f1-da1c-4965-b2d0-309fc5362e68.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330568/; classtype:trojan-activity;sid:84193668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-develo.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330561/; classtype:trojan-activity;sid:84193661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238745909_106312721765221_5770585861854761140_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330562/; classtype:trojan-activity;sid:84193662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/184_2_75_2006.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330563/; classtype:trojan-activity;sid:84193663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eca2019.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330556/; classtype:trojan-activity;sid:84193656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02485-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330557/; classtype:trojan-activity;sid:84193657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20160115-wa0009.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330558/; classtype:trojan-activity;sid:84193658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58603_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330559/; classtype:trojan-activity;sid:84193659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/304-tvd_p3_almacen.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330560/; classtype:trojan-activity;sid:84193660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryfl-studio-cracked.comcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:243; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330551/; classtype:trojan-activity;sid:84193651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/isida_dms_theme_8_contracts_36-scaled.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330552/; classtype:trojan-activity;sid:84193652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rafael.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330553/; classtype:trojan-activity;sid:84193653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/legalitas10.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330554/; classtype:trojan-activity;sid:84193654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2013-llicencies-circ-64121.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330555/; classtype:trojan-activity;sid:84193655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330545)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-4.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330545/; classtype:trojan-activity;sid:84193645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-258.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330546/; classtype:trojan-activity;sid:84193646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10864_alt6.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330547/; classtype:trojan-activity;sid:84193647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171308_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330548/; classtype:trojan-activity;sid:84193648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap-regulatory-compliance-guide-2024-v1-4-7.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330549/; classtype:trojan-activity;sid:84193649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-decret-2001-173-cadre-loi-elec.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330550/; classtype:trojan-activity;sid:84193650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330538)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/portali-2021-fier-1.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330538/; classtype:trojan-activity;sid:84193638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kambio-eyewear-sunglasses-gigi-studios-gilda-butterfly-brow-6774-0-model.jpg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330539/; classtype:trojan-activity;sid:84193639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tagreuters.com2024binary_lynxmpek170y3-filedimage-c85fjw.jpeg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330540/; classtype:trojan-activity;sid:84193640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stairway-october-2015-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330541/; classtype:trojan-activity;sid:84193641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55545_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330542/; classtype:trojan-activity;sid:84193642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170090_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330543/; classtype:trojan-activity;sid:84193643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330544)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4318-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330544/; classtype:trojan-activity;sid:84193644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lugato_new-1030x773.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330535/; classtype:trojan-activity;sid:84193635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330536)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54456_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330536/; classtype:trojan-activity;sid:84193636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330537)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/04-memoria-explicativa-de-la-cuenta-de-resultados-de-la-federacion-regional-de-murcia-de-colombicultura.pdf.lnk"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330537/; classtype:trojan-activity;sid:84193637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330533)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49700_13.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330533/; classtype:trojan-activity;sid:84193633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/517308_01.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330534/; classtype:trojan-activity;sid:84193634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/basic-thread-ind.-ltd..jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330527/; classtype:trojan-activity;sid:84193627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kompatybilnosc-desek-myjacych-majormaker-z-miskami-toaletowymi-wymagania-i-lista.pdf.lnk"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330528/; classtype:trojan-activity;sid:84193628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e35766c9-a1d8-4ea3-8d9e-940f54dc84a1.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330529/; classtype:trojan-activity;sid:84193629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330530)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oks-4220-tds.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330530/; classtype:trojan-activity;sid:84193630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo_sophia.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330531/; classtype:trojan-activity;sid:84193631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330532)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dormir-bien.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330532/; classtype:trojan-activity;sid:84193632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lego-marvel-76077-iron-man-detriot-steel-strikes-box-3.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330520/; classtype:trojan-activity;sid:84193620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seismoelectrics-2-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330521/; classtype:trojan-activity;sid:84193621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ev-drum.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330522/; classtype:trojan-activity;sid:84193622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59421_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330523/; classtype:trojan-activity;sid:84193623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mascote-cottontail.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330524/; classtype:trojan-activity;sid:84193624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330525)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/salida-de-vehiculos-y-pasajeros-mes-de-enero-de-2024.xlsx.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330525/; classtype:trojan-activity;sid:84193625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moroccanoil-blonde-perfecting-shampoo-7oz-rmo-mor-cbpps07-500x500-1.jpg.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330526/; classtype:trojan-activity;sid:84193626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/impugre-1024x1024.jpeg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330516/; classtype:trojan-activity;sid:84193616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4b58b20d-9c59-4f69-99cb-3001cbd36b61.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330517/; classtype:trojan-activity;sid:84193617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bandura_sociallearningtheory.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330518/; classtype:trojan-activity;sid:84193618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bf_annual-_report_2022_02.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330519/; classtype:trojan-activity;sid:84193619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330514)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a01_771-253-hdr.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330514/; classtype:trojan-activity;sid:84193614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01galeria-articulo-transitions-vyo-18-12-19.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330515/; classtype:trojan-activity;sid:84193615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/algorand-ico-ido-ieo-guide-2024-3.3.8.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330510/; classtype:trojan-activity;sid:84193610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/81ckhs5dxds._ac_uy395_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330511/; classtype:trojan-activity;sid:84193611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ckkurumsal03b.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330512/; classtype:trojan-activity;sid:84193612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fullrunning-galeria-4.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330513/; classtype:trojan-activity;sid:84193613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330503)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pof2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330503/; classtype:trojan-activity;sid:84193603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tangram-1.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330504/; classtype:trojan-activity;sid:84193604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330505)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60174_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330505/; classtype:trojan-activity;sid:84193605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9.-apisonador-gasolina-honda-gx120-ft.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330506/; classtype:trojan-activity;sid:84193606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330507)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_11.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330507/; classtype:trojan-activity;sid:84193607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hacer-ayd2525252525252525252525252525252525252525c42525252525252525252525252525252525252525b1n.jpg.lnk"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330508/; classtype:trojan-activity;sid:84193608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-integral-diciembre-2021.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330509/; classtype:trojan-activity;sid:84193609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330498)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0660-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330498/; classtype:trojan-activity;sid:84193598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330499)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-educational-material-2024-2.5.1.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330499/; classtype:trojan-activity;sid:84193599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330500)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-3.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330500/; classtype:trojan-activity;sid:84193600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330501)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3031538.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330501/; classtype:trojan-activity;sid:84193601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330502)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit252525252525252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525252525252525a0-a-1.pdf.lnk"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330502/; classtype:trojan-activity;sid:84193602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330495)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-api-documentation-2024-5.7.9.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330495/; classtype:trojan-activity;sid:84193595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330496)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kaos-kerah-v-neck_8_11zon.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330496/; classtype:trojan-activity;sid:84193596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330497)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3937fileminimizer.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330497/; classtype:trojan-activity;sid:84193597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330494)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-titulo-5.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330494/; classtype:trojan-activity;sid:84193594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330486)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stevan-colovic_022.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330486/; classtype:trojan-activity;sid:84193586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330487)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/no-gift-policy.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330487/; classtype:trojan-activity;sid:84193587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330488)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ppt-bases-congreso-regional_docentes.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330488/; classtype:trojan-activity;sid:84193588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cocina1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330489/; classtype:trojan-activity;sid:84193589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330490)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mahabharata-vol-1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330490/; classtype:trojan-activity;sid:84193590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330491)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_25.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330491/; classtype:trojan-activity;sid:84193591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330492)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2021-05-12-at-12.54.23-pm.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330492/; classtype:trojan-activity;sid:84193592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330493)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ulotka.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330493/; classtype:trojan-activity;sid:84193593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330481)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330481/; classtype:trojan-activity;sid:84193581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330482)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bc298fd9-8fde-4a8d-aecc-400b3b3a03ff-min-837x628.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330482/; classtype:trojan-activity;sid:84193582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330483)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seed-bank-in-el-jabal-el-akhdar-2007.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330483/; classtype:trojan-activity;sid:84193583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330484)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200409_124712.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330484/; classtype:trojan-activity;sid:84193584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330485)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mario-kart-coloring-page.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330485/; classtype:trojan-activity;sid:84193585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330477)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/igk-expensive-amla-oil-hi-shine-topcoat-4oz-rig-igk-leao04-500x500-1.jpg.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330477/; classtype:trojan-activity;sid:84193577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330478)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-14.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330478/; classtype:trojan-activity;sid:84193578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330479)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/06.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330479/; classtype:trojan-activity;sid:84193579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330480)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viena1.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330480/; classtype:trojan-activity;sid:84193580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330474)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/feesstructureoftheyear2018-2019.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330474/; classtype:trojan-activity;sid:84193574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330475)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nha-30-m-2.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330475/; classtype:trojan-activity;sid:84193575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330476)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330476/; classtype:trojan-activity;sid:84193576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330468)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dise25252525252525252525252525252525252525c325252525252525252525252525252525252525b1o-sin-t25252525252525252525252525252525252525c325252525252525252525252525252525252525adtulo-6.png.lnk"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330468/; classtype:trojan-activity;sid:84193568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330469)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-024.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330469/; classtype:trojan-activity;sid:84193569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330470)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logoredondo.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330470/; classtype:trojan-activity;sid:84193570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330471)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/received_10208048868847422.jpeg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330471/; classtype:trojan-activity;sid:84193571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330472)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d42fe528-3012-422a-8a39-c41ef77c725e.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330472/; classtype:trojan-activity;sid:84193572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330473)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kuppelgewaechshaeus.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330473/; classtype:trojan-activity;sid:84193573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330459)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tri-p1b-2.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330459/; classtype:trojan-activity;sid:84193559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330460)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/blog4.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330460/; classtype:trojan-activity;sid:84193560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330461)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p1010042.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330461/; classtype:trojan-activity;sid:84193561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330462)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/louis-vuitton-lv-oasis-mule-shoes--boih1pgc20_pm1_interior252520view.jpg.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330462/; classtype:trojan-activity;sid:84193562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330463)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/18-1024x576.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330463/; classtype:trojan-activity;sid:84193563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330464)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20161122-wa0002.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330464/; classtype:trojan-activity;sid:84193564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330465)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moe-s-tavern-from-the-simpsons.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330465/; classtype:trojan-activity;sid:84193565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330467)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-governance-vorschlag-2024-5.0.9.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330467/; classtype:trojan-activity;sid:84193567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330455)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330455/; classtype:trojan-activity;sid:84193555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330456)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pans-for-testing-range-top-burner--ansi-z-21.1.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330456/; classtype:trojan-activity;sid:84193556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330457)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9251-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330457/; classtype:trojan-activity;sid:84193557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330454)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tennis-2.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330454/; classtype:trojan-activity;sid:84193554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330449)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ferianinos2018-3.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330449/; classtype:trojan-activity;sid:84193549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330450)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-ag-ficha-tecnica-sustrato-pindstrup-pluss-orange.pdf.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330450/; classtype:trojan-activity;sid:84193550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330451)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/free-princess-peach-coloring-pages.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330451/; classtype:trojan-activity;sid:84193551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330452)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-auditoria-de-regularidad-pad2018_compressed.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330452/; classtype:trojan-activity;sid:84193552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330453)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/notas-estados-dic-2018.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330453/; classtype:trojan-activity;sid:84193553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330447)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/live-05-28abril2021-4.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330447/; classtype:trojan-activity;sid:84193547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330448)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dapur-riarasa-1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330448/; classtype:trojan-activity;sid:84193548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330442)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryecp-dic-2023-1.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:240; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330442/; classtype:trojan-activity;sid:84193542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330443)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/960x0.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330443/; classtype:trojan-activity;sid:84193543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330444)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-concurso-m2525252525252525252525252525c32525252525252525252525252525a1scaras-feci-2022.docx.pdf.lnk"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330444/; classtype:trojan-activity;sid:84193544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330445)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/map1-1.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330445/; classtype:trojan-activity;sid:84193545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330446)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-02-02-at-12.35.39-pm.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330446/; classtype:trojan-activity;sid:84193546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330437)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/valentine-img11-408x544.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330437/; classtype:trojan-activity;sid:84193537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330438)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bsc-mathematics_syllabus_outcome.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330438/; classtype:trojan-activity;sid:84193538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330439)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc00927.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330439/; classtype:trojan-activity;sid:84193539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330440)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a6d53840-632e-49ca-97cb-a23d86eb7855.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330440/; classtype:trojan-activity;sid:84193540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuestoaprobado2012.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330441/; classtype:trojan-activity;sid:84193541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330431)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/202-tvd_p2_depto-talento-h.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330431/; classtype:trojan-activity;sid:84193531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330432)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330432/; classtype:trojan-activity;sid:84193532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330433)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/soal-sosial-kepribadian-paket-1.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330433/; classtype:trojan-activity;sid:84193533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330434)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/economics-course-outcomes-and-syllabus-b.a.-12-2022.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330434/; classtype:trojan-activity;sid:84193534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330435)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lista_de_espera_1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330435/; classtype:trojan-activity;sid:84193535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330436)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/doutor-pastagem-25.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330436/; classtype:trojan-activity;sid:84193536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330420)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112678087205.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330420/; classtype:trojan-activity;sid:84193520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01712-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330421/; classtype:trojan-activity;sid:84193521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330422)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/616gepbsfxl.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330422/; classtype:trojan-activity;sid:84193522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330423)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-333-2022-poner-en-conocimiento-el-presente-la-resolucion-a-los-integrantes-de-la-junta-directica-sindicato-de-servidores-publicos.pdf.lnk"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330423/; classtype:trojan-activity;sid:84193523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330424)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento-interno-de-convivencia-escolar-mundo-magico-2024.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330424/; classtype:trojan-activity;sid:84193524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330425)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17ae41c0-ef8c-4b44-aea1-548e68fc0358.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330425/; classtype:trojan-activity;sid:84193525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330426)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-wallet-setup-guide-20245.2.2.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330426/; classtype:trojan-activity;sid:84193526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330427)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1729785997088e1aecb1faecb1b3ac1123e065141c.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330427/; classtype:trojan-activity;sid:84193527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238900135_106374355092391_8043926581006271322_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330428/; classtype:trojan-activity;sid:84193528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330429)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/950cb93ebc08b915c3316528597f4aae.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330429/; classtype:trojan-activity;sid:84193529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330430)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standee-du-hoc-2.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330430/; classtype:trojan-activity;sid:84193530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330417)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs-2024-layout-semi-final-202401018-scaled.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330417/; classtype:trojan-activity;sid:84193517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330418)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stevan-colovic_012.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330418/; classtype:trojan-activity;sid:84193518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330419)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bsfc-sandesh-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330419/; classtype:trojan-activity;sid:84193519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330416)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330416/; classtype:trojan-activity;sid:84193516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330410)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/problematika-rumah-tangga-dan-penyelesaiannya.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330410/; classtype:trojan-activity;sid:84193510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330411)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tas-hermes-4.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330411/; classtype:trojan-activity;sid:84193511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330412)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/39_veggie-bowl-td_retouch-min.png.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330412/; classtype:trojan-activity;sid:84193512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330413)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/international-women-day-img-2-725x544-1.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330413/; classtype:trojan-activity;sid:84193513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330414)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20150104_175655-2-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330414/; classtype:trojan-activity;sid:84193514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330415)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eclipse-brochure.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330415/; classtype:trojan-activity;sid:84193515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330405)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e-shraman-sanskriti-nov-2021.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330405/; classtype:trojan-activity;sid:84193505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330406)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rie-enfmp.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330406/; classtype:trojan-activity;sid:84193506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330407)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20160717_102331-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330407/; classtype:trojan-activity;sid:84193507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330408)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msallata-garaboulli-province-in-libya-2020.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330408/; classtype:trojan-activity;sid:84193508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330409)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/samsung-11kg-ai-control-front-load-washing-machine-ww11cg604dlb.png.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330409/; classtype:trojan-activity;sid:84193509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330404)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sundarban-national-park.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330404/; classtype:trojan-activity;sid:84193504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330398)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/parijs-bank-met-ottomane-5.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330398/; classtype:trojan-activity;sid:84193498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330399)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/documento-finale_-embracing-sustainability.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330399/; classtype:trojan-activity;sid:84193499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330400)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/07-4.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330400/; classtype:trojan-activity;sid:84193500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330401)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monero-ico-ido-ieo-guide-2024-2-8-9.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330401/; classtype:trojan-activity;sid:84193501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330402)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fb_img_1627490805990.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330402/; classtype:trojan-activity;sid:84193502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330403)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resumen-ejecutivo-bases-investigadores.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330403/; classtype:trojan-activity;sid:84193503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330393)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/disk399-00221a-500x375.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330393/; classtype:trojan-activity;sid:84193493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330394)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6154.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330394/; classtype:trojan-activity;sid:84193494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330395)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1025449_p_pdp.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330395/; classtype:trojan-activity;sid:84193495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330397)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rekom-disnaker-12-agustus-2020.jpeg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330397/; classtype:trojan-activity;sid:84193497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330388)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-06_2016.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330388/; classtype:trojan-activity;sid:84193488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330389)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comingtotown.doc.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330389/; classtype:trojan-activity;sid:84193489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330390)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:182; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330390/; classtype:trojan-activity;sid:84193490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330391)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-kemeja-konveksi-terlaris.jpg.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330391/; classtype:trojan-activity;sid:84193491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330392)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ab5008de-0903-67f8-e6f3-e9f6ae5e272f.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330392/; classtype:trojan-activity;sid:84193492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-default.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330381/; classtype:trojan-activity;sid:84193481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330382)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-ico-ido-ieo-guide-20245-7-2.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330382/; classtype:trojan-activity;sid:84193482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55769_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330383/; classtype:trojan-activity;sid:84193483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330384)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-04-01-at-16.12.55.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330384/; classtype:trojan-activity;sid:84193484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330385)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/home-saver-aqua-blue-air-freshner-200-ml-front-700x700-1.png.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330385/; classtype:trojan-activity;sid:84193485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330386)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330386/; classtype:trojan-activity;sid:84193486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330387)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12_chicken-noodle-salad-td_retouch.png.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330387/; classtype:trojan-activity;sid:84193487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330378)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sige-pag-web_bajo-fregador-90-4-sige.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330378/; classtype:trojan-activity;sid:84193478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330379)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-21-at-10.29.53-mi3s0h.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330379/; classtype:trojan-activity;sid:84193479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171049_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330380/; classtype:trojan-activity;sid:84193480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330374)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/par-explora-preguntas-frecuentes-concurso-2025-4.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330374/; classtype:trojan-activity;sid:84193474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330375)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20190826-221625.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330375/; classtype:trojan-activity;sid:84193475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330376)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/soltones-1.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330376/; classtype:trojan-activity;sid:84193476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330377)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rttc-college-1-5.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330377/; classtype:trojan-activity;sid:84193477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330368)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8317.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330368/; classtype:trojan-activity;sid:84193468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330369)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/07072022-certificado-aprobacio25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252581n-tarifas-2.pdf.lnk"; http_uri; depth:248; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330369/; classtype:trojan-activity;sid:84193469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330370)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ouzim-bioengine-2-fingerprint-access-control-datasheet.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330370/; classtype:trojan-activity;sid:84193470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330371)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hhhh_193.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330371/; classtype:trojan-activity;sid:84193471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330373)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cwik_p_oswiadczenie_stan_majatkowym.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330373/; classtype:trojan-activity;sid:84193473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330365)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jamaica-fav-icon-300x300.png.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330365/; classtype:trojan-activity;sid:84193465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330366)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide_installation_portefeuille_cosmos_2024587.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330366/; classtype:trojan-activity;sid:84193466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330367)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/precision-05.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330367/; classtype:trojan-activity;sid:84193467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330360)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-terbaik.jpg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330360/; classtype:trojan-activity;sid:84193460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330361)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52466052_6429.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330361/; classtype:trojan-activity;sid:84193461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330362)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23660064_1680222692041554_1150976047_o.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330362/; classtype:trojan-activity;sid:84193462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330363)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-ejecutado-a-diciembre-de-2018-forrmato-pdf.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330363/; classtype:trojan-activity;sid:84193463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330364)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6f03fab39400ec76e8116afbc73ea86c.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330364/; classtype:trojan-activity;sid:84193464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330357)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/436725299_342763758803797_8601220966904392190_n-1.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330357/; classtype:trojan-activity;sid:84193457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330358)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/frontdesk.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330358/; classtype:trojan-activity;sid:84193458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330359)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-wonderspace-2-1.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330359/; classtype:trojan-activity;sid:84193459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330354)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monero_defi_protocol_documentation_2024_2.4.6.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330354/; classtype:trojan-activity;sid:84193454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330355)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/19.11.-materia-ipedf.-foto-tony-oliveira-agencia-brasilia-3rvctv.jpeg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330355/; classtype:trojan-activity;sid:84193455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330356)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-04-22-at-18.13_foto.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330356/; classtype:trojan-activity;sid:84193456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330345)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-developme.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:242; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330345/; classtype:trojan-activity;sid:84193445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330346)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resumenes-fae2014-v6.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330346/; classtype:trojan-activity;sid:84193446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330347)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bristol-spekkast-met-manden-100-cm-2-scaled.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330347/; classtype:trojan-activity;sid:84193447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330349)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-010.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330349/; classtype:trojan-activity;sid:84193449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330350)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/26070433_1989645867945294_3756256634758758400_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330350/; classtype:trojan-activity;sid:84193450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330351)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guia-do-curso-como-vender-seguro-empresarial-1.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330351/; classtype:trojan-activity;sid:84193451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330352)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01419-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330352/; classtype:trojan-activity;sid:84193452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330353)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-2.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330353/; classtype:trojan-activity;sid:84193453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330339)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-038.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330339/; classtype:trojan-activity;sid:84193439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330340)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-22-at-10.49.57-pm-1-scaled.jpeg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330340/; classtype:trojan-activity;sid:84193440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330341)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/produkty-polecane-w-hipoglikemii-reaktywnej.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330341/; classtype:trojan-activity;sid:84193441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330342)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpa-outdo20-rossignol-rsgl-bottom-unisex-gris-1.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330342/; classtype:trojan-activity;sid:84193442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/visit-to-house-of-commons-img-4-1-408x544-1.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330343/; classtype:trojan-activity;sid:84193443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330344)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h20-web.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330344/; classtype:trojan-activity;sid:84193444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330337)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/weekly-calendar.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330337/; classtype:trojan-activity;sid:84193437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330338)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-marvel-gala-10.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330338/; classtype:trojan-activity;sid:84193438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330333)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-building-supply-p42i-tc-pellet-insert-4.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330333/; classtype:trojan-activity;sid:84193433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330334)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eri-diciembre-2022.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330334/; classtype:trojan-activity;sid:84193434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330335)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1199.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330335/; classtype:trojan-activity;sid:84193435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330336)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59421_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330336/; classtype:trojan-activity;sid:84193436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330329)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2023-11-25_18-14-09-4.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330329/; classtype:trojan-activity;sid:84193429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330330)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/velvet-gold-2-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330330/; classtype:trojan-activity;sid:84193430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330331)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/david-herme2525cc252580s-barenia-breifcase-downtownuptowngeneve-scaled.jpg.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330331/; classtype:trojan-activity;sid:84193431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330332)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_taipan-tropical.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330332/; classtype:trojan-activity;sid:84193432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330325)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-de-examinare-in-ju-jutsu-5kyu-dan-6.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330325/; classtype:trojan-activity;sid:84193425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330326)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preschool-family-handbook-2019-2020.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330326/; classtype:trojan-activity;sid:84193426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330327)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/07.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330327/; classtype:trojan-activity;sid:84193427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330328)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fiuvbvjveai-1tw.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330328/; classtype:trojan-activity;sid:84193428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330321)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5_zips-single-port-alarm-unit-merchandising-guide-indonesia.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330321/; classtype:trojan-activity;sid:84193421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.sc_.-chemistry-course-structure.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330322/; classtype:trojan-activity;sid:84193422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330323)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa02suites_venda_centro-caucaia-ce-9.jpeg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330323/; classtype:trojan-activity;sid:84193423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330324)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/grs_27_11.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330324/; classtype:trojan-activity;sid:84193424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330317)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iso-45001.site_.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330317/; classtype:trojan-activity;sid:84193417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330318)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-55-radicado-4503382024-nombre-peticionario-daniel-ladino.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330318/; classtype:trojan-activity;sid:84193418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330319)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m500303_0004002_p.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330319/; classtype:trojan-activity;sid:84193419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330320)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f79cad4feeaafa2b14362f892b578433.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330320/; classtype:trojan-activity;sid:84193420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330313)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/schnell-mega-genius14-automatic-loader.png.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330313/; classtype:trojan-activity;sid:84193413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330314)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/www.google.com.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330314/; classtype:trojan-activity;sid:84193414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330315)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2024-10-16t115257z_1_lynxmpek9f0fq_rtroptp_4_politica-moraes-oitojaneiro-extradicao-e1730724698199-xwhgxb.jpeg.lnk"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330315/; classtype:trojan-activity;sid:84193415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330316)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-5.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330316/; classtype:trojan-activity;sid:84193416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330306)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/436924668_342763752137131_5191414088063345327_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330306/; classtype:trojan-activity;sid:84193406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330307)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/04.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330307/; classtype:trojan-activity;sid:84193407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330308)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apr-godisnji-bilten.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330308/; classtype:trojan-activity;sid:84193408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330309)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain-mining-setup-guide-2024-1.9.6.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330309/; classtype:trojan-activity;sid:84193409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330310)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-staking-guide-2024-3-9-6.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330310/; classtype:trojan-activity;sid:84193410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330311)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-kemeja-konveksi-pdh3.jpg.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330311/; classtype:trojan-activity;sid:84193411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330312)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/showdown.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330312/; classtype:trojan-activity;sid:84193412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/front-bumber3-am.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330302/; classtype:trojan-activity;sid:84193402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coll2.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330303/; classtype:trojan-activity;sid:84193403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731504820be7d26851b3625056ceab22b74614813.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330304/; classtype:trojan-activity;sid:84193404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330305)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-1-campamento.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330305/; classtype:trojan-activity;sid:84193405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330298)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56856_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330298/; classtype:trojan-activity;sid:84193398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330299)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1mg3p3jmjro-rkksoo.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330299/; classtype:trojan-activity;sid:84193399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330300)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vp-1-24-presentacion-c.-torreon-col.-vista-hermosa-profe-medina.jpg.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330300/; classtype:trojan-activity;sid:84193400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330301)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-developme.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330301/; classtype:trojan-activity;sid:84193401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330292)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/113866373361.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330292/; classtype:trojan-activity;sid:84193392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330293)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5_zips-single-port-alarm-unit-merchandising-guide-vietnamese.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330293/; classtype:trojan-activity;sid:84193393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330294)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estados2006.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330294/; classtype:trojan-activity;sid:84193394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330295)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-wonderspace-5.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330295/; classtype:trojan-activity;sid:84193395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330296)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ_2448_3a_tirada_lliga_cat_sala_2024_2025.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330296/; classtype:trojan-activity;sid:84193396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330297)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/31.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330297/; classtype:trojan-activity;sid:84193397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-475.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330284/; classtype:trojan-activity;sid:84193384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330285)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/notice-online-admissions-2023-2024.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330285/; classtype:trojan-activity;sid:84193385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330286)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/252525252525255bsoftwarenameandversion252525252525255d.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330286/; classtype:trojan-activity;sid:84193386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330287)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10-1620x1080.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330287/; classtype:trojan-activity;sid:84193387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330288/; classtype:trojan-activity;sid:84193388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koy4.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330289/; classtype:trojan-activity;sid:84193389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330290)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-36-radicado-2846392024-nombre-peticionario-anonimo.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330290/; classtype:trojan-activity;sid:84193390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330291)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/200-solicitud-de-alta-de-licencia-de-deportista.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330291/; classtype:trojan-activity;sid:84193391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330280)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1681201453_s19-hydro.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330280/; classtype:trojan-activity;sid:84193380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preeti-x-anupam-8-1-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330281/; classtype:trojan-activity;sid:84193381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.jpeg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330282/; classtype:trojan-activity;sid:84193382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/229428635_255322435.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330283/; classtype:trojan-activity;sid:84193383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330271)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.42.21-1-1024x1024.jpeg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330271/; classtype:trojan-activity;sid:84193371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330272)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sliding-fee-application_102424.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330272/; classtype:trojan-activity;sid:84193372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330273)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/texto-unico-de-procedimientos-administrativos-cayma-2019-ordenanza-267-2019-mdc.pdf.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330273/; classtype:trojan-activity;sid:84193373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330274)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60121_17.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330274/; classtype:trojan-activity;sid:84193374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mapa-riesgos-tecnologia.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330275/; classtype:trojan-activity;sid:84193375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330276)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-275-scaled.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330276/; classtype:trojan-activity;sid:84193376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330277)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-5.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330277/; classtype:trojan-activity;sid:84193377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330278)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-tbs-1a-1.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330278/; classtype:trojan-activity;sid:84193378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330279)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-1-carta-de-compromiso-pipe.docx.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330279/; classtype:trojan-activity;sid:84193379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330264)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fashion-2014-09-hermes-birkin-python-gold-diamond-bag-main.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330264/; classtype:trojan-activity;sid:84193364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330265)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa02suites_venda_centro-caucaia-ce-2-1.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330265/; classtype:trojan-activity;sid:84193365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330266)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anak-laki-laki-bertamu-mengetuk-pintu.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330266/; classtype:trojan-activity;sid:84193366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330268)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-aprobado-2014.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330268/; classtype:trojan-activity;sid:84193368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330269)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stingjazzistanbul.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330269/; classtype:trojan-activity;sid:84193369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330270)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1287.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330270/; classtype:trojan-activity;sid:84193370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330260)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/35452_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330260/; classtype:trojan-activity;sid:84193360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330261)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/inoliva-ilac.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330261/; classtype:trojan-activity;sid:84193361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330262)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.-g-postulacion-cartacompromisoapoderado-taller-invierno.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330262/; classtype:trojan-activity;sid:84193362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330263)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phenom-elite-mens-woven-running-pants-sksfts.png.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330263/; classtype:trojan-activity;sid:84193363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330252)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20241120_172726_canva-807x1030.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330252/; classtype:trojan-activity;sid:84193352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330253)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/organizator-protest.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330253/; classtype:trojan-activity;sid:84193353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330254)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2021252525252525252525252525252525252520krahn252525252525252525252525252525252520product252525252525252525252525252525252520brochure.pdf.lnk"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330254/; classtype:trojan-activity;sid:84193354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330255)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-1620x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330255/; classtype:trojan-activity;sid:84193355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330256)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-1-6.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330256/; classtype:trojan-activity;sid:84193356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330257)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/24.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330257/; classtype:trojan-activity;sid:84193357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330258)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zero-gravity-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330258/; classtype:trojan-activity;sid:84193358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330259)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01_nivel2-scaled.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330259/; classtype:trojan-activity;sid:84193359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330247)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04303-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330247/; classtype:trojan-activity;sid:84193347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330249)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/breton-plantentafel-beton-met-staal-60cm-hoog-kopie-2-300x300-1.jpg.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330249/; classtype:trojan-activity;sid:84193349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330250)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/parque-foto-joel-rodrigues-pe8iq8.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330250/; classtype:trojan-activity;sid:84193350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330251)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/order-on-motion-to-dismiss-lawsuit.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330251/; classtype:trojan-activity;sid:84193351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330243)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bang-hieu-hinh-oval-1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330243/; classtype:trojan-activity;sid:84193343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330244)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standard-electric-furnace-fo100.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330244/; classtype:trojan-activity;sid:84193344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330245)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bay-creation-ltd.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330245/; classtype:trojan-activity;sid:84193345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330246)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dmi-colors.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330246/; classtype:trojan-activity;sid:84193346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330242)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kuromi-coloring-page.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330242/; classtype:trojan-activity;sid:84193342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330236)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/merchant-rates-2023-2024.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330236/; classtype:trojan-activity;sid:84193336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330237)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp5187.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330237/; classtype:trojan-activity;sid:84193337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330238)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8.-sop-pelaporan-hasil-pkm.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330238/; classtype:trojan-activity;sid:84193338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330239)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cua-nhom-thuy-luc-4-4.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330239/; classtype:trojan-activity;sid:84193339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330240)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3833-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330240/; classtype:trojan-activity;sid:84193340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330241)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171222_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330241/; classtype:trojan-activity;sid:84193341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330229)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tummy-tuck-after.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330229/; classtype:trojan-activity;sid:84193329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330230)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libroresumenescongreso2021.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330230/; classtype:trojan-activity;sid:84193330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330231)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1407-wr.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330231/; classtype:trojan-activity;sid:84193331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330232)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3645fileminimizer.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330232/; classtype:trojan-activity;sid:84193332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330233)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-27.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330233/; classtype:trojan-activity;sid:84193333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330234)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preguntas-frecuentes-cupo-explora-unesco-admisio2525252525252525252525252525252525252525cc252525252525252525252525252525252525252581n-2025.pdf.lnk"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330234/; classtype:trojan-activity;sid:84193334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330235)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-energy-saving-dne611.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330235/; classtype:trojan-activity;sid:84193335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330224)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330224/; classtype:trojan-activity;sid:84193324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330225)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a-frame-horizontal-roof-options.png.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330225/; classtype:trojan-activity;sid:84193325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330226)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17008556184b5f24aebf7bb1e95fa4811fc9fc4f0f.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330226/; classtype:trojan-activity;sid:84193326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330227)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asif-rizvi.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330227/; classtype:trojan-activity;sid:84193327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330228)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59021_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330228/; classtype:trojan-activity;sid:84193328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330220)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-icon-3-32x32.png.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330220/; classtype:trojan-activity;sid:84193320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330221)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-al-30-de-junio-del-2016.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330221/; classtype:trojan-activity;sid:84193321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330222)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-diego-international-airport-terminal-1-aerial-photography.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330222/; classtype:trojan-activity;sid:84193322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330223)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/policia_federal_pf_05-jv5tly.jpeg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330223/; classtype:trojan-activity;sid:84193323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330215)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide-de-configuration-du-minnage-de-bitcoin-20242.1.1.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330215/; classtype:trojan-activity;sid:84193315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330216)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-349-2023-felicitar-al-licenciado-reynald-paredes-casapia.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330216/; classtype:trojan-activity;sid:84193316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330217)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spring_update_2023_final.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330217/; classtype:trojan-activity;sid:84193317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330218)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phan-mem-trinh-chieu-co-doc-v4-1-6.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330218/; classtype:trojan-activity;sid:84193318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330219)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deska-sedesowa-z-funkcja-bidetu-majormaker-rubine-290b-2.png.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330219/; classtype:trojan-activity;sid:84193319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330212)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/412.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330212/; classtype:trojan-activity;sid:84193312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330213)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60078_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330213/; classtype:trojan-activity;sid:84193313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330214)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-of-mario-kart-characters.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330214/; classtype:trojan-activity;sid:84193314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330204)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos_consensus_mechanism_details_2024_4.2.2.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330204/; classtype:trojan-activity;sid:84193304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330205)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-eliberare-adeverinta-de-rol.docx.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330205/; classtype:trojan-activity;sid:84193305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330206)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bc8897b2-1e5f-d45b-3dec-01c49b339300.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330206/; classtype:trojan-activity;sid:84193306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330207)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/doutor-pastagem-16.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330207/; classtype:trojan-activity;sid:84193307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330208)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-of-bihar-state-inter-school13to17-2024.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330208/; classtype:trojan-activity;sid:84193308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330209)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chef-standing-in-restaurant-kitchen.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330209/; classtype:trojan-activity;sid:84193309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330210)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunny-minia-project.jpeg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330210/; classtype:trojan-activity;sid:84193310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330211)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/portada.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330211/; classtype:trojan-activity;sid:84193311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330199)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pic-425-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330199/; classtype:trojan-activity;sid:84193299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330200)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-develop.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330200/; classtype:trojan-activity;sid:84193300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330201)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cua-nhom-xingfa-quang-dong-5-2.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330201/; classtype:trojan-activity;sid:84193301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330202)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/golpe-mensagem-falsa-detran-ceu501.jpeg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330202/; classtype:trojan-activity;sid:84193302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330203)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-risikobewertungsbericht-2024-4-5-1.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330203/; classtype:trojan-activity;sid:84193303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330197)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/freeze-dryer-dc401.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330197/; classtype:trojan-activity;sid:84193297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-09-12-at-09.54.42.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330198/; classtype:trojan-activity;sid:84193298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330193)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro-resumenes-2016.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330193/; classtype:trojan-activity;sid:84193293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330194)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sige-pag-web_bajo-fregador-90-3-sige.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330194/; classtype:trojan-activity;sid:84193294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330195)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duplex-icarai-26.jpeg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330195/; classtype:trojan-activity;sid:84193295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330185)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/smiling-child.jpeg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330185/; classtype:trojan-activity;sid:84193285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330186)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-sdqs-2016-a.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330186/; classtype:trojan-activity;sid:84193286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330187)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/premiere-vision.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330187/; classtype:trojan-activity;sid:84193287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330188)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/38a2d3a9-c48f-ba7e-a875-1a47ca3776fb.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330188/; classtype:trojan-activity;sid:84193288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330189)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/professional-accountnt-on-accounting-and-taxation-6.png.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330189/; classtype:trojan-activity;sid:84193289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330190)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preguntas-frecuentes-cupo-explora-unesco-admisio25252525252525252525252525252525cc2525252525252525252525252525252581n-2025.pdf.lnk"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330190/; classtype:trojan-activity;sid:84193290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330191)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-marvel-gala-11.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330191/; classtype:trojan-activity;sid:84193291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330192)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum-sicherheiten-best-practices-20241.3.2.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330192/; classtype:trojan-activity;sid:84193292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330181)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2014-2015-campionatprovincialdelleida.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330181/; classtype:trojan-activity;sid:84193281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330182)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/abstract_2015_1_52.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330182/; classtype:trojan-activity;sid:84193282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330183)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cinnamon-scortisoara.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330183/; classtype:trojan-activity;sid:84193283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330184)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coaster-725x544-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330184/; classtype:trojan-activity;sid:84193284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330176)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ankieta-osobowa-dziecka.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330176/; classtype:trojan-activity;sid:84193276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330177)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diagnostic-lab-certi-4.png.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330177/; classtype:trojan-activity;sid:84193277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330178)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/soos-la-expozitie.jpeg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330178/; classtype:trojan-activity;sid:84193278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330179)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/double_zip_style_organizer_liner_for_hermes_birkin30_inside-550x550.jpg.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330179/; classtype:trojan-activity;sid:84193279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330180)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0108-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330180/; classtype:trojan-activity;sid:84193280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330172)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20-hermes-kelly-monaco-navy-box-bag-60s-collector-vip-special-gift-vintage-personal-shopper-katheleys.jpg.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330172/; classtype:trojan-activity;sid:84193272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330173)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandpiper-2017-2.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330173/; classtype:trojan-activity;sid:84193273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330174)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informaci252525252525252525252525252525252525252525c325252525252525252525252525252525252525252593n-proceso-de-admisi252525252525252525252525252525252525252525c325252525252525252525252525252525252525252593n-cupo-explora-unesco-2025-1.pdf.lnk"; http_uri; depth:251; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330174/; classtype:trojan-activity;sid:84193274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330175)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-b-230523-2-11_fcd30aa7-cfd5-4c04-b5c2-8d14d3f43720_1024x1024.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330175/; classtype:trojan-activity;sid:84193275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330166)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8320.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330166/; classtype:trojan-activity;sid:84193266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330167)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330167/; classtype:trojan-activity;sid:84193267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330168)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-ms-mes-ae.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330168/; classtype:trojan-activity;sid:84193268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330169)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330169/; classtype:trojan-activity;sid:84193269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330170)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-wallet-setup-guide-2024-4.9.8.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330170/; classtype:trojan-activity;sid:84193270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330171)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/booby-tape-skin-miracle-pink-breast-scrub-150g-ebi-boo-lmpbs05-228x228-1.jpg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330171/; classtype:trojan-activity;sid:84193271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330160)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sep152008.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330160/; classtype:trojan-activity;sid:84193260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330161)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-8-725x544-1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330161/; classtype:trojan-activity;sid:84193261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330162)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3829_hermes_constance_24_black_m_2f_s.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330162/; classtype:trojan-activity;sid:84193262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330163)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sept-2021.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330163/; classtype:trojan-activity;sid:84193263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330164)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330164/; classtype:trojan-activity;sid:84193264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330165)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20171109_100720.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330165/; classtype:trojan-activity;sid:84193265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330156)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330156/; classtype:trojan-activity;sid:84193256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330157)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58928_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330157/; classtype:trojan-activity;sid:84193257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330158)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/free-lightning-mcqueen-coloring-pages.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330158/; classtype:trojan-activity;sid:84193258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330159)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barragem-bh-fqbbo0.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330159/; classtype:trojan-activity;sid:84193259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330150)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1718.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330150/; classtype:trojan-activity;sid:84193250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330151)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asphalt-anchors-feature-img.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330151/; classtype:trojan-activity;sid:84193251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330152)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/83c5eab6-dfcb-8b3e-9f96-9b08a7eb9411.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330152/; classtype:trojan-activity;sid:84193252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330153)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-11.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330153/; classtype:trojan-activity;sid:84193253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330154)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/543d793d-509e-a5af-74a5-803be4a956d7.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330154/; classtype:trojan-activity;sid:84193254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330155)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-produk-bandung-2-800x800.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330155/; classtype:trojan-activity;sid:84193255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330143)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ellumeno-product-catalog.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330143/; classtype:trojan-activity;sid:84193243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330145)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/r1s2qkk26ji-hhahtv.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330145/; classtype:trojan-activity;sid:84193245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330146)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iso-9001-06-05-2026.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330146/; classtype:trojan-activity;sid:84193246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330147)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/053123-birkin-bag-lead-708b0b38819c41f28396689e395ec4bc-35e2793eb18a41859dc494436ee719dc.jpg.lnk"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330147/; classtype:trojan-activity;sid:84193247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330148)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-extra-7.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330148/; classtype:trojan-activity;sid:84193248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330149)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/map2-1.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330149/; classtype:trojan-activity;sid:84193249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330139)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1722178794e9bec49be8918e160a4275e91b201793.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330139/; classtype:trojan-activity;sid:84193239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330140)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/catalogo-accs.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330140/; classtype:trojan-activity;sid:84193240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330141)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/abaco-658x1024.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330141/; classtype:trojan-activity;sid:84193241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330142)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sor3436hermeshsskelly20-craie_goldepsomghw-_25_499_8415_2048x2048.jpg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330142/; classtype:trojan-activity;sid:84193242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330136)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/halloween-bitch-camiseta-negra.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330136/; classtype:trojan-activity;sid:84193236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330137)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57786_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330137/; classtype:trojan-activity;sid:84193237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330138)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/campeonatos-planificacion-deportiva-2022.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330138/; classtype:trojan-activity;sid:84193238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330127)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-chess-m200-1.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330127/; classtype:trojan-activity;sid:84193227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330128)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1283.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330128/; classtype:trojan-activity;sid:84193228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330129)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/electricite.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330129/; classtype:trojan-activity;sid:84193229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330130)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4080-scaled.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330130/; classtype:trojan-activity;sid:84193230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330131)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/167646649647cc49f527cf1eeffe2debb14ebc3b05.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330131/; classtype:trojan-activity;sid:84193231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330132)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/g_g-inkjet-box.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330132/; classtype:trojan-activity;sid:84193232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330133)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cleanmax_catalogo.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330133/; classtype:trojan-activity;sid:84193233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330134)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/277364080_4941977319201857_5383023705491253991_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330134/; classtype:trojan-activity;sid:84193234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330135)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59607_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330135/; classtype:trojan-activity;sid:84193235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330121)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nazrahotel06.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330121/; classtype:trojan-activity;sid:84193221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330122)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-31-radicado-2569942024-nombre-peticionario-melany-cristancho-conde.pdf.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330122/; classtype:trojan-activity;sid:84193222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330123)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rodo.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330123/; classtype:trojan-activity;sid:84193223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330124)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-030.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330124/; classtype:trojan-activity;sid:84193224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330125)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/special-a-remi-mom-jeans-29866744840358_720x.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330125/; classtype:trojan-activity;sid:84193225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330126)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01571-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330126/; classtype:trojan-activity;sid:84193226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330117)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/la-guajira-noticias-miercoles-20-de-noviembre-de-2024.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330117/; classtype:trojan-activity;sid:84193217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330118)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7_8_11zon.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330118/; classtype:trojan-activity;sid:84193218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330119)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/494-sf-grey-monument-oak-min-min-scaled.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330119/; classtype:trojan-activity;sid:84193219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330120)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/berlusconi%20under%20attack.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330120/; classtype:trojan-activity;sid:84193220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330113)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112290630883.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330113/; classtype:trojan-activity;sid:84193213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330114)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20180903_171748.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330114/; classtype:trojan-activity;sid:84193214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330115)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cldf-aprova-mudancas-nos-programas-habitacionais-do-df-cokzc1.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330115/; classtype:trojan-activity;sid:84193215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330116)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-de.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330116/; classtype:trojan-activity;sid:84193216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330110)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02108-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330110/; classtype:trojan-activity;sid:84193210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330111)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/timeline-tree_revised.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330111/; classtype:trojan-activity;sid:84193211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330112)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mmmhbby7uko-neg0qd.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330112/; classtype:trojan-activity;sid:84193212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330103)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/co_title_new_010122_lo-1-scaled.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330103/; classtype:trojan-activity;sid:84193203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330104)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/axis-knitwear-ltd..jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330104/; classtype:trojan-activity;sid:84193204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330105)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rezultatul-selectiei-dosarului.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330105/; classtype:trojan-activity;sid:84193205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330106)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2912678087240.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330106/; classtype:trojan-activity;sid:84193206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330107)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sherry-brookes-armada-avenue-2.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330107/; classtype:trojan-activity;sid:84193207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330108)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/160050-3_1_a_carta-invitacion-jornada-crn-ganaderia..pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330108/; classtype:trojan-activity;sid:84193208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330109)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saules-03.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330109/; classtype:trojan-activity;sid:84193209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330100)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/74712598_407799430152809_7085239837712996974_n.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330100/; classtype:trojan-activity;sid:84193200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330101)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8d201dd6-0feb-5e5c-b7d1-3b8014147833.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330101/; classtype:trojan-activity;sid:84193201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330102)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-legal-contract-2024-2-6-5.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330102/; classtype:trojan-activity;sid:84193202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330099)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0020.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330099/; classtype:trojan-activity;sid:84193199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330092)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/montanha-com-etapas.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330092/; classtype:trojan-activity;sid:84193192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330093)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/catalogo-exposiciones-itinerantes.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330093/; classtype:trojan-activity;sid:84193193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330094)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/z5559439863895_ebd1697fba542556ee84765fef6627e8.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330094/; classtype:trojan-activity;sid:84193194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330095)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-1.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330095/; classtype:trojan-activity;sid:84193195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330096)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp9634.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330096/; classtype:trojan-activity;sid:84193196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330097)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3445-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330097/; classtype:trojan-activity;sid:84193197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330098)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11-1.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330098/; classtype:trojan-activity;sid:84193198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330086)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-03-30-at-12.54.59.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330086/; classtype:trojan-activity;sid:84193186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330087)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-dkn402.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330087/; classtype:trojan-activity;sid:84193187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330088)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-n252525252525252525252525252525c2252525252525252525252525252525b01-formulario-de-postulaci252525252525252525252525252525c3252525252525252525252525252525b3n-2024.docx.lnk"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330088/; classtype:trojan-activity;sid:84193188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330089)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-feria-cientifica-colegios-josefinos-2015.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330089/; classtype:trojan-activity;sid:84193189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330090)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/princess-peach-free-coloring-pages.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330090/; classtype:trojan-activity;sid:84193190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330091)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1573-done-for-gb.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330091/; classtype:trojan-activity;sid:84193191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330078)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/studio-icon.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330078/; classtype:trojan-activity;sid:84193178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330079)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/order-1-1.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330079/; classtype:trojan-activity;sid:84193179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330080)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-87-1.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330080/; classtype:trojan-activity;sid:84193180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330081)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/staff-parties-img-4-408x544-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330081/; classtype:trojan-activity;sid:84193181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330082)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mo-600-do-c-molygraph-sght-600-tds.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330082/; classtype:trojan-activity;sid:84193182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330083)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/patchwork-pencil-bag-high-capacity-zipper-closure-foldable-stationery-bag-women-young-girls-cosmetic-bag.jpg.lnk"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330083/; classtype:trojan-activity;sid:84193183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330084)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/professional-accountnt-on-accounting-and-taxation-3.png.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330084/; classtype:trojan-activity;sid:84193184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330085)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resumen-bases-congreso-regional_estudiantes.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330085/; classtype:trojan-activity;sid:84193185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330074)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56918_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330074/; classtype:trojan-activity;sid:84193174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330075)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kurseong_1024.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330075/; classtype:trojan-activity;sid:84193175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330076)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d_nq_np_804985-mlm26321751290_112017-w.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330076/; classtype:trojan-activity;sid:84193176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330077)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-65.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330077/; classtype:trojan-activity;sid:84193177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330071)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330071/; classtype:trojan-activity;sid:84193171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330073)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1718046702e5dd1c05dbabe51c9065e56e08463202.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330073/; classtype:trojan-activity;sid:84193173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330065)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/25d725a125d7259825d7259825d7259925d725a7-25d7259725d7259325d725a8-25d7259125d725a825d7259925d7259725d72594-25d7259125d7259925d725aa-25d7259425d725a025d7259925d7259925d725a8-1.jpg.lnk"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330065/; classtype:trojan-activity;sid:84193165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330066)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-044.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330066/; classtype:trojan-activity;sid:84193166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330067)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-01-derecho-de-preferencia2016.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330067/; classtype:trojan-activity;sid:84193167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330068)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-neutra-3.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330068/; classtype:trojan-activity;sid:84193168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330069)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330069/; classtype:trojan-activity;sid:84193169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330070)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/173159761203b6678c83276e40e96dfe14dd7fbc95.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330070/; classtype:trojan-activity;sid:84193170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330061)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330061/; classtype:trojan-activity;sid:84193161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330063)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carga-scaled.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330063/; classtype:trojan-activity;sid:84193163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330064)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estados2004.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330064/; classtype:trojan-activity;sid:84193164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330057)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-1.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330057/; classtype:trojan-activity;sid:84193157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330058)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20220909-seguimiento-primer-cuatrimestre-rev1.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330058/; classtype:trojan-activity;sid:84193158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330059)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01539-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330059/; classtype:trojan-activity;sid:84193159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330060)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-02-19-at-20.21.35-2.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330060/; classtype:trojan-activity;sid:84193160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330046)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryangled_bottom_up_roller_specs.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330046/; classtype:trojan-activity;sid:84193146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330047)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c2-3924-capital-by-wuyhoang07638-683x1024.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330047/; classtype:trojan-activity;sid:84193147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330048)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171246_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330048/; classtype:trojan-activity;sid:84193148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330049)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/your-name-5.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330049/; classtype:trojan-activity;sid:84193149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330050)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20241030-wa0043-3.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330050/; classtype:trojan-activity;sid:84193150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330051)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-int-junio-2019.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330051/; classtype:trojan-activity;sid:84193151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330052)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/product-16-1-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330052/; classtype:trojan-activity;sid:84193152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330053)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1681495184930fa7e442f397f4989b91e1a62dd103.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330053/; classtype:trojan-activity;sid:84193153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330054)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57658_30.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330054/; classtype:trojan-activity;sid:84193154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/beszamolo2020.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330055/; classtype:trojan-activity;sid:84193155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330056)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/revaluation-notice-for-sem-v-of-b.a.-b.sc_.-b.com-repeat-and-semester-vi-regular.pdf.lnk"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330056/; classtype:trojan-activity;sid:84193156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330038)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rlm.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330038/; classtype:trojan-activity;sid:84193138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330039)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rex-296.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330039/; classtype:trojan-activity;sid:84193139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330040)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa02suites_venda_centro-caucaia-ce-3-1.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330040/; classtype:trojan-activity;sid:84193140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330041)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/onko.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330041/; classtype:trojan-activity;sid:84193141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330042)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/picture5-2.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330042/; classtype:trojan-activity;sid:84193142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330043)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-8551-c.-santa-elena-y-saltillo-col.-nisperos-15.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330043/; classtype:trojan-activity;sid:84193143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330044)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duplex-icarai-28.jpeg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330044/; classtype:trojan-activity;sid:84193144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330045)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/order.court_.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330045/; classtype:trojan-activity;sid:84193145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330037)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/596_modificacion-no-1-presupuesto-2021-1.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330037/; classtype:trojan-activity;sid:84193137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330032)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171008_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330032/; classtype:trojan-activity;sid:84193132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330033)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/giant_129944.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330033/; classtype:trojan-activity;sid:84193133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330034)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.-politica-de-tratamiento-de-datos-personales-en-pdf.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330034/; classtype:trojan-activity;sid:84193134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330035)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primary-section-annual-function-8.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330035/; classtype:trojan-activity;sid:84193135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330026)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/375.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330026/; classtype:trojan-activity;sid:84193126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330027)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vi_copa_barcelona_femenina_2019_circular_catal25252525252525252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525252525252525a0.pdf.lnk"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330027/; classtype:trojan-activity;sid:84193127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330028)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20180726_082914.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330028/; classtype:trojan-activity;sid:84193128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330029)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2008_zastosowanie-probiotyk252525252525252525252525252525252525c3252525252525252525252525252525252525b3w-w-pediatrii.pdf.lnk"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330029/; classtype:trojan-activity;sid:84193129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330030)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-pipe-2024.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330030/; classtype:trojan-activity;sid:84193130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330031)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1d37010d057807482d8f5d5aa5a1fc2a.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330031/; classtype:trojan-activity;sid:84193131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330023)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franz-de-boe.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330023/; classtype:trojan-activity;sid:84193123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330024)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerypazrk-hals.jpgcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330024/; classtype:trojan-activity;sid:84193124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330025)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tagreuters.com2023binary_lynxmpej6c0yk-filedimage-zdygql.jpeg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330025/; classtype:trojan-activity;sid:84193125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330021)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13.-portapallet-minicargador-ft.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330021/; classtype:trojan-activity;sid:84193121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330022)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/optimus-prime-coloring-page.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330022/; classtype:trojan-activity;sid:84193122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330019)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nazrahotel03.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330019/; classtype:trojan-activity;sid:84193119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330020)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fixedratio_20180104105733_nike_internationalist_828407_412.jpeg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330020/; classtype:trojan-activity;sid:84193120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330016)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resoluci25252525252525252525252525252525252525c325252525252525252525252525252525252525b3n-admisibilidad-par-explora-2025-2026-1.pdf.lnk"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330016/; classtype:trojan-activity;sid:84193116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330017)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-23-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330017/; classtype:trojan-activity;sid:84193117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330018)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16764664610bcd7c59b3c13f63c56094b0a41d6f96.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330018/; classtype:trojan-activity;sid:84193118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330010)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58928_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330010/; classtype:trojan-activity;sid:84193110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330011)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-12-02-at-12.17.04-4.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330011/; classtype:trojan-activity;sid:84193111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330012)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-cdmlg-3.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330012/; classtype:trojan-activity;sid:84193112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330013)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/295869238_769477350841959_542776912089332572_n-e1662818183164.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330013/; classtype:trojan-activity;sid:84193113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330014)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7078503_1729693694313.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330014/; classtype:trojan-activity;sid:84193114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330015)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-485-gallery-1.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330015/; classtype:trojan-activity;sid:84193115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330002)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-w-scaled.gif.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330002/; classtype:trojan-activity;sid:84193102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330003)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9071-la-prise-de-lille-carre.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330003/; classtype:trojan-activity;sid:84193103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330004)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-21-at-19.49.55-1-xvnsaf.jpeg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330004/; classtype:trojan-activity;sid:84193104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330005)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/324.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330005/; classtype:trojan-activity;sid:84193105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330006)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58285_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330006/; classtype:trojan-activity;sid:84193106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330007)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imagen-principal-del-producto-lagricel-ofteno-frasco-multiusos.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330007/; classtype:trojan-activity;sid:84193107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330008)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_semi-katun.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330008/; classtype:trojan-activity;sid:84193108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329997)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7.-cortadora-de-concreto-ft.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329997/; classtype:trojan-activity;sid:84193097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329998)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gus6804-scaled.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329998/; classtype:trojan-activity;sid:84193098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329999)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4708-dpap.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329999/; classtype:trojan-activity;sid:84193099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330000)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stages-du-coaching-systemique.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330000/; classtype:trojan-activity;sid:84193100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3330001)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comunicare-acceptare-oferta-persoane-juridice.docx.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3330001/; classtype:trojan-activity;sid:84193101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329993)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01774.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329993/; classtype:trojan-activity;sid:84193093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329994)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plug.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329994/; classtype:trojan-activity;sid:84193094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329995)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-legal-contract-2024-5-7-3.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329995/; classtype:trojan-activity;sid:84193095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329996)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57104_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329996/; classtype:trojan-activity;sid:84193096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329991)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1113341156467.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329991/; classtype:trojan-activity;sid:84193091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329992)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b215a6ba-c4d0-4c99-b33f-672ffc47f093-min-471x628.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329992/; classtype:trojan-activity;sid:84193092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329983)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/earth-brown.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329983/; classtype:trojan-activity;sid:84193083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329984)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pozsgv2dcvacreqhlqk2wwg6zi.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329984/; classtype:trojan-activity;sid:84193084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329985)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfin_annual-report_2020_book_r.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329985/; classtype:trojan-activity;sid:84193085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329986)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brochure_bewoners_huurkoopwoningen_56_woningen_zeeheldenwijk_te_urk.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329986/; classtype:trojan-activity;sid:84193086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329987)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-1024x576.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329987/; classtype:trojan-activity;sid:84193087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329988)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/middle-sections-much-anticipated-annual-event-noir-et-blanc-3.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329988/; classtype:trojan-activity;sid:84193088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329989)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-20-at-09.13.56.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329989/; classtype:trojan-activity;sid:84193089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329990)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329990/; classtype:trojan-activity;sid:84193090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329979)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/787631-mlu41229727044_032020-o.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329979/; classtype:trojan-activity;sid:84193079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329980)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-nft-guide-20244.1.6.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329980/; classtype:trojan-activity;sid:84193080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329981)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_0d0ace6867a506938d2eed4d62ebc187.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329981/; classtype:trojan-activity;sid:84193081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329982)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57201_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329982/; classtype:trojan-activity;sid:84193082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329978)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01893-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329978/; classtype:trojan-activity;sid:84193078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329974)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.-reglamento-interno-escolar-instituto-san-sebastian-de-yumbel-basica-y-media-2020.pdf.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329974/; classtype:trojan-activity;sid:84193074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329975)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2021-05-memoria-economica-y-balance-ejercio-2019-2020..pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329975/; classtype:trojan-activity;sid:84193075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329976)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55979_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329976/; classtype:trojan-activity;sid:84193076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329977)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6223-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329977/; classtype:trojan-activity;sid:84193077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329972)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hey-dude-shoes-at-home-picture-grey-adult-2-072522-1658767569-1658767569.jpg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329972/; classtype:trojan-activity;sid:84193072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329973)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0006.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329973/; classtype:trojan-activity;sid:84193073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329960)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wc-simbolos-cinza-6175.png.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329960/; classtype:trojan-activity;sid:84193060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329961)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ipt10.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329961/; classtype:trojan-activity;sid:84193061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329962)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312889658722.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329962/; classtype:trojan-activity;sid:84193062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329963)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/emrullah-akcakaya.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329963/; classtype:trojan-activity;sid:84193063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329964)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22gb-bow.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329964/; classtype:trojan-activity;sid:84193064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329965)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/escolamunicipaltirambarc_fulleto.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329965/; classtype:trojan-activity;sid:84193065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329966)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/installercheckin-scaled-1.png.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329966/; classtype:trojan-activity;sid:84193066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329967)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20476134_1489158174483807_7769116351422974387_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329967/; classtype:trojan-activity;sid:84193067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329968)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aspen-corner-desis.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329968/; classtype:trojan-activity;sid:84193068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329969)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/240532398_2914454882012154_7467131706489016686_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329969/; classtype:trojan-activity;sid:84193069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_mini_lindy_gris_meyer_g_1664949578_34803879_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329970/; classtype:trojan-activity;sid:84193070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329971)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_20.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329971/; classtype:trojan-activity;sid:84193071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329954)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/precision-06.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329954/; classtype:trojan-activity;sid:84193054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329955)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200309_124305.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329955/; classtype:trojan-activity;sid:84193055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329956)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_16.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329956/; classtype:trojan-activity;sid:84193056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329957)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-2018-terminal-de-transporte-s_2.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329957/; classtype:trojan-activity;sid:84193057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329958)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rf202512-campionat-despanya-absolut.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329958/; classtype:trojan-activity;sid:84193058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329959)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0662.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329959/; classtype:trojan-activity;sid:84193059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329952)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/transparenta-septembrie24.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329952/; classtype:trojan-activity;sid:84193052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329953)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resumen-congreso-ok.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329953/; classtype:trojan-activity;sid:84193053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329943)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20171025_155118-m25252525252525252525252525252525c325252525252525252525252525252525a1solata.jpg.lnk"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329943/; classtype:trojan-activity;sid:84193043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329944)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17303116247e08fec3568a5855315c59c0712597b4.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329944/; classtype:trojan-activity;sid:84193044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-80.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329945/; classtype:trojan-activity;sid:84193045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329946)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59772_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329946/; classtype:trojan-activity;sid:84193046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329947)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/slider-2.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329947/; classtype:trojan-activity;sid:84193047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329948)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-485-gallery-4.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329948/; classtype:trojan-activity;sid:84193048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329949)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/200-tvd_p3_secretaria-gral.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329949/; classtype:trojan-activity;sid:84193049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329950)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55769_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329950/; classtype:trojan-activity;sid:84193050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329951)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cavalo_gas1_foto.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329951/; classtype:trojan-activity;sid:84193051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329939)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-6.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329939/; classtype:trojan-activity;sid:84193039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329941)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-legal-contract-20244.1.7.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329941/; classtype:trojan-activity;sid:84193041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329942)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-anl-2019.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329942/; classtype:trojan-activity;sid:84193042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329936)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/live-04.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329936/; classtype:trojan-activity;sid:84193036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329937)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-062.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329937/; classtype:trojan-activity;sid:84193037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329938)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/villagebaker_2024_thanksgiving_menu.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329938/; classtype:trojan-activity;sid:84193038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329935)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6708.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329935/; classtype:trojan-activity;sid:84193035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329930)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1_ws2-apple-watch-tray-sensors-zw1051-52-install-guide-english.pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329930/; classtype:trojan-activity;sid:84193030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329931)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cocinas-institucionales.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329931/; classtype:trojan-activity;sid:84193031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329932)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-wonderspace-3.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329932/; classtype:trojan-activity;sid:84193032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329933)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mask-group-5.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329933/; classtype:trojan-activity;sid:84193033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329934)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/age20241023013-e1732205180201-biqrue.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329934/; classtype:trojan-activity;sid:84193034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329922)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/captain-cook-header17.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329922/; classtype:trojan-activity;sid:84193022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329923)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/daylux-premix-cp2-25ap-sertifikalar.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329923/; classtype:trojan-activity;sid:84193023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329924)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-2-carta-de-compromiso-del-participante.docx.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329924/; classtype:trojan-activity;sid:84193024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329925)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thongbaochotdanhsachcodong.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329925/; classtype:trojan-activity;sid:84193025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329926)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/your-name-3.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329926/; classtype:trojan-activity;sid:84193026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329927)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/soma-banner.jpeg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329927/; classtype:trojan-activity;sid:84193027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329928)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-roadmap-20243.6.6.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329928/; classtype:trojan-activity;sid:84193028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329929)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/file_2020716413821_1.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329929/; classtype:trojan-activity;sid:84193029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329916)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/la-ciencia-te-busca-n45.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329916/; classtype:trojan-activity;sid:84193016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329917)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vanilla-beans-back.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329917/; classtype:trojan-activity;sid:84193017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329919)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329919/; classtype:trojan-activity;sid:84193019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329920)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/les-necessaires-d-hermes-groom-valet--931088m25252001-worn-4-0-0-320-320_g.jpg.lnk"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329920/; classtype:trojan-activity;sid:84193020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329921)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47479_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329921/; classtype:trojan-activity;sid:84193021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329912)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iii-tfo-reino-de-aragon-sala1.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329912/; classtype:trojan-activity;sid:84193012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329913)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/australia-23.01.20.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329913/; classtype:trojan-activity;sid:84193013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329914)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20241201_202920_canva-799x1030.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329914/; classtype:trojan-activity;sid:84193014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329915)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvalume.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329915/; classtype:trojan-activity;sid:84193015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329908)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eliminatories-cadets-homes.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329908/; classtype:trojan-activity;sid:84193008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329909)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-pizza-food-clipart-7503664-192x192.png.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329909/; classtype:trojan-activity;sid:84193009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329910)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-constance-mini-shoulder-bag-in-vert-emeraude-porosus-crocodile.jpg.lnk"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329910/; classtype:trojan-activity;sid:84193010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329911)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/auditoria-de-regularidad-pad2021.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329911/; classtype:trojan-activity;sid:84193011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329903)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aakanksha-x-vivek-1-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329903/; classtype:trojan-activity;sid:84193003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329904)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/declaratie-completare-ra.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329904/; classtype:trojan-activity;sid:84193004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329905)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/in_title_new_010122_lo-1-scaled.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329905/; classtype:trojan-activity;sid:84193005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329906)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/can-a-70-year-old-man-take-viagra.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329906/; classtype:trojan-activity;sid:84193006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329907)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide_energie_2023.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329907/; classtype:trojan-activity;sid:84193007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329899)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-junio-2020.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329899/; classtype:trojan-activity;sid:84192999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329900)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12_chicken-noodle-salad-3_4_retouch.png.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329900/; classtype:trojan-activity;sid:84193000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329901)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ric.pdf.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329901/; classtype:trojan-activity;sid:84193001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329902)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/04-cuentas-anuales-2021-2022-para-firmar.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329902/; classtype:trojan-activity;sid:84193002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329897)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/revolution-1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329897/; classtype:trojan-activity;sid:84192997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329898)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-2-perfil-de-requisitos-2.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329898/; classtype:trojan-activity;sid:84192998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329894)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6354.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329894/; classtype:trojan-activity;sid:84192994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329895)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pessoa-jogando-no-celular-zq708s.jpeg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329895/; classtype:trojan-activity;sid:84192995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329896)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/enzo-evaporators.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329896/; classtype:trojan-activity;sid:84192996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329889)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro2004.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329889/; classtype:trojan-activity;sid:84192989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55769_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329890/; classtype:trojan-activity;sid:84192990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329891)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55979_11.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329891/; classtype:trojan-activity;sid:84192991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329892)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viena3.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329892/; classtype:trojan-activity;sid:84192992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329893)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-smart-contract-tutorial-20242.8.4.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329893/; classtype:trojan-activity;sid:84192993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329883)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55545_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329883/; classtype:trojan-activity;sid:84192983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329884)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7e851056-5838-4b45-97ae-424d0553b06b-1200x750-2.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329884/; classtype:trojan-activity;sid:84192984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329885)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/173150482088dc12c1d74f05add6027f12f058adac.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329885/; classtype:trojan-activity;sid:84192985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329887)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329887/; classtype:trojan-activity;sid:84192987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329888)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-66.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329888/; classtype:trojan-activity;sid:84192988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329873)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15-1024x576.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329873/; classtype:trojan-activity;sid:84192973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329874)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/parasut_1_11zon.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329874/; classtype:trojan-activity;sid:84192974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329875)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/personalizzazione2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252520strutture.pdf.lnk"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329875/; classtype:trojan-activity;sid:84192975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329876)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7_1_11zon.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329876/; classtype:trojan-activity;sid:84192976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329877)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/28-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329877/; classtype:trojan-activity;sid:84192977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329878)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-tol-pasteur-km-4-800-baros.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329878/; classtype:trojan-activity;sid:84192978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329879)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-17.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329879/; classtype:trojan-activity;sid:84192979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329880)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos_defi_protocol_documentation_20241.7.7.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329880/; classtype:trojan-activity;sid:84192980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329881)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/res-439.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329881/; classtype:trojan-activity;sid:84192981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329868)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-3-1200x800.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329868/; classtype:trojan-activity;sid:84192968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329870)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afisare-anunt-selectie-consilier-de-etica-la-nivelul-orasului-targu-frumos.pdf.lnk"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329870/; classtype:trojan-activity;sid:84192970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329871)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-13.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329871/; classtype:trojan-activity;sid:84192971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329872)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seven-horse-frame-a4.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329872/; classtype:trojan-activity;sid:84192972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329862)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/book-campeonato-de-espa25252525252525252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525252525252525b1a-de-sala-cadete-y-menor-de-14-2018.pdf.lnk"; http_uri; depth:205; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329862/; classtype:trojan-activity;sid:84192962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329863)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7753-4500-x-3000-2250-x-1500.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329863/; classtype:trojan-activity;sid:84192963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329864)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc-mention-20-mar-17.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329864/; classtype:trojan-activity;sid:84192964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329865)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tu-ao-canh-kinh-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329865/; classtype:trojan-activity;sid:84192965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329866)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/choco-crock-da-45-grammi.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329866/; classtype:trojan-activity;sid:84192966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329867)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-99-scaled.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329867/; classtype:trojan-activity;sid:84192967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329859)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunglasses-kaleos-grudet-4-squared-blue-by-kambio-eyewear-side-1.jpg.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329859/; classtype:trojan-activity;sid:84192959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329860)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/33029_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329860/; classtype:trojan-activity;sid:84192960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329861)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viaggio_antarctica-patagonia-argentina-classica_02.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329861/; classtype:trojan-activity;sid:84192961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329856)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0009.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329856/; classtype:trojan-activity;sid:84192956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329857)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20221006_085207.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329857/; classtype:trojan-activity;sid:84192957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329858)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/npwp-elektronik-crs-2021.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329858/; classtype:trojan-activity;sid:84192958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329854)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estados-financieros.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329854/; classtype:trojan-activity;sid:84192954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329855)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-taller-de-indagaci2525252525252525252525252525252525252525c32525252525252525252525252525252525252525b3n-en-cs.-sociales-2019-1.pdf.lnk"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329855/; classtype:trojan-activity;sid:84192955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329852)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-2.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329852/; classtype:trojan-activity;sid:84192952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329853)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6666.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329853/; classtype:trojan-activity;sid:84192953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329849)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2020-sept-sh-manoranjan-kumar.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329849/; classtype:trojan-activity;sid:84192949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329851)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clover-mini-3-6.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329851/; classtype:trojan-activity;sid:84192951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329843)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59806_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329843/; classtype:trojan-activity;sid:84192943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329844)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-6.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329844/; classtype:trojan-activity;sid:84192944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329845)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-17.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329845/; classtype:trojan-activity;sid:84192945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329846)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/algorand-legal-contract-2024-5.9.0.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329846/; classtype:trojan-activity;sid:84192946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329847)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p-y-p-perifoneo-1.mp4.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329847/; classtype:trojan-activity;sid:84192947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-charlas-curiosasmentes.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329848/; classtype:trojan-activity;sid:84192948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329836)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/667.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329836/; classtype:trojan-activity;sid:84192936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329837)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/budget-hotel-batam-lovina-inn-batam-centre-family-room.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329837/; classtype:trojan-activity;sid:84192937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329838)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/size-chart-jersey.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329838/; classtype:trojan-activity;sid:84192938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329839)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alejandra.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329839/; classtype:trojan-activity;sid:84192939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329840)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/website-notice-for-pg-part-2-admission-2023-24.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329840/; classtype:trojan-activity;sid:84192940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329841)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-30-4000has-sector-entre-guerrero-y-santa-monica-4000has-7.jpeg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329841/; classtype:trojan-activity;sid:84192941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329842)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329842/; classtype:trojan-activity;sid:84192942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329831)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/catalog-2023.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329831/; classtype:trojan-activity;sid:84192931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329832)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312290630883.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329832/; classtype:trojan-activity;sid:84192932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329833)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/line_album_1-bed-plus-bp1-34-sq.m_230119_10.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329833/; classtype:trojan-activity;sid:84192933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329834)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60121_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329834/; classtype:trojan-activity;sid:84192934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329835)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-clasificacion-de-la-vida-estudiante.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329835/; classtype:trojan-activity;sid:84192935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329822)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_18.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329822/; classtype:trojan-activity;sid:84192922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329823)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iie_presentacion.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329823/; classtype:trojan-activity;sid:84192923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329824)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329824/; classtype:trojan-activity;sid:84192924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329825)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexos-invitacion-privada-suministro-de-stickers.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329825/; classtype:trojan-activity;sid:84192925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329826)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329826/; classtype:trojan-activity;sid:84192926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329827)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image00012.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329827/; classtype:trojan-activity;sid:84192927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329828)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/27-07-20_video-conferencing-with-paired-institution.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329828/; classtype:trojan-activity;sid:84192928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329829)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-216-aprueba-la-modificacion-del-reglamento-de-organizacion-y-funciones-rof-de-la-municipalidad-distrital-de-cayma.pdf.lnk"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329829/; classtype:trojan-activity;sid:84192929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329830)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-pipe-piloto-biobio-2020-.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329830/; classtype:trojan-activity;sid:84192930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329819)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informacion-alergenos-manjares_01-1030x728.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329819/; classtype:trojan-activity;sid:84192919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/queen-mary-university-trip-img-15-725x544-1.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329820/; classtype:trojan-activity;sid:84192920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329821)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/porland-1-e1732190803941.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329821/; classtype:trojan-activity;sid:84192921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329814)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-wallet-setup-guide-20241.2.4.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329814/; classtype:trojan-activity;sid:84192914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329816)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/our-tannery-production-setup-1.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329816/; classtype:trojan-activity;sid:84192916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329817)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-115-scaled.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329817/; classtype:trojan-activity;sid:84192917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paginaweb-nota5-200324-oald.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329818/; classtype:trojan-activity;sid:84192918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329812)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55979_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329812/; classtype:trojan-activity;sid:84192912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329813)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5149-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329813/; classtype:trojan-activity;sid:84192913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329810)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eur-lex-31994r1488-en.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329810/; classtype:trojan-activity;sid:84192910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329811)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes252520the252520birkin1689578393685.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329811/; classtype:trojan-activity;sid:84192911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329805)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plano25252525252525252525252525252520ciencia25252525252525252525252525252520al25252525252525252525252525252520parque.jpg.lnk"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329805/; classtype:trojan-activity;sid:84192905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329807)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kuppel-gewaechshaeus-3.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329807/; classtype:trojan-activity;sid:84192907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329809)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchquerycartaspa.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:234; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329809/; classtype:trojan-activity;sid:84192909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329804)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-15.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329804/; classtype:trojan-activity;sid:84192904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329791)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-30-at-14.55.13-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329791/; classtype:trojan-activity;sid:84192891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mw_4501-birch-st-newport-beach-lb8_wl.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329792/; classtype:trojan-activity;sid:84192892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329793)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mailto252525252525252525253acv2525252525252525252540aliphdeen.com.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329793/; classtype:trojan-activity;sid:84192893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329794)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/203-club-nautica-67.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329794/; classtype:trojan-activity;sid:84192894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329795)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phan-mem-trinh-chieu-co-doc-v4-1-5.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329795/; classtype:trojan-activity;sid:84192895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329796)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57658_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329796/; classtype:trojan-activity;sid:84192896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329797)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anytile.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329797/; classtype:trojan-activity;sid:84192897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329798)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jbilzy3e-91.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329798/; classtype:trojan-activity;sid:84192898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329799)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/addmisson-form2023-24.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329799/; classtype:trojan-activity;sid:84192899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329801)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-1756-2a-tirada-lliga-catalana-bosc-3d.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329801/; classtype:trojan-activity;sid:84192901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329802)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/teget-haljina-013.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329802/; classtype:trojan-activity;sid:84192902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329803)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d-e-c-l-a-r-a-t-i-e-scoatere-din-evidenta-auto-1.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329803/; classtype:trojan-activity;sid:84192903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59980_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329782/; classtype:trojan-activity;sid:84192882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-favicon-32x32.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329783/; classtype:trojan-activity;sid:84192883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/436799520_342763738803799_8448059063562391166_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329784/; classtype:trojan-activity;sid:84192884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mw-floor-plan-ste-3.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329785/; classtype:trojan-activity;sid:84192885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01608-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329786/; classtype:trojan-activity;sid:84192886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cmcp5300-series.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329787/; classtype:trojan-activity;sid:84192887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1663.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329788/; classtype:trojan-activity;sid:84192888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329789)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-04-at-14.36.58.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329789/; classtype:trojan-activity;sid:84192889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329790)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-trading-strategy-2024-5-8-3.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329790/; classtype:trojan-activity;sid:84192890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/annual-report-2024-for-bhutan-foundation-1.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329779/; classtype:trojan-activity;sid:84192879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_kelly_dog_bracelet_1701943350_dde1c8d3_progressive.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329780/; classtype:trojan-activity;sid:84192880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tronwhitepaper.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329781/; classtype:trojan-activity;sid:84192881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/penalty_policy_2019-20-converted.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329777/; classtype:trojan-activity;sid:84192877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6961-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329778/; classtype:trojan-activity;sid:84192878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_26.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329772/; classtype:trojan-activity;sid:84192872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329773)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/caprizza_valencia_qr_0524_es_.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329773/; classtype:trojan-activity;sid:84192873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0132-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329774/; classtype:trojan-activity;sid:84192874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpk-jansen-rossignol-rsgl-tercera-capa-mujer-negro-7.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329775/; classtype:trojan-activity;sid:84192875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/male-size-chart-4.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329776/; classtype:trojan-activity;sid:84192876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190927_130748-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329767/; classtype:trojan-activity;sid:84192867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329768)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-extra-1.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329768/; classtype:trojan-activity;sid:84192868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-61-1.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329769/; classtype:trojan-activity;sid:84192869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp9549.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329770/; classtype:trojan-activity;sid:84192870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-fap-sheer-burkolattal-1.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329771/; classtype:trojan-activity;sid:84192871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comingtotown.xls.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329764/; classtype:trojan-activity;sid:84192864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170127850555b147e7e20ce7646c6d09c641b675ed.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329765/; classtype:trojan-activity;sid:84192865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit2525252525252525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525252525252525a0-b-12.pdf.lnk"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329766/; classtype:trojan-activity;sid:84192866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/club-deportivo-malaga-1903-2.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329757/; classtype:trojan-activity;sid:84192857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-10-18-at-10.15.01.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329758/; classtype:trojan-activity;sid:84192858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-30-4000has-sector-entre-guerrero-y-santa-monica-4000has-1.jpeg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329759/; classtype:trojan-activity;sid:84192859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dijelovi-jajeta-anatomija-jajeta.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329760/; classtype:trojan-activity;sid:84192860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/closeup-shot-of-birkin-ostrich-in-terre-cuite-laying-on-a-sofa_1024x1024.jpg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329761/; classtype:trojan-activity;sid:84192861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2019-09-09-at-4.01.03-pm.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329762/; classtype:trojan-activity;sid:84192862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ecografo-portatil-a-color-chison-eco5.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329763/; classtype:trojan-activity;sid:84192863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-522.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329743/; classtype:trojan-activity;sid:84192843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/slider4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329744/; classtype:trojan-activity;sid:84192844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/menu-novembreinglese-2024.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329745/; classtype:trojan-activity;sid:84192845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo2.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329746/; classtype:trojan-activity;sid:84192846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-8.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329747/; classtype:trojan-activity;sid:84192847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-blockchain-architecture-diagram-2024-2.7.9.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329748/; classtype:trojan-activity;sid:84192848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nakama_gold_3.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329749/; classtype:trojan-activity;sid:84192849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329750)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mathematics.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329750/; classtype:trojan-activity;sid:84192850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dfd1ea5e-57a7-44da-ac9d-30f685d797cb_2556cc60.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329751/; classtype:trojan-activity;sid:84192851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rttc-save-water-4.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329752/; classtype:trojan-activity;sid:84192852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-develo.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329753/; classtype:trojan-activity;sid:84192853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59906_14.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329754/; classtype:trojan-activity;sid:84192854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329755)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-67.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329755/; classtype:trojan-activity;sid:84192855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329756)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-sat-b300w.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329756/; classtype:trojan-activity;sid:84192856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/our-tannery-production-setup-13.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329736/; classtype:trojan-activity;sid:84192836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56295_11.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329737/; classtype:trojan-activity;sid:84192837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329739)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen640x640.jpeg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329739/; classtype:trojan-activity;sid:84192839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329740)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/29566f6f-259c-a037-8054-7313042ab062.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329740/; classtype:trojan-activity;sid:84192840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329741)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-campamentos-2023-rmsp.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329741/; classtype:trojan-activity;sid:84192841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/silky-pocket-cosmetic-case--082961ckaa-above-wm-4-0-0-800-800_g.jpg.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329742/; classtype:trojan-activity;sid:84192842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-2024-06-17-100049.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329734/; classtype:trojan-activity;sid:84192834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kandy-02-45.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329733/; classtype:trojan-activity;sid:84192833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59814_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329728/; classtype:trojan-activity;sid:84192828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paseo-playa.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329729/; classtype:trojan-activity;sid:84192829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-fetyc-2015-gam-explora-rm.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329730/; classtype:trojan-activity;sid:84192830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/muk-scaled.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329727/; classtype:trojan-activity;sid:84192827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1st-diamant-cup_-all-india-open-fide-rating-chess_-tournament-2024.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329722/; classtype:trojan-activity;sid:84192822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329723)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aerea-2-6.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329723/; classtype:trojan-activity;sid:84192823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1692.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329724/; classtype:trojan-activity;sid:84192824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-02-02-at-12.35.39-pm-3.jpeg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329725/; classtype:trojan-activity;sid:84192825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57199_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329718/; classtype:trojan-activity;sid:84192818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3847-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329719/; classtype:trojan-activity;sid:84192819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ouzim-bioengine-3-facial-fingerprint-access-control-terminal-datasheet.pdf.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329720/; classtype:trojan-activity;sid:84192820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20150123_180428-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329721/; classtype:trojan-activity;sid:84192821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329711)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/human-slaughterhouse_mass-hangings-and-extermination-at-saydnaya-prison_syria.pdf.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329711/; classtype:trojan-activity;sid:84192811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329712)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysuami.masjidnurulashri.comcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329712/; classtype:trojan-activity;sid:84192812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329713)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-kemeja-konveksi-wearpack.jpg.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329713/; classtype:trojan-activity;sid:84192813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dental-instruments.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329714/; classtype:trojan-activity;sid:84192814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mailto2525252525252525253acv25252525252525252540aliphdeen.com.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329715/; classtype:trojan-activity;sid:84192815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329717)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento_xtorneodedebatesenciencia_2019.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329717/; classtype:trojan-activity;sid:84192817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329698)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56574-114993-heremes-band-and-box-xl.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329698/; classtype:trojan-activity;sid:84192798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329699)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anunt-rezultate-interviu-promovare-in-gradul-profesional-imedicat-superior-functionar-public-de-executie-din-cadrul-compartimentului-evidenta-persoanelor-copie.pdf.lnk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329699/; classtype:trojan-activity;sid:84192799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329700)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hisense-65-inch-tv-uled-pro.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329700/; classtype:trojan-activity;sid:84192800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329701)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jjootanda1y2.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329701/; classtype:trojan-activity;sid:84192801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329702)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/118776249_10158018957073743_7342035667684607994_o.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329702/; classtype:trojan-activity;sid:84192802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329703)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-58-radicado-4733812024-nombre-peticionario-anonimo.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329703/; classtype:trojan-activity;sid:84192803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329704)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/67573709_1152694531581987_5596529106096226304_o.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329704/; classtype:trojan-activity;sid:84192804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329705)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1988d77d-6401-46d8-9f97-8eed119762f4.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329705/; classtype:trojan-activity;sid:84192805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329706)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-40-radicado-2977692024-nombre-peticionario-libertad-carvajal-ballona.pdf.lnk"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329706/; classtype:trojan-activity;sid:84192806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/events-for-edm-3.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329707/; classtype:trojan-activity;sid:84192807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329708)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/635_a.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329708/; classtype:trojan-activity;sid:84192808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329684)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-337-2022-designar-en-el-cargo-de-confianza-de-jefe-de-la-oficina-de-procuraduria-municipal.pdf.lnk"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329684/; classtype:trojan-activity;sid:84192784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329685)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329685/; classtype:trojan-activity;sid:84192785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329686)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-1-categorias.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329686/; classtype:trojan-activity;sid:84192786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329687)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58928_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329687/; classtype:trojan-activity;sid:84192787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329688)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thai-delmonte-pineapplechunk-350ml.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329688/; classtype:trojan-activity;sid:84192788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329689)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-s.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329689/; classtype:trojan-activity;sid:84192789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329691)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/printable-mario-kart-coloring-pages.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329691/; classtype:trojan-activity;sid:84192791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329692)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fue-licencia-de-obra.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329692/; classtype:trojan-activity;sid:84192792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandeep-x-ankita-1-1.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329693/; classtype:trojan-activity;sid:84192793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329694)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-final-arcogpbenalmadena22.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329694/; classtype:trojan-activity;sid:84192794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329695)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329695/; classtype:trojan-activity;sid:84192795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329696)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/middle-sections-much-anticipated-annual-event-noir-et-blanc-1.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329696/; classtype:trojan-activity;sid:84192796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329697)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/betapack.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329697/; classtype:trojan-activity;sid:84192797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-31.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329651/; classtype:trojan-activity;sid:84192751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-sat-1-arm-1-1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329652/; classtype:trojan-activity;sid:84192752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roller_64_butt_inside_corner_staggered.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329653/; classtype:trojan-activity;sid:84192753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/43.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329654/; classtype:trojan-activity;sid:84192754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kimberly-before.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329655/; classtype:trojan-activity;sid:84192755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20241116-wa0107.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329656/; classtype:trojan-activity;sid:84192756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-5.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329657/; classtype:trojan-activity;sid:84192757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa-06-pousada-piedade-mata-atlantica-ronco-do-bugio.png.png.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329658/; classtype:trojan-activity;sid:84192758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-kelly-bracelet-small-model_1.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329659/; classtype:trojan-activity;sid:84192759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/folleto_evolucion_ieb_6sentidos.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329660/; classtype:trojan-activity;sid:84192760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329661)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandpiper-2017-dock-35-1.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329661/; classtype:trojan-activity;sid:84192761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ink-revitalizer-web.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329662/; classtype:trojan-activity;sid:84192762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-da-inserire-sul-sito-11.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329663/; classtype:trojan-activity;sid:84192763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8978-chateau-d-azay-le-rideau.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329664/; classtype:trojan-activity;sid:84192764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57658_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329665/; classtype:trojan-activity;sid:84192765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329666)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52067_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329666/; classtype:trojan-activity;sid:84192766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329667)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-min-1024x668.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329667/; classtype:trojan-activity;sid:84192767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329668)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7.jpeg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329668/; classtype:trojan-activity;sid:84192768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329669)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/peacock.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329669/; classtype:trojan-activity;sid:84192769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329670)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-16.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329670/; classtype:trojan-activity;sid:84192770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329671)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ckkurumsal05b.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329671/; classtype:trojan-activity;sid:84192771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329672)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jon-vinluan-107-edit-1000.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329672/; classtype:trojan-activity;sid:84192772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329673)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_14.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329673/; classtype:trojan-activity;sid:84192773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329674)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/karta-zgloszenia-dziecka-na-wczesne-wspomaganie-rozwoju-dziecka-w-przedszkolu-terapeutycznym-parasolki.pdf.lnk"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329674/; classtype:trojan-activity;sid:84192774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinai-pearl-beige-1.jpeg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329675/; classtype:trojan-activity;sid:84192775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329676)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deep-em-1-scaled.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329676/; classtype:trojan-activity;sid:84192776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329677)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informaci2525252525252525252525252525252525c3252525252525252525252525252525252593n-proceso-de-admisi2525252525252525252525252525252525c3252525252525252525252525252525252593n-cupo-explora-unesco-2025-1.pdf.lnk"; http_uri; depth:219; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329677/; classtype:trojan-activity;sid:84192777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329678)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arara-e-tucano-1-qfhubx.png.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329678/; classtype:trojan-activity;sid:84192778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329679)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vt-13-24-presentacion-bugambilia-col-jardin-nava.-miguel-cavazos-1500000.jpg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329679/; classtype:trojan-activity;sid:84192779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329680)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs2024_attendee_form_0806_input.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329680/; classtype:trojan-activity;sid:84192780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329681)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_12b_bar.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329681/; classtype:trojan-activity;sid:84192781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329682)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diagnostic-lab-case-gallery-5.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329682/; classtype:trojan-activity;sid:84192782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329683)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/projectshipment-adhiheavymachinery3.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329683/; classtype:trojan-activity;sid:84192783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hang1.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329615/; classtype:trojan-activity;sid:84192715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329616)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/penguatan-ikm-ppt-supama.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329616/; classtype:trojan-activity;sid:84192716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambios-en-el-patrimonio-2014.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329617/; classtype:trojan-activity;sid:84192717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/295096_0.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329618/; classtype:trojan-activity;sid:84192718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.ed-salary-acquitance-nov.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329619/; classtype:trojan-activity;sid:84192719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/templates-marketing-digital-para-corretores-de-seguros.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329620/; classtype:trojan-activity;sid:84192720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/convocatoria-charlas-curiosasmentes-2024.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329621/; classtype:trojan-activity;sid:84192721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/813500ffc7ea08592b73a2cee07272d6.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329622/; classtype:trojan-activity;sid:84192722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/loi-2017-020-codelec.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329623/; classtype:trojan-activity;sid:84192723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329624/; classtype:trojan-activity;sid:84192724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0069.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329625/; classtype:trojan-activity;sid:84192725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jos2525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525a9-antonio-keme-e-rafael-bassob.jpg.lnk"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329626/; classtype:trojan-activity;sid:84192726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/htb1xctqlfxxxxcexpxxq6xxfxxxw.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329627/; classtype:trojan-activity;sid:84192727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/luminosita252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252580_contrasto-3.jpg.lnk"; http_uri; depth:249; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329628/; classtype:trojan-activity;sid:84192728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01768-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329629/; classtype:trojan-activity;sid:84192729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731679194e0b0bc54b67abc518a9880418fe8074c.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329630/; classtype:trojan-activity;sid:84192730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucao_270_11122018_12122018112523.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329631/; classtype:trojan-activity;sid:84192731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucion_09-_2018_honorarios.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329632/; classtype:trojan-activity;sid:84192732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-amanah.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329633/; classtype:trojan-activity;sid:84192733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5612.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329634/; classtype:trojan-activity;sid:84192734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hotel-reservati.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329635/; classtype:trojan-activity;sid:84192735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4339-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329636/; classtype:trojan-activity;sid:84192736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dosrbljavanje.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329637/; classtype:trojan-activity;sid:84192737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bilanciosociale2021.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329638/; classtype:trojan-activity;sid:84192738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58049_37.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329639/; classtype:trojan-activity;sid:84192739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/detail-event-light-scale.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329640/; classtype:trojan-activity;sid:84192740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roberto-g-217x300-1.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329641/; classtype:trojan-activity;sid:84192741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-l1600_4_03b0473b-41c9-4260-ad15-03b22ee75319__40057.1629300074.jpg.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329642/; classtype:trojan-activity;sid:84192742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/designer-1-1.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329643/; classtype:trojan-activity;sid:84192743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-1328435320.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329644/; classtype:trojan-activity;sid:84192744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpk-louis-rossignol-rsgl-tercera-capa-hombre-parka-azul-8.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329645/; classtype:trojan-activity;sid:84192745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cwreport2017-18.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329646/; classtype:trojan-activity;sid:84192746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47479_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329647/; classtype:trojan-activity;sid:84192747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/005-cuentas-anuales-2022-2023-para-firmar.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329648/; classtype:trojan-activity;sid:84192748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20211118_150659_com.facebook.katana.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329649/; classtype:trojan-activity;sid:84192749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscina-22-elite.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329650/; classtype:trojan-activity;sid:84192750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-da-inserire-sul-sito-1.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329578/; classtype:trojan-activity;sid:84192678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-herramientas-ficha-tecnica-tijera-naranja-tipo-yunque-ag-5050.pdf.lnk"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329579/; classtype:trojan-activity;sid:84192679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-7.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329580/; classtype:trojan-activity;sid:84192680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-developm.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329581/; classtype:trojan-activity;sid:84192681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deporte1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329582/; classtype:trojan-activity;sid:84192682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/soos-si-mansardarea-ilegala.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329583/; classtype:trojan-activity;sid:84192683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquery254-zebar-school-for-children-thaltej-pro-order-abad-rural.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:215; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329584/; classtype:trojan-activity;sid:84192684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery-img-5.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329585/; classtype:trojan-activity;sid:84192685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51357_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329586/; classtype:trojan-activity;sid:84192686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msk3502301_1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329587/; classtype:trojan-activity;sid:84192687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ed_pb_bandeira-do-brasil-gigante-na-fachada-do-palacio-da-alvorada-5-copiar-jqhq82.jpeg.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329588/; classtype:trojan-activity;sid:84192688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rttc-save-water-7.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329589/; classtype:trojan-activity;sid:84192689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-050.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329590/; classtype:trojan-activity;sid:84192690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kpsh-amu-2024-3.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329591/; classtype:trojan-activity;sid:84192691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-9-rancho-el-pozo-zaragoza-coahuila-5.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329592/; classtype:trojan-activity;sid:84192692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/muad-planlama-katalog-2016-3.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329593/; classtype:trojan-activity;sid:84192693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-ecosystem-report-2024-1-7-7.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329594/; classtype:trojan-activity;sid:84192694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-2015.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329595/; classtype:trojan-activity;sid:84192695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/omega75-ftec-90cps.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329596/; classtype:trojan-activity;sid:84192696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59463_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329597/; classtype:trojan-activity;sid:84192697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paginaweb-nota2-15-12-2022-oald.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329598/; classtype:trojan-activity;sid:84192698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/balance-general-2014.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329599/; classtype:trojan-activity;sid:84192699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/83286ce1-f51c-bd36-8a28-78c9e3962187.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329600/; classtype:trojan-activity;sid:84192700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zvap-fier-2024-1.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329601/; classtype:trojan-activity;sid:84192701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-d.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329602/; classtype:trojan-activity;sid:84192702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rapporto-sull-ecosistema-di-ethereum-2024-3-6-2.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329603/; classtype:trojan-activity;sid:84192703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/758374357.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329604/; classtype:trojan-activity;sid:84192704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/301-tvd_p3_depto-recursos-humanos.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329605/; classtype:trojan-activity;sid:84192705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gts-rg01-codigo-de-integridad-v7.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329606/; classtype:trojan-activity;sid:84192706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/246018836_2103679503114689_7465471962840009396_n-1.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329607/; classtype:trojan-activity;sid:84192707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ke2019.6-5.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329608/; classtype:trojan-activity;sid:84192708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_concurso_dibujo_diaastronomia_2021.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329609/; classtype:trojan-activity;sid:84192709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60130_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329610/; classtype:trojan-activity;sid:84192710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stairway-ministries-february-2017.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329611/; classtype:trojan-activity;sid:84192711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tas-hermes-shandy-aulia.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329612/; classtype:trojan-activity;sid:84192712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento-interno-2023-1.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329614/; classtype:trojan-activity;sid:84192714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento-interno-2022.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329569/; classtype:trojan-activity;sid:84192669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20241023_144246.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329570/; classtype:trojan-activity;sid:84192670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitch-inferno-gorra-1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329571/; classtype:trojan-activity;sid:84192671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-wallet-setup-guide-2024-5.9.3.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329573/; classtype:trojan-activity;sid:84192673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10-3.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329574/; classtype:trojan-activity;sid:84192674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329575/; classtype:trojan-activity;sid:84192675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nowa_droga_01.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329576/; classtype:trojan-activity;sid:84192676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/botany.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329577/; classtype:trojan-activity;sid:84192677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/designer_exposed_bracket_roller_shade_drawing.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329539/; classtype:trojan-activity;sid:84192639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anuario-2020_web.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329540/; classtype:trojan-activity;sid:84192640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majocchi_codice_etico-pdf-1.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329541/; classtype:trojan-activity;sid:84192641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1703.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329542/; classtype:trojan-activity;sid:84192642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/projectshipment-general8.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329543/; classtype:trojan-activity;sid:84192643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329544)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21321321.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329544/; classtype:trojan-activity;sid:84192644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329545)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59514_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329545/; classtype:trojan-activity;sid:84192645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/relatorio-do-censo-de-2023-31012024.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329546/; classtype:trojan-activity;sid:84192646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-xx-congreso-regional-2024.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329547/; classtype:trojan-activity;sid:84192647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-regulatory-compliance-guide-20243.4.5.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329548/; classtype:trojan-activity;sid:84192648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-outnva-rossignol-rsgl-top-hombre-outdoor-beige-3.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329549/; classtype:trojan-activity;sid:84192649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59216_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329550/; classtype:trojan-activity;sid:84192650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/co2-system-flexible-hose.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329551/; classtype:trojan-activity;sid:84192651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190615_101611.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329552/; classtype:trojan-activity;sid:84192652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nttfc-tors.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329553/; classtype:trojan-activity;sid:84192653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-convocatoria-pichinco_un-viaje-hacia-una-vida-sana_extendido.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329554/; classtype:trojan-activity;sid:84192654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/visa-usa-interchange-reimbursement-fees.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329555/; classtype:trojan-activity;sid:84192655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vanitacasa_starlight-2.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329557/; classtype:trojan-activity;sid:84192657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-interviene-los-rios_2018.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329558/; classtype:trojan-activity;sid:84192658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-17-radicado-20240310034412-nombre-peticionario-anonimo.pdf.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329559/; classtype:trojan-activity;sid:84192659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-scaled.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329560/; classtype:trojan-activity;sid:84192660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-19.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329561/; classtype:trojan-activity;sid:84192661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238723693_106309691765524_9166750328500017707_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329562/; classtype:trojan-activity;sid:84192662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59375_30.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329563/; classtype:trojan-activity;sid:84192663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58295_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329564/; classtype:trojan-activity;sid:84192664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_10.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329565/; classtype:trojan-activity;sid:84192665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landscapes-8.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329566/; classtype:trojan-activity;sid:84192666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/48633428908_be3ae16c5a_o-hy0jgo.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329567/; classtype:trojan-activity;sid:84192667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot_audit_report_2024_2.7.4.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329568/; classtype:trojan-activity;sid:84192668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55979_18.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329531/; classtype:trojan-activity;sid:84192631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329532)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8_w2000-merchandising-guide-vietnamese.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329532/; classtype:trojan-activity;sid:84192632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329533)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmd-sba-3-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329533/; classtype:trojan-activity;sid:84192633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-video-2021-04-22-at-13.00.22.mp4.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329534/; classtype:trojan-activity;sid:84192634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/03.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329535/; classtype:trojan-activity;sid:84192635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329536)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-21-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329536/; classtype:trojan-activity;sid:84192636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329537)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fragrance-world-the-haunting-blend-gucci-the-voice-of-the-snake-100ml.jpg.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329537/; classtype:trojan-activity;sid:84192637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329538)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9716.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329538/; classtype:trojan-activity;sid:84192638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diagnostic-lab-certi-1.png.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329510/; classtype:trojan-activity;sid:84192610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6680.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329511/; classtype:trojan-activity;sid:84192611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standard-electric-furnace-fo610.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329512/; classtype:trojan-activity;sid:84192612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-1.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329513/; classtype:trojan-activity;sid:84192613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329514)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/point-11-2_7_11zon.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329514/; classtype:trojan-activity;sid:84192614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-10.jpeg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329515/; classtype:trojan-activity;sid:84192615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie23.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329516/; classtype:trojan-activity;sid:84192616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juz-12.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329517/; classtype:trojan-activity;sid:84192617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1313341156467.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329518/; classtype:trojan-activity;sid:84192618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7749-4500-x-3000-2250-x-1500.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329519/; classtype:trojan-activity;sid:84192619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55876_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329520/; classtype:trojan-activity;sid:84192620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00_nivel1-scaled.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329521/; classtype:trojan-activity;sid:84192621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/yamamoto-nutrition-protesamine25252525252525252525252525252525c225252525252525252525252525252525ae-mcu-2025252525252525252525252525252525c225252525252525252525252525252525ae-100-compresse.jpeg.lnk"; http_uri; depth:207; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329522/; classtype:trojan-activity;sid:84192622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roller_shades_sunscreen2.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329523/; classtype:trojan-activity;sid:84192623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171305_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329524/; classtype:trojan-activity;sid:84192624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329525)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200731_162807.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329525/; classtype:trojan-activity;sid:84192625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20211007194147_248a4385-scaled.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329526/; classtype:trojan-activity;sid:84192626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dri-fit-academy-mens-knit-soccer-track-pants-cgm0mb.png.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329527/; classtype:trojan-activity;sid:84192627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-366-2024-aprueba-el-reglamento-sobre-tenencia-y-registro-de-canes-en-el-distrito-de-cayma.pdf.lnk"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329528/; classtype:trojan-activity;sid:84192628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171442_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329529/; classtype:trojan-activity;sid:84192629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329479)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4094.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329479/; classtype:trojan-activity;sid:84192579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329480)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-wonderspace-1-1.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329480/; classtype:trojan-activity;sid:84192580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329481)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6982-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329481/; classtype:trojan-activity;sid:84192581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329482)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/favi.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329482/; classtype:trojan-activity;sid:84192582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329483)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171285_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329483/; classtype:trojan-activity;sid:84192583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329484)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baby-yoda-coloring-sheet-9.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329484/; classtype:trojan-activity;sid:84192584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329485)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resize-4.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329485/; classtype:trojan-activity;sid:84192585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329486)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chicken-caeser-wrap-angled-02.png.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329486/; classtype:trojan-activity;sid:84192586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329487)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kako-napraviti-eksperiment-provodenja-topline-potrebni-materijali.jpg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329487/; classtype:trojan-activity;sid:84192587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329488)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/distrito-federal-estreia-no-triatlo-nos-jogos-da-juventude-com-aluna-da-rede-publica-foto-capa-j2mnvg.jpeg.lnk"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329488/; classtype:trojan-activity;sid:84192588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mise-a-la-terre-pour-la-securite-electrique.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329489/; classtype:trojan-activity;sid:84192589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329490)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tu-parque-andadores_1.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329490/; classtype:trojan-activity;sid:84192590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329491)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-of-wwe.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329491/; classtype:trojan-activity;sid:84192591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329492)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8_w2000-merchandising-guide.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329492/; classtype:trojan-activity;sid:84192592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329493)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_37.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329493/; classtype:trojan-activity;sid:84192593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329494)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anuario-2023-web.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329494/; classtype:trojan-activity;sid:84192594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329495)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-sat-m332-c-1.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329495/; classtype:trojan-activity;sid:84192595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329496)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/captain-cook-fishing26.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329496/; classtype:trojan-activity;sid:84192596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329497)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/maingate-sohobangkok-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329497/; classtype:trojan-activity;sid:84192597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329498)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329498/; classtype:trojan-activity;sid:84192598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329499)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/431909279_937906498338131_586248807499411744_n-min-837x628.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329499/; classtype:trojan-activity;sid:84192599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329500)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60019_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329500/; classtype:trojan-activity;sid:84192600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329501)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirement.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329501/; classtype:trojan-activity;sid:84192601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329502)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reto-min-1200x788.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329502/; classtype:trojan-activity;sid:84192602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329503)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seminarium_a_krawczak-2.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329503/; classtype:trojan-activity;sid:84192603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329505)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-1440x1080.jpeg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329505/; classtype:trojan-activity;sid:84192605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190615_093203.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329506/; classtype:trojan-activity;sid:84192606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329507)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/backlit-panel-light_-product_brochure.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329507/; classtype:trojan-activity;sid:84192607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238578643_106312351765258_8484932759461389340_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329508/; classtype:trojan-activity;sid:84192608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resoluci25252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525b3n-admisibilidad-par-explora-2025-2026-1.pdf.lnk"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329509/; classtype:trojan-activity;sid:84192609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329464)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ce145.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329464/; classtype:trojan-activity;sid:84192564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329465)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bottom_up_arched_typical.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329465/; classtype:trojan-activity;sid:84192565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329466)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anyfile.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329466/; classtype:trojan-activity;sid:84192566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329467)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/raport-monitorimi-janar-dhjetor-2023.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329467/; classtype:trojan-activity;sid:84192567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329469)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-14-1200x800.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329469/; classtype:trojan-activity;sid:84192569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329470)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/07.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329470/; classtype:trojan-activity;sid:84192570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329471)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pua2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329471/; classtype:trojan-activity;sid:84192571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329472)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12.-zips-4-port-alarm-unit-english.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329472/; classtype:trojan-activity;sid:84192572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329473)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-06-de-2019.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329473/; classtype:trojan-activity;sid:84192573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329474)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1000073283.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329474/; classtype:trojan-activity;sid:84192574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329475)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flow-tshirt-004-640x800.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329475/; classtype:trojan-activity;sid:84192575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329476)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flujo-de-efectivo-diciembre-2019.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329476/; classtype:trojan-activity;sid:84192576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329477)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cecos-summer-newsletter-2023.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329477/; classtype:trojan-activity;sid:84192577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329478)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/service-ac-bekasi2.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329478/; classtype:trojan-activity;sid:84192578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329438)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-1570-4a-tirada-lliga-sala-torrefarrera-23320660.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329438/; classtype:trojan-activity;sid:84192538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329439)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_14.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329439/; classtype:trojan-activity;sid:84192539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329440)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-junio-de-2021.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329440/; classtype:trojan-activity;sid:84192540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_concursopintura_carnavalmorrino2021.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329441/; classtype:trojan-activity;sid:84192541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329442)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/funci25252525252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525252525b3nfiscal-2.png.lnk"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329442/; classtype:trojan-activity;sid:84192542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329443)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-39.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329443/; classtype:trojan-activity;sid:84192543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329444)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msev3328411_7.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329444/; classtype:trojan-activity;sid:84192544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329445)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unknown-1.jpeg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329445/; classtype:trojan-activity;sid:84192545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329446)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preguntas-y-aclaraciones-par-explora-2023-2024-v.2-22-03-2022.docx.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329446/; classtype:trojan-activity;sid:84192546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329447)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/03.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329447/; classtype:trojan-activity;sid:84192547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329448)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0951.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329448/; classtype:trojan-activity;sid:84192548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329449)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-staking-guide-20243.9.7.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329449/; classtype:trojan-activity;sid:84192549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329450)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/712-sf-walnut-plank-min-min-scaled.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329450/; classtype:trojan-activity;sid:84192550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329451)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-6.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329451/; classtype:trojan-activity;sid:84192551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329452)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moes-bread-menu-2.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329452/; classtype:trojan-activity;sid:84192552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329453)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20171020_acta_ordinaria.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329453/; classtype:trojan-activity;sid:84192553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329454)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/992-sf-knotty-walnut-plank-min-min-scaled.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329454/; classtype:trojan-activity;sid:84192554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329455)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the-validation-of-anger.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329455/; classtype:trojan-activity;sid:84192555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329456)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/19.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329456/; classtype:trojan-activity;sid:84192556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329457)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/74d407bb-b19e-48cf-9136-c70df8b78404.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329457/; classtype:trojan-activity;sid:84192557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329458)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_22.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329458/; classtype:trojan-activity;sid:84192558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329459)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_8254fd5bd70fda15f43d89745342ee65.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329459/; classtype:trojan-activity;sid:84192559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329460)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-princess-peach.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329460/; classtype:trojan-activity;sid:84192560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329461)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-3-5-150x150.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329461/; classtype:trojan-activity;sid:84192561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329462)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-23.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329462/; classtype:trojan-activity;sid:84192562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329463)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-security-best-practices-2024-2.5.6.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329463/; classtype:trojan-activity;sid:84192563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329425)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/temario-medicina-interna.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329425/; classtype:trojan-activity;sid:84192525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329426)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/912259768184.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329426/; classtype:trojan-activity;sid:84192526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329427)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide-pratique-financement-des-projets-denergies-renouvelables-a-madagascar-1.pdf.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329427/; classtype:trojan-activity;sid:84192527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2022_02_normas_planificacion_deportiva_2020.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329428/; classtype:trojan-activity;sid:84192528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329429)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mod-condizioni-2024.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329429/; classtype:trojan-activity;sid:84192529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329430)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bci03.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329430/; classtype:trojan-activity;sid:84192530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329432)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/genel-aydinlatma-metni-spor-salonu_sayfa_1.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329432/; classtype:trojan-activity;sid:84192532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329433)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_9n_var.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329433/; classtype:trojan-activity;sid:84192533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329434)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20241125-wa0002.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329434/; classtype:trojan-activity;sid:84192534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329435)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59980_20.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329435/; classtype:trojan-activity;sid:84192535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329436)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-8.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329436/; classtype:trojan-activity;sid:84192536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329437)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-ico-ido-ieo-guide-2024-2-1-2.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329437/; classtype:trojan-activity;sid:84192537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329403)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4_ws2-w2000-apple-watch-flex-tray-sensors-merchandising-guide-english.pdf.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329403/; classtype:trojan-activity;sid:84192503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329404)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56_mango-smoothie-3_4-02_retouch.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329404/; classtype:trojan-activity;sid:84192504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329406)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-submissi.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329406/; classtype:trojan-activity;sid:84192506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329407)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/credentialing-check-list.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329407/; classtype:trojan-activity;sid:84192507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329408)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1719.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329408/; classtype:trojan-activity;sid:84192508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329409)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-nft-guide-20241.9.2.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329409/; classtype:trojan-activity;sid:84192509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329410)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/balance-general-2011.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329410/; classtype:trojan-activity;sid:84192510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329411)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sulthan-auliya-itxkccbj7zc-unsplash-scaled.jpeg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329411/; classtype:trojan-activity;sid:84192511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329412)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/luminosita252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252580_contrasto-1.jpg.lnk"; http_uri; depth:249; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329412/; classtype:trojan-activity;sid:84192512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329413)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rttc-save-water-5.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329413/; classtype:trojan-activity;sid:84192513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329414)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ef-0019-scaled.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329414/; classtype:trojan-activity;sid:84192514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329415)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58295_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329415/; classtype:trojan-activity;sid:84192515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329416)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ssp.pdf.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329416/; classtype:trojan-activity;sid:84192516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329417)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5_zips-single-port-alarm-unit-merchandising-guide-thai-translation.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329417/; classtype:trojan-activity;sid:84192517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329418)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/campionatcatalunya-de-camp-2015.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329418/; classtype:trojan-activity;sid:84192518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329419)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-sat-m332-e-1.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329419/; classtype:trojan-activity;sid:84192519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329420)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-19.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329420/; classtype:trojan-activity;sid:84192520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cap2013-vigente.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329421/; classtype:trojan-activity;sid:84192521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329422)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pic-369-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329422/; classtype:trojan-activity;sid:84192522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329423)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16808043042daf6ce32c5c9aa07a3fcd9c744c8fa3.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329423/; classtype:trojan-activity;sid:84192523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329424)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-defi-protocol-documentation-20242.3.2.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329424/; classtype:trojan-activity;sid:84192524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329389)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lakecity-hospital-brochure.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329389/; classtype:trojan-activity;sid:84192489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329390)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-community-guidelines-2024-5.7.3.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329390/; classtype:trojan-activity;sid:84192490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329391)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bal-mithai.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329391/; classtype:trojan-activity;sid:84192491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329392)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-05-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329392/; classtype:trojan-activity;sid:84192492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329393)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/destino.xlsx.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329393/; classtype:trojan-activity;sid:84192493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329394)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-1200x800.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329394/; classtype:trojan-activity;sid:84192494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329395)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02113-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329395/; classtype:trojan-activity;sid:84192495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329396)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carlos-prochelle-y-los-robos-de-la-tierra.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329396/; classtype:trojan-activity;sid:84192496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329397)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.42.20-1-1024x1024.jpeg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329397/; classtype:trojan-activity;sid:84192497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329398)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-ico-ido-ieo-guide-2024-4-2-5.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329398/; classtype:trojan-activity;sid:84192498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329400)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capa-53-ykriny.jpeg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329400/; classtype:trojan-activity;sid:84192500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329401)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-persoane-fizice.docx.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329401/; classtype:trojan-activity;sid:84192501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329402)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/affiliation-d.el.ed.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329402/; classtype:trojan-activity;sid:84192502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329379)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54469_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329379/; classtype:trojan-activity;sid:84192479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/convocatoria-_001_2021_mdc-practicantes.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329380/; classtype:trojan-activity;sid:84192480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boyfriend-jeans-outfit-ideas.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329381/; classtype:trojan-activity;sid:84192481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329382)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-11-de-2024-1.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329382/; classtype:trojan-activity;sid:84192482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1049.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329383/; classtype:trojan-activity;sid:84192483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329384)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-ico-ido-ieo-guide-20245-1-5.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329384/; classtype:trojan-activity;sid:84192484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329385)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_2583-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329385/; classtype:trojan-activity;sid:84192485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329386)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-2016.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329386/; classtype:trojan-activity;sid:84192486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329387)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bela-adormecida-em-feltro-moldes-passo-a-passo.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329387/; classtype:trojan-activity;sid:84192487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329388)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ_2339_format_competicions_sala_2023_202420303.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329388/; classtype:trojan-activity;sid:84192488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329373)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ramal-doble-invertido-45-mh-50x50mm.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329373/; classtype:trojan-activity;sid:84192473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329374)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312200102695.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329374/; classtype:trojan-activity;sid:84192474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329375)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:245; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329375/; classtype:trojan-activity;sid:84192475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329376)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lacoste-cvc_2_11zon.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329376/; classtype:trojan-activity;sid:84192476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329377)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ed152e74-c439-4082-a677-a2fd6698b4af.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329377/; classtype:trojan-activity;sid:84192477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329378)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/manual-ferias-cientificas-2013.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329378/; classtype:trojan-activity;sid:84192478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329364)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-jaket-konveksi-hoodie3.jpg.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329364/; classtype:trojan-activity;sid:84192464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329365)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/angled_honeycomb_spec.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329365/; classtype:trojan-activity;sid:84192465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329366)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ficha-reserva-mim-7-10.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329366/; classtype:trojan-activity;sid:84192466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329367)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/esf-junio-2023.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329367/; classtype:trojan-activity;sid:84192467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329368)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-09-03-at-13.00.41-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329368/; classtype:trojan-activity;sid:84192468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329369)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/michaelrgoldingcv.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329369/; classtype:trojan-activity;sid:84192469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329370)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-postulaci2525252525252525252525252525252525252525c32525252525252525252525252525252525252525b3n-interregional-par-explora-rm-sur-poniente.pdf.lnk"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329370/; classtype:trojan-activity;sid:84192470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329371)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-educational-material-20242.5.1.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329371/; classtype:trojan-activity;sid:84192471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329372)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sig-compact.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329372/; classtype:trojan-activity;sid:84192472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329339)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/price-of-viagra-50-mg-at-the-pharmacy-ecuador.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329339/; classtype:trojan-activity;sid:84192439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329340)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/397ebcce-a595-4a5c-9687-4eceb4ad6d69.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329340/; classtype:trojan-activity;sid:84192440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329341)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fl-sm01at-u-oo-1080x1920-001-450x800.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329341/; classtype:trojan-activity;sid:84192441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329342)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/534.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329342/; classtype:trojan-activity;sid:84192442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultado-integral-septiembre-2020.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329343/; classtype:trojan-activity;sid:84192443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329344)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/19-21_carmelines-magazine.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329344/; classtype:trojan-activity;sid:84192444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329345)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5495-1.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329345/; classtype:trojan-activity;sid:84192445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329346)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/images-1.jpeg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329346/; classtype:trojan-activity;sid:84192446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329347)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-community-guidelines-20243.4.5.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329347/; classtype:trojan-activity;sid:84192447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329348)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oferta-cumparare-comunicare-acceptare-oferta-persoane-fizice.docx.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329348/; classtype:trojan-activity;sid:84192448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329349)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modificacion-presupuestal-junio-2023.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329349/; classtype:trojan-activity;sid:84192449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329350)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731501467120a8eacec90ec1e9a366b98d86f85bc.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329350/; classtype:trojan-activity;sid:84192450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329351)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0004.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329351/; classtype:trojan-activity;sid:84192451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329352)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1561-done-for-gb.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329352/; classtype:trojan-activity;sid:84192452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329353)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2nd-page.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329353/; classtype:trojan-activity;sid:84192453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329354)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/decizia-persoane-juridice.docx.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329354/; classtype:trojan-activity;sid:84192454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329355)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/yamamoto-nutrition-protesamine25252525252525252525252525252525252525c225252525252525252525252525252525252525ae-mcu-2025252525252525252525252525252525252525c225252525252525252525252525252525252525ae-100-compresse.jpeg.lnk"; http_uri; depth:231; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329355/; classtype:trojan-activity;sid:84192455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329356)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/protesto-6-1-jluhjl.jpeg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329356/; classtype:trojan-activity;sid:84192456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329357)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/youthsportslogo2012.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329357/; classtype:trojan-activity;sid:84192457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329358)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/serek-1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329358/; classtype:trojan-activity;sid:84192458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329359)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/most-expensive-birkin.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329359/; classtype:trojan-activity;sid:84192459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329360)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hempel-silver.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329360/; classtype:trojan-activity;sid:84192460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329361)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190930_092439-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329361/; classtype:trojan-activity;sid:84192461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329362)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/transparenta-martie2024.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329362/; classtype:trojan-activity;sid:84192462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329363)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/816phtjtrel._ac_sy355_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329363/; classtype:trojan-activity;sid:84192463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329326)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/surgical.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329326/; classtype:trojan-activity;sid:84192426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329327)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52067_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329327/; classtype:trojan-activity;sid:84192427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329328)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultats-2a-tirada-lliga-catalana-aire-lliure-lleida.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329328/; classtype:trojan-activity;sid:84192428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329329)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7584-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329329/; classtype:trojan-activity;sid:84192429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329330)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-cecyte-2021.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329330/; classtype:trojan-activity;sid:84192430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329331)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/addition-roof-aiding-windows-gutters-pavers-garage-door.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329331/; classtype:trojan-activity;sid:84192431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329332)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryiag-job-description.docxcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329332/; classtype:trojan-activity;sid:84192432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329333)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro-de-resumenes-congreso-2018.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329333/; classtype:trojan-activity;sid:84192433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329334)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-consensus-mechanism-details-2024-5.7.2.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329334/; classtype:trojan-activity;sid:84192434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329335)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lula_alckmin_moraes-73qgoc.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329335/; classtype:trojan-activity;sid:84192435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329336)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p308.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329336/; classtype:trojan-activity;sid:84192436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329337)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58928_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329337/; classtype:trojan-activity;sid:84192437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329338)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6_zips-4-port-alarm-unit-merchandising-guide-thai-translation.pdf.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329338/; classtype:trojan-activity;sid:84192438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329310)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/345170166_636623554495517_8765092016815335180_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329310/; classtype:trojan-activity;sid:84192410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329311)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a0009673-1024x768.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329311/; classtype:trojan-activity;sid:84192411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329312)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/301-6.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329312/; classtype:trojan-activity;sid:84192412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329313)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56295_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329313/; classtype:trojan-activity;sid:84192413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329314)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2204-sf-original-pine-min-min-scaled.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329314/; classtype:trojan-activity;sid:84192414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329315)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-mb200-1.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329315/; classtype:trojan-activity;sid:84192415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329316)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2018-08-31-20-53-58.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329316/; classtype:trojan-activity;sid:84192416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329317)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-taller-temporada-de-eclipses-final.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329317/; classtype:trojan-activity;sid:84192417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329318)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/207-11.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329318/; classtype:trojan-activity;sid:84192418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329319)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/t4-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329319/; classtype:trojan-activity;sid:84192419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329321)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-22.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329321/; classtype:trojan-activity;sid:84192421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pagina-nota4-180924-oald.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329322/; classtype:trojan-activity;sid:84192422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329323)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presentacion-auscham-2024-1.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329323/; classtype:trojan-activity;sid:84192423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329324)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01laboratorios-sophia-1.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329324/; classtype:trojan-activity;sid:84192424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329325)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_nagata-drill.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329325/; classtype:trojan-activity;sid:84192425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329305)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-14.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329305/; classtype:trojan-activity;sid:84192405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329306)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-2.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329306/; classtype:trojan-activity;sid:84192406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329307)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-pipe-2021.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329307/; classtype:trojan-activity;sid:84192407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329308)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/74605479_1244223799095726_6205392045163413504_o_1244223789095727.jpg.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329308/; classtype:trojan-activity;sid:84192408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329309)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/113981994627.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329309/; classtype:trojan-activity;sid:84192409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329300)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/el-uso-de-yo-y-estructuras.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329300/; classtype:trojan-activity;sid:84192400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329301)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/model-on-a-rooftop-in-brooklyn-holding-an-ostrich-birkin-bag_1024x1024.jpg.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329301/; classtype:trojan-activity;sid:84192401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/513341156456.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329302/; classtype:trojan-activity;sid:84192402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-1440x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329303/; classtype:trojan-activity;sid:84192403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pasantias-ciencias-escolares-seleccionadas-2018.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329304/; classtype:trojan-activity;sid:84192404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329297)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/198843_big.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329297/; classtype:trojan-activity;sid:84192397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329298)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preeti-x-anupam-2-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329298/; classtype:trojan-activity;sid:84192398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329299)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170913_athletics_36hrs_garbine_01_hotel_188-705x705-1.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329299/; classtype:trojan-activity;sid:84192399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329292)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190927_130739-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329292/; classtype:trojan-activity;sid:84192392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329293)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iso-9001-crn-.qms-spaes-ukas.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329293/; classtype:trojan-activity;sid:84192393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329294)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.-04.11.2024-per-portalin-24-25.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329294/; classtype:trojan-activity;sid:84192394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329295)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731531392db21c0aa0d4b738d35a07fba197b9187.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329295/; classtype:trojan-activity;sid:84192395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329296)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-9.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329296/; classtype:trojan-activity;sid:84192396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329271)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-a0416410g907f-product-image.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329271/; classtype:trojan-activity;sid:84192371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329272)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/endeavor-brochure.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329272/; classtype:trojan-activity;sid:84192372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329273)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/soma-edited-banner.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329273/; classtype:trojan-activity;sid:84192373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329274)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20kitchen-1.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329274/; classtype:trojan-activity;sid:84192374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4093.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329275/; classtype:trojan-activity;sid:84192375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329276)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/validating-silence.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329276/; classtype:trojan-activity;sid:84192376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329277)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20210127_133613.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329277/; classtype:trojan-activity;sid:84192377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329278)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa_de_actividades_vacaciones_de_verano.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329278/; classtype:trojan-activity;sid:84192378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329279)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dji_0022-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329279/; classtype:trojan-activity;sid:84192379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329280)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/breaking-frontiers-eavs-inaugural-impact-report-.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329280/; classtype:trojan-activity;sid:84192380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-30-at-14.55.13-2.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329281/; classtype:trojan-activity;sid:84192381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_23.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329282/; classtype:trojan-activity;sid:84192382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2913866373405.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329283/; classtype:trojan-activity;sid:84192383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p1010095.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329284/; classtype:trojan-activity;sid:84192384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329285)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_0763-authentic-hermes-birkin-porosus-rose-scheherazade--35.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329285/; classtype:trojan-activity;sid:84192385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329286)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-01-de-2020_0.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329286/; classtype:trojan-activity;sid:84192386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329287)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/large-ashler-with-texture-bullnose-6-1.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329287/; classtype:trojan-activity;sid:84192387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dji_0068-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329288/; classtype:trojan-activity;sid:84192388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cassia-oil-2342061402-tds.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329289/; classtype:trojan-activity;sid:84192389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329290)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/karta-zgloszenia-dziecka-do-przedszkola-terapeutycznego-parasolki.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329290/; classtype:trojan-activity;sid:84192390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329291)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h5.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329291/; classtype:trojan-activity;sid:84192391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329248)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/114044081792.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329248/; classtype:trojan-activity;sid:84192348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329249)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/53956567176_8ccf95d53e_c-e1730507752191-lqzfvo.jpeg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329249/; classtype:trojan-activity;sid:84192349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329250)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tuli-hr-projects.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329250/; classtype:trojan-activity;sid:84192350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329251)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/436797841_342763655470474_7459351430371016868_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329251/; classtype:trojan-activity;sid:84192351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329252)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/annual-appeal-nov.-newsletter-2021.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329252/; classtype:trojan-activity;sid:84192352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329253)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/funci252525252525252525252525252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525252525252525252525252525b3nfiscal-2.png.lnk"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329253/; classtype:trojan-activity;sid:84192353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329254)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-18-1177x800.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329254/; classtype:trojan-activity;sid:84192354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329255)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eliberarea-cartii-de-identitate-motive-prevazute-la-art.-19-alin.-1-oug-nr.-97.doc.lnk"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329255/; classtype:trojan-activity;sid:84192355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329256)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-congreso-regional-2019.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329256/; classtype:trojan-activity;sid:84192356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329257)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-favicon_muffin-150x150.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329257/; classtype:trojan-activity;sid:84192357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329258)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_0435.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329258/; classtype:trojan-activity;sid:84192358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329259)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-1024x767.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329259/; classtype:trojan-activity;sid:84192359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329260)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerywww.ardayazilim.comcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329260/; classtype:trojan-activity;sid:84192360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329261)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saveclip.app_467309497_1478738766133020_9057945039958880117_n-1-2dhygu.jpeg.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329261/; classtype:trojan-activity;sid:84192361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329262)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/precios-certificaciones.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329262/; classtype:trojan-activity;sid:84192362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329263)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standee-dien-thoai-4.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329263/; classtype:trojan-activity;sid:84192363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329264)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312345574623.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329264/; classtype:trojan-activity;sid:84192364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329265)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brigadistas.-dodf.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329265/; classtype:trojan-activity;sid:84192365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329266)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14galeria-evento-varilux-vyo-20-03-19.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329266/; classtype:trojan-activity;sid:84192366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329267)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/004-normas-planificacion-deportiva-2024.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329267/; classtype:trojan-activity;sid:84192367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329268)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/item4-1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329268/; classtype:trojan-activity;sid:84192368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329269)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ba-hons-3yr.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329269/; classtype:trojan-activity;sid:84192369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329270)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marketingmango-12.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329270/; classtype:trojan-activity;sid:84192370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329235)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13-1440x1080.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329235/; classtype:trojan-activity;sid:84192335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329236)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6169-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329236/; classtype:trojan-activity;sid:84192336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329237)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1178.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329237/; classtype:trojan-activity;sid:84192337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329238)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fullrunning-galeria-2.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329238/; classtype:trojan-activity;sid:84192338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329239)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/31-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329239/; classtype:trojan-activity;sid:84192339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329240)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tagreuters.com2023binary_lynxmpej420y3-filedimage-e1683225010388-rrqjl3.jpeg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329240/; classtype:trojan-activity;sid:84192340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329241)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lista-de-utiles-kinder-2024.docx.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329241/; classtype:trojan-activity;sid:84192341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329242)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capa-60-ouc1ez.jpeg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329242/; classtype:trojan-activity;sid:84192342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329243)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_2024.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329243/; classtype:trojan-activity;sid:84192343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329244)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3373-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329244/; classtype:trojan-activity;sid:84192344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329245)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sherry-brookes-armada-avenue-3.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329245/; classtype:trojan-activity;sid:84192345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329246)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/line_album_id-perspective-mb_230225_2.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329246/; classtype:trojan-activity;sid:84192346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329247)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/designer-2.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329247/; classtype:trojan-activity;sid:84192347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329226)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toa-nha.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329226/; classtype:trojan-activity;sid:84192326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329227)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plano-de-acao-e-monitoramento-para-efetivacao-da-politica-distrital-para-a-populacao-em-situacao-de-rua.pdf.lnk"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329227/; classtype:trojan-activity;sid:84192327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329228)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp9688.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329228/; classtype:trojan-activity;sid:84192328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329229)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clover-flex-gen-3-01-1.png.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329229/; classtype:trojan-activity;sid:84192329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329230)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain_whitepaper_2024_3.4.8.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329230/; classtype:trojan-activity;sid:84192330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329231)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gp-header02.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329231/; classtype:trojan-activity;sid:84192331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329232)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formulari_llicencia_nova.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329232/; classtype:trojan-activity;sid:84192332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329233)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1680804304d66dce66ec944de92a462073ade35f19.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329233/; classtype:trojan-activity;sid:84192333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329234)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e5b50f8a-6ad1-62e6-cb29-6e11c982cbe2.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329234/; classtype:trojan-activity;sid:84192334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329222)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/instrukcja-uzytkowania-i-montazu-4701fw.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329222/; classtype:trojan-activity;sid:84192322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329224)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0e4f0524-3317-4f54-fc41-86ea9ad6a036.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329224/; classtype:trojan-activity;sid:84192324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329225)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12-1024x576.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329225/; classtype:trojan-activity;sid:84192325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329212)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5490.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329212/; classtype:trojan-activity;sid:84192312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329213)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/indigo-menu.png.zip.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329213/; classtype:trojan-activity;sid:84192313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329214)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5099-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329214/; classtype:trojan-activity;sid:84192314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329215)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7de17749-303c-2cbf-f9de-0bfb3ace7fe8.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329215/; classtype:trojan-activity;sid:84192315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329216)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/strategia-anuala-de-achizite-publica-pe-anul-2023-anonimizat.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329216/; classtype:trojan-activity;sid:84192316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329217)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vigilante-executado-em-ceilandia-05mc4s.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329217/; classtype:trojan-activity;sid:84192317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329218)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eri-dic-2023-1.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329218/; classtype:trojan-activity;sid:84192318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329219)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bando_abanilla.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329219/; classtype:trojan-activity;sid:84192319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329220)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toronto-2020-welcome.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329220/; classtype:trojan-activity;sid:84192320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329221)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ribo_conduct_sheet_040622-fact_sheet.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329221/; classtype:trojan-activity;sid:84192321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329205)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731679182b20c211f5755d9193fc523bdc4d9f89a.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329205/; classtype:trojan-activity;sid:84192305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329206)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/header-ruby-logo.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329206/; classtype:trojan-activity;sid:84192306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329207)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-3.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329207/; classtype:trojan-activity;sid:84192307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329208)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juguetes-batman-vs-superman-juguete-batman-vs-superman-218022-l.jpg.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329208/; classtype:trojan-activity;sid:84192308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329209)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bent-over-row-4-600x433.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329209/; classtype:trojan-activity;sid:84192309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329210)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8c18489579811280f84102bd6564673b.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329210/; classtype:trojan-activity;sid:84192310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329211)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/342527060_893414038424144_8858223093081703566_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329211/; classtype:trojan-activity;sid:84192311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329204)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myjaca-majormaker-deluxe-4020fw-2.png.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329204/; classtype:trojan-activity;sid:84192304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329192)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/207-5.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329192/; classtype:trojan-activity;sid:84192292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329193)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ecp-dic-2023-1.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329193/; classtype:trojan-activity;sid:84192293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329194)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/silvas-34-scaled.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329194/; classtype:trojan-activity;sid:84192294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329195)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/19059730_1893318434017886_7565433978491842127_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329195/; classtype:trojan-activity;sid:84192295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329196)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tabla-de-tarifas-parqueaderos-ttsa-1.xlsx.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329196/; classtype:trojan-activity;sid:84192296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329197)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srishti-x-abhinav-8-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329197/; classtype:trojan-activity;sid:84192297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-355-midnight-brushed-gray.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329198/; classtype:trojan-activity;sid:84192298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329199)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ete05.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329199/; classtype:trojan-activity;sid:84192299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329200)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/314f71f3-47f3-46f5-95d2-220a4e1b7b5b.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329200/; classtype:trojan-activity;sid:84192300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329201)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monero-defi-protocol-documentation-2024-3.6.0.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329201/; classtype:trojan-activity;sid:84192301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329202)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04988.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329202/; classtype:trojan-activity;sid:84192302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329203)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/270953_001.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329203/; classtype:trojan-activity;sid:84192303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329184)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-304.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329184/; classtype:trojan-activity;sid:84192284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329185)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h6767215550f5426aa040e5473e8d2a18h.jpg_640x640q90.jpg_.webp.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329185/; classtype:trojan-activity;sid:84192285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329186)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-convocatoria-iie-2022-proyecto-explora-coquimbo.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329186/; classtype:trojan-activity;sid:84192286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329187)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-campamento-explora-va-los-lagos-2022.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329187/; classtype:trojan-activity;sid:84192287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329188)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7.-circular-consejo-escolar-2020.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329188/; classtype:trojan-activity;sid:84192288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329189)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-sdqs-2016-terminal-de-transporte-s.a.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329189/; classtype:trojan-activity;sid:84192289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329190)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/catalogo-peluche-soste.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329190/; classtype:trojan-activity;sid:84192290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329191)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-ejecutado-2011-en-formato-pdf.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329191/; classtype:trojan-activity;sid:84192291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329168)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/regulamentodh2018_web3.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329168/; classtype:trojan-activity;sid:84192268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329169)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20221017_111523.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329169/; classtype:trojan-activity;sid:84192269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329170)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329170/; classtype:trojan-activity;sid:84192270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329171)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the-holmes.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329171/; classtype:trojan-activity;sid:84192271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329172)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/linit.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329172/; classtype:trojan-activity;sid:84192272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329173)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60080_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329173/; classtype:trojan-activity;sid:84192273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329174)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/halt-and-hass-chamber.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329174/; classtype:trojan-activity;sid:84192274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329175)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61083_0.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329175/; classtype:trojan-activity;sid:84192275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329176)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/18-1-2024_refrigeracao_senai_foto-victor-hugo-pessoa_-scaled-xilo4m.jpeg.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329176/; classtype:trojan-activity;sid:84192276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329177)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3_ws2-apple-watch-tray-sensors-zw1051-52-merchandising-guide-vietnamese.pdf.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329177/; classtype:trojan-activity;sid:84192277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329178)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oh18001.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329178/; classtype:trojan-activity;sid:84192278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329179)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rekayasa-lalu-lintas-dan-desain-geometrik-jalan.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329179/; classtype:trojan-activity;sid:84192279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329180)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-feci-2022_final.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329180/; classtype:trojan-activity;sid:84192280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329181)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primary-section-annual-function-4.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329181/; classtype:trojan-activity;sid:84192281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329182)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adizero-99gram-featured.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329182/; classtype:trojan-activity;sid:84192282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329183)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/student-protection-plan-2022-23.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329183/; classtype:trojan-activity;sid:84192283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329148)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.25.10.2024-per-portalin-24-25.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329148/; classtype:trojan-activity;sid:84192248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329149)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tvc_nsd_pickyourpair.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329149/; classtype:trojan-activity;sid:84192249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329150)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0430-scaled.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329150/; classtype:trojan-activity;sid:84192250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329151)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58049_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329151/; classtype:trojan-activity;sid:84192251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329152)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/portfolio-14-pages_compressed.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329152/; classtype:trojan-activity;sid:84192252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329153)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-15-1-150x150-2.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329153/; classtype:trojan-activity;sid:84192253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329154)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/norme-de-clasificare-sportiva-2010.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329154/; classtype:trojan-activity;sid:84192254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329155)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-08-01-at-16.59.38-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329155/; classtype:trojan-activity;sid:84192255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329156)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/173031159683ceb3892c2a0ff865fce907a15939a5.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329156/; classtype:trojan-activity;sid:84192256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329157)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/req.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329157/; classtype:trojan-activity;sid:84192257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329158)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/amco-knit-composite-ltd..jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329158/; classtype:trojan-activity;sid:84192258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329159)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sof-mn04-plan-institucional-de-emergencia-terminal-norte.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329159/; classtype:trojan-activity;sid:84192259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329160)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/140_armario_vertical.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329160/; classtype:trojan-activity;sid:84192260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329161)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1454-wr.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329161/; classtype:trojan-activity;sid:84192261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329162)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/criterios-seleccion-arco-recurvo-teamrfeta-22-236607.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329162/; classtype:trojan-activity;sid:84192262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329163)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/03.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329163/; classtype:trojan-activity;sid:84192263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329164)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/perricidad1.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329164/; classtype:trojan-activity;sid:84192264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329165)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/324_5-6_78_2009.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329165/; classtype:trojan-activity;sid:84192265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329166)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-ecosystem-report-2024-5-5-3.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329166/; classtype:trojan-activity;sid:84192266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329167)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329167/; classtype:trojan-activity;sid:84192267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329143)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/08_june_prospectus_2024_25-bcom.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329143/; classtype:trojan-activity;sid:84192243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329144)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srishti-x-abhinav-5-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329144/; classtype:trojan-activity;sid:84192244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329145)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-36.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329145/; classtype:trojan-activity;sid:84192245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329146)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52337_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329146/; classtype:trojan-activity;sid:84192246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329147)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boletinsequia202212.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329147/; classtype:trojan-activity;sid:84192247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329139)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iqac_16th_aug_2018.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329139/; classtype:trojan-activity;sid:84192239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329140)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22528537_1294361010691413_4511524066331851077_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329140/; classtype:trojan-activity;sid:84192240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329141)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resize-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329141/; classtype:trojan-activity;sid:84192241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329142)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13.-protocolo-de-violencia-entre-miembros-de-la-comunidad-educativa.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329142/; classtype:trojan-activity;sid:84192242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329134)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-1.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329134/; classtype:trojan-activity;sid:84192234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329135)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sarjana-tekniks-2-1.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329135/; classtype:trojan-activity;sid:84192235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329136)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rex.-165.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329136/; classtype:trojan-activity;sid:84192236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329137)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-decret-2001-849-tarif.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329137/; classtype:trojan-activity;sid:84192237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329138)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60078_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329138/; classtype:trojan-activity;sid:84192238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329127)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro1997.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329127/; classtype:trojan-activity;sid:84192227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329128)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bilans-za-2018-rok.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329128/; classtype:trojan-activity;sid:84192228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329129)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-9-rancho-el-pozo-zaragoza-coahuila-55.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329129/; classtype:trojan-activity;sid:84192229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329130)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0015.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329130/; classtype:trojan-activity;sid:84192230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329132)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12375_depression-anger-attacks.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329132/; classtype:trojan-activity;sid:84192232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329133)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_8266d0906bf5f9a78bedeec2ab48af7d.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329133/; classtype:trojan-activity;sid:84192233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329124)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-2121-2a-tirada-lliga-aire-lliure12307.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329124/; classtype:trojan-activity;sid:84192224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329125)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bannery_vizualni_movees.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329125/; classtype:trojan-activity;sid:84192225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329126)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54456_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329126/; classtype:trojan-activity;sid:84192226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329122)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_picotin_sizes.jpeg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329122/; classtype:trojan-activity;sid:84192222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329123)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solicitud-arrendamiento-natural.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329123/; classtype:trojan-activity;sid:84192223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329118)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/picture2.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329118/; classtype:trojan-activity;sid:84192218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329119)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kambio-eyewear-sunglasses-gigi-studios-gilda-butterfly-brow-6774-0-side.jpg.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329119/; classtype:trojan-activity;sid:84192219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329120)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/julia-stoddart-110-edit-1000.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329120/; classtype:trojan-activity;sid:84192220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329121)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/projectshipment-general12.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329121/; classtype:trojan-activity;sid:84192221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329113)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guiacndocentes.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329113/; classtype:trojan-activity;sid:84192213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329114)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/olive-scrub-70-off-700x700-1.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329114/; classtype:trojan-activity;sid:84192214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329115)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-da-inserire-sul-sito-8.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329115/; classtype:trojan-activity;sid:84192215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329116)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standee-dien-thoai-2.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329116/; classtype:trojan-activity;sid:84192216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329117)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-07-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329117/; classtype:trojan-activity;sid:84192217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329112)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/warunki-uczestnictwa.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329112/; classtype:trojan-activity;sid:84192212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329110)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marketingmango-13.png.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329110/; classtype:trojan-activity;sid:84192210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329111)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/frida-kahlo-pennellino-milano.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329111/; classtype:trojan-activity;sid:84192211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329106)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20241203-wa0046.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329106/; classtype:trojan-activity;sid:84192206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329107)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2019-03-05-at-4.16.12-pm-1.jpeg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329107/; classtype:trojan-activity;sid:84192207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329108)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bio02.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329108/; classtype:trojan-activity;sid:84192208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329109)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/celex-32000l0021-ro-txt.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329109/; classtype:trojan-activity;sid:84192209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329100)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20180615_083432.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329100/; classtype:trojan-activity;sid:84192200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329101)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plants-vs-zombies-coloring-pages.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329101/; classtype:trojan-activity;sid:84192201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329102)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0002.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329102/; classtype:trojan-activity;sid:84192202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329104)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iso-14001.site2_.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329104/; classtype:trojan-activity;sid:84192204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329105)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5ded1c63ae167.jpeg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329105/; classtype:trojan-activity;sid:84192205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329095)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-oxford15-rossignol-rsgl-top-camisa-hombre-blanca-1.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329095/; classtype:trojan-activity;sid:84192195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329096)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/camscanner-09-27-2024-14.49_1.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329096/; classtype:trojan-activity;sid:84192196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329097)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/newsflash-jan-and-feb-2024.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329097/; classtype:trojan-activity;sid:84192197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329098)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brochure-revised2.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329098/; classtype:trojan-activity;sid:84192198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329099)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presnovdic.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329099/; classtype:trojan-activity;sid:84192199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329088)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-milano-floor-2.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329088/; classtype:trojan-activity;sid:84192188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329089)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-d.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329089/; classtype:trojan-activity;sid:84192189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329091)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cuevas_mesa-de-trabajo-1.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329091/; classtype:trojan-activity;sid:84192191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329092)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultats-finals-equips-recorvat-masculi-world-cup-2015-shanghai.pdf.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329092/; classtype:trojan-activity;sid:84192192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329093)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/relatorio_merged.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329093/; classtype:trojan-activity;sid:84192193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329094)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cone-de-sinalizacao-emborrachado-refletivo.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329094/; classtype:trojan-activity;sid:84192194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329085)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m500303_0003999_p.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329085/; classtype:trojan-activity;sid:84192185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329086)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/weltesnusantara.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329086/; classtype:trojan-activity;sid:84192186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329087)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7539827b1eb51e98021a224238a2b978-550x550h.jpg.webp.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329087/; classtype:trojan-activity;sid:84192187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329082)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sava-osiguranje-sajt2.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329082/; classtype:trojan-activity;sid:84192182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329083)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m8a6814-front-copy.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329083/; classtype:trojan-activity;sid:84192183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329084)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58097_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329084/; classtype:trojan-activity;sid:84192184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329076)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain_smart_contract_tutorial_20241.5.6.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329076/; classtype:trojan-activity;sid:84192176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329077)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mzf_4654-1202x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329077/; classtype:trojan-activity;sid:84192177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329078)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12.-protocolo-de-discriminacion-arbitraria.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329078/; classtype:trojan-activity;sid:84192178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329079)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xxix-trofeu-ciutat-de-lleida-2022-rectificada.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329079/; classtype:trojan-activity;sid:84192179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329080)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/proces-verbal-sedinta-ordinara-din-data-de-21-decembrie-2015..pdf.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329080/; classtype:trojan-activity;sid:84192180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329081)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/25d7259425d725a625d725a225d725aa-25d7259c25d725a425d725a225d7259925d7259c25d7259525d725aa-25d7259125d7259025d7259925d725a025d725a125d7259925d7259925d72593-25d7259025d7259025d7259525d72598.pdf.lnk"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329081/; classtype:trojan-activity;sid:84192181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329074)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sashay-away-camiseta-negra-1.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329074/; classtype:trojan-activity;sid:84192174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329075)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viaggio_antarctica-patagonia-argentina-classica_01.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329075/; classtype:trojan-activity;sid:84192175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329072)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2_september-2014.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329072/; classtype:trojan-activity;sid:84192172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329073)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12_month_subscription.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329073/; classtype:trojan-activity;sid:84192173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329069)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-tundra-7.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329069/; classtype:trojan-activity;sid:84192169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329070)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pic-36-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329070/; classtype:trojan-activity;sid:84192170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329071)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/90a5c573-e581-4598-969a-fb548659f34d.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329071/; classtype:trojan-activity;sid:84192171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329068)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8489_master-1024x683.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329068/; classtype:trojan-activity;sid:84192168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329066)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/media._sl480_.jpeg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329066/; classtype:trojan-activity;sid:84192166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329067)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/658_ejecucion-pptal-marzo-2021_0-1.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329067/; classtype:trojan-activity;sid:84192167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329062)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2024-08-28-20-44-37-1.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329062/; classtype:trojan-activity;sid:84192162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329063)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/scan0147.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329063/; classtype:trojan-activity;sid:84192163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329064)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/efe-dic-2023-1.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329064/; classtype:trojan-activity;sid:84192164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329065)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nursery-d.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329065/; classtype:trojan-activity;sid:84192165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329050)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/corpo-de-montanhista-e-encontrado-apos-12-dias-em-sc-mvkyzm.jpeg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329050/; classtype:trojan-activity;sid:84192150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329051)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01545-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329051/; classtype:trojan-activity;sid:84192151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329052)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp9078.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329052/; classtype:trojan-activity;sid:84192152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329053)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-concurso-iluminarte-par-explora-rm-norte.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329053/; classtype:trojan-activity;sid:84192153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329054)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/elit-koltuk-takimi-scaled.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329054/; classtype:trojan-activity;sid:84192154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01551-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329055/; classtype:trojan-activity;sid:84192155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329056)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lion-king-color-pages.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329056/; classtype:trojan-activity;sid:84192156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329057)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/file2525252525252525252525252525252525252525252525252525252525252525252525252525252525253awaziriyaautobombeirak.jpg.lnk"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329057/; classtype:trojan-activity;sid:84192157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329058)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/home-office-05.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329058/; classtype:trojan-activity;sid:84192158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329059)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-17.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329059/; classtype:trojan-activity;sid:84192159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329060)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731501480319384a9d6f88370a5c08d2f4b651873.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329060/; classtype:trojan-activity;sid:84192160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329061)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aline-grooming-bag--068487ck37-worn-1-0-0-800-800_g.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329061/; classtype:trojan-activity;sid:84192161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329048)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/yamamoto-nutrition-protesamine2525252525252525252525252525c22525252525252525252525252525ae-mcu-202525252525252525252525252525c22525252525252525252525252525ae-100-compresse.jpeg.lnk"; http_uri; depth:191; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329048/; classtype:trojan-activity;sid:84192148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329049)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9aa1f01865d16c1ac80fb9a48b51fd36.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329049/; classtype:trojan-activity;sid:84192149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329040)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54140171726_373a6d379d_c-mob8nx.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329040/; classtype:trojan-activity;sid:84192140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329041)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/middle-sections-much-anticipated-annual-event-noir-et-blanc-6.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329041/; classtype:trojan-activity;sid:84192141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329042)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bsc-hons-health-social-care.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329042/; classtype:trojan-activity;sid:84192142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329043)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modelo-10179-halc2525c32525b3n-milenario-1000x555-1.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329043/; classtype:trojan-activity;sid:84192143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329044)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comingtotown.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329044/; classtype:trojan-activity;sid:84192144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329045)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20180903_171803.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329045/; classtype:trojan-activity;sid:84192145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329046)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto7-e1666448126653.jpeg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329046/; classtype:trojan-activity;sid:84192146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329047)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tarjetas-nema-02-1.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329047/; classtype:trojan-activity;sid:84192147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329037)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryiag-job-description.docxcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:246; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329037/; classtype:trojan-activity;sid:84192137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329038)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/minority-cert-2-1-2.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329038/; classtype:trojan-activity;sid:84192138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329039)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p44.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329039/; classtype:trojan-activity;sid:84192139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329032)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boletin-dia-de-la-mujer.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329032/; classtype:trojan-activity;sid:84192132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329033)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-congreso-regional-parexplora-rmso-.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329033/; classtype:trojan-activity;sid:84192133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329034)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lego-el-senor-de-los-anillos-pc.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329034/; classtype:trojan-activity;sid:84192134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329035)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_31.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329035/; classtype:trojan-activity;sid:84192135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329036)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-25-at-16.51.01_2ca7566c.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329036/; classtype:trojan-activity;sid:84192136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329028)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-1-maria-marpaung.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329028/; classtype:trojan-activity;sid:84192128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329029)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/muffinbreak-18-01-18-3814.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329029/; classtype:trojan-activity;sid:84192129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329030)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-audit-report-20244.7.0.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329030/; classtype:trojan-activity;sid:84192130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329031)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6.jpeg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329031/; classtype:trojan-activity;sid:84192131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329024)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/z4767191422601_2ac3192592fa1f938545f58fee814573.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329024/; classtype:trojan-activity;sid:84192124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329025)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-09-07-at-16.05.52_557aa5f2.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329025/; classtype:trojan-activity;sid:84192125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329017)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tether-ico-ido-ieo-guide-20242.0.5.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329017/; classtype:trojan-activity;sid:84192117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329018)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo-10.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329018/; classtype:trojan-activity;sid:84192118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329019)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20171109_114058.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329019/; classtype:trojan-activity;sid:84192119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329020)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20201224_135315.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329020/; classtype:trojan-activity;sid:84192120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329021)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requirements-subm.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:262; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329021/; classtype:trojan-activity;sid:84192121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329022)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_5773791619563242016_w.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329022/; classtype:trojan-activity;sid:84192122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329023)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/halloween-bitch-camiseta-negra-4.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329023/; classtype:trojan-activity;sid:84192123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329013)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bf_small_grants_annex-2.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329013/; classtype:trojan-activity;sid:84192113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329014)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pexels-max-rahubovskiy-6782431.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329014/; classtype:trojan-activity;sid:84192114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329015)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave25252525252525252525252525252525252525252525252520ecosystem25252525252525252525252525252525252525252525252520report252525252525252525252525252525252525252525252525202024252525252525252525252525252525252525252525252525204.1.7.pdf.lnk"; http_uri; depth:247; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329015/; classtype:trojan-activity;sid:84192115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329016)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/internetagreementenglishversion.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329016/; classtype:trojan-activity;sid:84192116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329006)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pagina_nota1_27_11_24_oald.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329006/; classtype:trojan-activity;sid:84192106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329007)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/karta-katalogowa-bcs-dvr3208q.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329007/; classtype:trojan-activity;sid:84192107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329008)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-building-supply-p42i-tc-pellet-insert-3.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329008/; classtype:trojan-activity;sid:84192108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329009)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stf-cedae.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329009/; classtype:trojan-activity;sid:84192109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329010)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/therma-fit-mens-tapered-training-pants-dlbx86.png.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329010/; classtype:trojan-activity;sid:84192110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329011)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-submissio.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329011/; classtype:trojan-activity;sid:84192111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329012)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/google-aa.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329012/; classtype:trojan-activity;sid:84192112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329000)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7095-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329000/; classtype:trojan-activity;sid:84192100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329001)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/35-1200x800.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329001/; classtype:trojan-activity;sid:84192101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329002)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo.jpeg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329002/; classtype:trojan-activity;sid:84192102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329003)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srishti-x-abhinav-3-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329003/; classtype:trojan-activity;sid:84192103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329004)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00e2cb67-3382-2b91-d6cf-804104faee28.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329004/; classtype:trojan-activity;sid:84192104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3329005)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambios-en-el-patrimonio-2018.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3329005/; classtype:trojan-activity;sid:84192105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328997)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acc-3.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328997/; classtype:trojan-activity;sid:84192097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328998)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nata-3.jpeg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328998/; classtype:trojan-activity;sid:84192098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328999)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hnh-rim.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328999/; classtype:trojan-activity;sid:84192099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328990)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2513341156480.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328990/; classtype:trojan-activity;sid:84192090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328991)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-018.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328991/; classtype:trojan-activity;sid:84192091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328992)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58295_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328992/; classtype:trojan-activity;sid:84192092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328993)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gear-shield-p-pds-8.15.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328993/; classtype:trojan-activity;sid:84192093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328994)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2021-1007-lithified-technologies-texas-announces-installation-of-first-road-in-texas.pdf.lnk"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328994/; classtype:trojan-activity;sid:84192094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328995)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duplex-icarai-0.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328995/; classtype:trojan-activity;sid:84192095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328996)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-2023-07-18t124926.076_800x.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328996/; classtype:trojan-activity;sid:84192096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328989)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12.-zips-4-port-alarm-unit-thai-translation.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328989/; classtype:trojan-activity;sid:84192089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328984)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tower-hamlets-communty-project-img-7-408x544-1.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328984/; classtype:trojan-activity;sid:84192084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328986)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp5955.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328986/; classtype:trojan-activity;sid:84192086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328987)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-12-03-at-14.03.58.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328987/; classtype:trojan-activity;sid:84192087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328988)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/003-presupuesto-planificacion-deportiva-2024.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328988/; classtype:trojan-activity;sid:84192088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328974)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-43.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328974/; classtype:trojan-activity;sid:84192074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328975)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/301-5.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328975/; classtype:trojan-activity;sid:84192075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328976)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6949-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328976/; classtype:trojan-activity;sid:84192076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328977)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rta-ciudadano-rendicion-cuentas.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328977/; classtype:trojan-activity;sid:84192077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328978)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bhagavad-gita_as_it_is.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328978/; classtype:trojan-activity;sid:84192078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328979)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplu.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328979/; classtype:trojan-activity;sid:84192079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328980)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit-210-living-room--scaled.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328980/; classtype:trojan-activity;sid:84192080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328981)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/emc100-detail-2.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328981/; classtype:trojan-activity;sid:84192081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328982)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-2-campamento.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328982/; classtype:trojan-activity;sid:84192082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328983)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kefalonija_kristi.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328983/; classtype:trojan-activity;sid:84192083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328964)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-347-2022-otorgar-facultades-de-representacion-al-procurador-publico-municipal.pdf.lnk"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328964/; classtype:trojan-activity;sid:84192064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328966)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5428b-gerberas-fond-blanc.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328966/; classtype:trojan-activity;sid:84192066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328967)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nikhil-x-pakhi-3-scaled.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328967/; classtype:trojan-activity;sid:84192067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328968)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp9257.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328968/; classtype:trojan-activity;sid:84192068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328969)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/difference-between-cialis-5-mg-and-20-mg.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328969/; classtype:trojan-activity;sid:84192069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2525252525e72525252525822525252525b92525252525e52525252525ad2525252525902525252525e42525252525ba2525252525a42525252525e625252525258d2525252525a2-2525252525e825252525258a2525252525822525252525e9252525252580252525252589.pdf.lnk"; http_uri; depth:236; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328970/; classtype:trojan-activity;sid:84192070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328971)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot_roadmap_2024_2.8.7.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328971/; classtype:trojan-activity;sid:84192071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328972)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3456-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328972/; classtype:trojan-activity;sid:84192072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328973)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328973/; classtype:trojan-activity;sid:84192073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328958)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sof-mn03plan-institucional-de-emergencia-terminal-salitre.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328958/; classtype:trojan-activity;sid:84192058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328959)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6650.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328959/; classtype:trojan-activity;sid:84192059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328960)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_soft-combed.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328960/; classtype:trojan-activity;sid:84192060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328961)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vanta_family_fr_201709_web.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328961/; classtype:trojan-activity;sid:84192061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328962)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-284-2022-declarar-la-capacidad-de-manuel-soto-manuelo-y-fiorella-sandra-ccosco-aragon.pdf.lnk"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328962/; classtype:trojan-activity;sid:84192062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328963)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cuanto-tiempo-despues-de-tomar-viagra-se-puede-tomar-alcohol.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328963/; classtype:trojan-activity;sid:84192063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328954)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20230816-wa0002-5-e1731429928674.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328954/; classtype:trojan-activity;sid:84192054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328955)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdcmx-puebla3.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328955/; classtype:trojan-activity;sid:84192055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328956)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-postulaciones-los-rios-16.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328956/; classtype:trojan-activity;sid:84192056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328957)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modern-slavery-policy-18-july-23.docx.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328957/; classtype:trojan-activity;sid:84192057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328950)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marketingmango-6.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328950/; classtype:trojan-activity;sid:84192050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328951)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59814_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328951/; classtype:trojan-activity;sid:84192051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328952)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chilled-drinks-nips.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328952/; classtype:trojan-activity;sid:84192052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328953)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/elementary-school-family-handbook-2019-2020.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328953/; classtype:trojan-activity;sid:84192053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328949)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fluke_multimetre_numeriques_fr.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328949/; classtype:trojan-activity;sid:84192049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328947)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/american-drill_2_11zon-4.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328947/; classtype:trojan-activity;sid:84192047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328948)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2015-04-25-circular-t-pepe-fagoaga.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328948/; classtype:trojan-activity;sid:84192048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328944)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/712345574634.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328944/; classtype:trojan-activity;sid:84192044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328945/; classtype:trojan-activity;sid:84192045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328946)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_aline_mini_bicolor_bag_1676798967_4d1c54b5_progressive.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328946/; classtype:trojan-activity;sid:84192046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328939)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59426_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328939/; classtype:trojan-activity;sid:84192039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328940)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328940/; classtype:trojan-activity;sid:84192040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328941)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-2.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328941/; classtype:trojan-activity;sid:84192041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328942)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-09-25-at-09.15.32.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328942/; classtype:trojan-activity;sid:84192042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328943)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paparan-lokakarya-pbd-luring-rusmanto.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328943/; classtype:trojan-activity;sid:84192043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328920)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pernambuco-tamarineira-int-layout-c-r01resultado-1.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328920/; classtype:trojan-activity;sid:84192020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328921)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59772_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328921/; classtype:trojan-activity;sid:84192021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328922)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/438078828_840484201455886_1288751158060969002_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328922/; classtype:trojan-activity;sid:84192022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328923)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wuta-100-genuine-leather-bag-strap-for-hermes-herbag-shoulder-strap-110cm-modified-replacement-short-straps.jpg.lnk"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328923/; classtype:trojan-activity;sid:84192023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328924)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6897-2.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328924/; classtype:trojan-activity;sid:84192024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328925)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-4.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328925/; classtype:trojan-activity;sid:84192025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328926)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328926/; classtype:trojan-activity;sid:84192026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328927)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-4-derecho-de-preferencia2016.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328927/; classtype:trojan-activity;sid:84192027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328928)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image12.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328928/; classtype:trojan-activity;sid:84192028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328929)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmd-tgd-3-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328929/; classtype:trojan-activity;sid:84192029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328930)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerywww.google.comcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328930/; classtype:trojan-activity;sid:84192030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328931)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17316792264b69a4a8af228fc8ec70595b40fa5230.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328931/; classtype:trojan-activity;sid:84192031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328932)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-1-2017.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328932/; classtype:trojan-activity;sid:84192032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328933)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58049_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328933/; classtype:trojan-activity;sid:84192033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328934)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/helmos-espa.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328934/; classtype:trojan-activity;sid:84192034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328935)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-32-radicado-2640552024-nombre-peticionario-jose-torres.pdf.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328935/; classtype:trojan-activity;sid:84192035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328936)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oh43.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328936/; classtype:trojan-activity;sid:84192036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328937)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kelly-gourmette-bracelet-very-small-model--120439b25252000-front-wm-2-0-0-800-800_g.jpg.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328937/; classtype:trojan-activity;sid:84192037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328938)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3315a.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328938/; classtype:trojan-activity;sid:84192038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328910)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/igk-extra-love-volume-conditioner-8oz-rig-igk-celc08-1-228x228-1.jpg.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328910/; classtype:trojan-activity;sid:84192010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328911)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731597625378d602199295d031cae00838dc97795.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328911/; classtype:trojan-activity;sid:84192011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328912)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/home-office-06.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328912/; classtype:trojan-activity;sid:84192012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328913)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rutadesastres-stgo-cartilla.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328913/; classtype:trojan-activity;sid:84192013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328914)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa02suites_venda_centro-caucaia-ce-11.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328914/; classtype:trojan-activity;sid:84192014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328915)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/post-graduate-prospectus-2023-24.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328915/; classtype:trojan-activity;sid:84192015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328916)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/klawiatura_proel_kdc-1805.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328916/; classtype:trojan-activity;sid:84192016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328917)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/relatorio-pdet-2024.2.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328917/; classtype:trojan-activity;sid:84192017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328918)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dept_psychology.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328918/; classtype:trojan-activity;sid:84192018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328919)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacarandas-103-e-col.-fuentesjpeg-14.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328919/; classtype:trojan-activity;sid:84192019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328908)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fachada-po.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328908/; classtype:trojan-activity;sid:84192008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328900)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logos-01.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328900/; classtype:trojan-activity;sid:84192000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328901)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20180526-wa0014.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328901/; classtype:trojan-activity;sid:84192001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328902)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-regulatory-compliance-guide-20241.9.5.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328902/; classtype:trojan-activity;sid:84192002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328903)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0530.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328903/; classtype:trojan-activity;sid:84192003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328904)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/conexao-digital-1-ktilqn.png.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328904/; classtype:trojan-activity;sid:84192004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328905)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59806_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328905/; classtype:trojan-activity;sid:84192005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328907)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/03laboratorios-sophia-1.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328907/; classtype:trojan-activity;sid:84192007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328894)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfin_notice-of-2024-asm_2024.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328894/; classtype:trojan-activity;sid:84191994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328895)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-api-documentation-2024-4.6.8.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328895/; classtype:trojan-activity;sid:84191995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328896)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-of-optimus-prime.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328896/; classtype:trojan-activity;sid:84191996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328897)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-api-documentation-2024-4.1.3.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328897/; classtype:trojan-activity;sid:84191997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328898)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/octinoxate-avobenzone-oxybenzone-octocrylene-zinc-oxide-lotion-1000x1000.jpg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328898/; classtype:trojan-activity;sid:84191998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328899)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-12-24-imagen-c.-piedras-negras-105-ote.-villa-de-fuente-2395000-12.jpg.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328899/; classtype:trojan-activity;sid:84191999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328892)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/declaratie-consimtamant-directia-pentru-cultura.docx.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328892/; classtype:trojan-activity;sid:84191992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328893)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1450257884_hgi_ankara_2.jpeg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328893/; classtype:trojan-activity;sid:84191993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328887)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-44.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328887/; classtype:trojan-activity;sid:84191987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328888)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pasion.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328888/; classtype:trojan-activity;sid:84191988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328889)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/louis-vuitton-horizon-sandal-shoes--aghs3gsu22_pm2_front252520view.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328889/; classtype:trojan-activity;sid:84191989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugi.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328890/; classtype:trojan-activity;sid:84191990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328891)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/original195529202312066570d1b1949e5.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328891/; classtype:trojan-activity;sid:84191991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328884)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55963_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328884/; classtype:trojan-activity;sid:84191984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328885)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-18-at-09.56.56-scaled-i8fodx.jpeg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328885/; classtype:trojan-activity;sid:84191985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328886)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_25620405_130445-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328886/; classtype:trojan-activity;sid:84191986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328881)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lume-2-1-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328881/; classtype:trojan-activity;sid:84191981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328882)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sfeerfoto-ef-0019-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328882/; classtype:trojan-activity;sid:84191982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328883)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12-1620x1080.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328883/; classtype:trojan-activity;sid:84191983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328876)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01574-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328876/; classtype:trojan-activity;sid:84191976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328877)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-60-radicado-4815862024-4815902024-nombre-peticionario-nubia-genid-guanda.pdf.lnk"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328877/; classtype:trojan-activity;sid:84191977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328878)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lista-colegios-iie.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328878/; classtype:trojan-activity;sid:84191978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328879)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20160923-wa0013.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328879/; classtype:trojan-activity;sid:84191979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328880)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunglasses-kaleos-grudet-4-squared-blue-by-kambio-eyewear-model-scaled.jpg.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328880/; classtype:trojan-activity;sid:84191980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328871)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-cropped-business-things-32x32.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328871/; classtype:trojan-activity;sid:84191971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328872)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/protocolo-para-el-servicio-de-guia-y-asistencia.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328872/; classtype:trojan-activity;sid:84191972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328873)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tarifas-2023-comunicado.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328873/; classtype:trojan-activity;sid:84191973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328874)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2012-12-birkin06.0.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328874/; classtype:trojan-activity;sid:84191974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328875)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deklaracja-2016.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328875/; classtype:trojan-activity;sid:84191975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328870)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/z4237113114451_b867c9a4984217ed5193c1ba537a5700-680x1024.jpg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328870/; classtype:trojan-activity;sid:84191970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328869)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2017-09-07_20-40-19.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328869/; classtype:trojan-activity;sid:84191969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328868)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-551.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328868/; classtype:trojan-activity;sid:84191968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328866)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-12-1200x800.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328866/; classtype:trojan-activity;sid:84191966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328867)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/visit-to-house-of-commons-img-6-725x544-1.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328867/; classtype:trojan-activity;sid:84191967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328864)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cuerpos-espacios-y-emociones_compressed.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328864/; classtype:trojan-activity;sid:84191964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328865)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zomite-neih-laisiangtho-bute-etkaakna-le-etphatna.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328865/; classtype:trojan-activity;sid:84191965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328858)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15390726_1820755311532514_3588770280112469821_n.jpeg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328858/; classtype:trojan-activity;sid:84191958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328859)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60121_15.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328859/; classtype:trojan-activity;sid:84191959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328860)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryanytile.pngcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328860/; classtype:trojan-activity;sid:84191960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328861)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.-formulario-de-solicitud-de-inscripcion-de-persona-juridica-nueva.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328861/; classtype:trojan-activity;sid:84191961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328862)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17315941123c5d20fabeca05a523fe8e0bb03a5c2b.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328862/; classtype:trojan-activity;sid:84191962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328863)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lista-de-utiles-prekinder-2024.docx.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328863/; classtype:trojan-activity;sid:84191963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328856)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sao_paulo_candidatos-6-t0ds7t.jpeg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328856/; classtype:trojan-activity;sid:84191956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328857)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-xix-trofeu-ciutat-de-lleida2.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328857/; classtype:trojan-activity;sid:84191957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328850)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-inicio-web-01.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328850/; classtype:trojan-activity;sid:84191950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328851)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.17.10.2024-per-portalin-24-25.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328851/; classtype:trojan-activity;sid:84191951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328852)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rezultate-verificare-eligibilitate.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328852/; classtype:trojan-activity;sid:84191952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328853)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56918_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328853/; classtype:trojan-activity;sid:84191953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328854)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro2003.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328854/; classtype:trojan-activity;sid:84191954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328855)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/02-manual-genero.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328855/; classtype:trojan-activity;sid:84191955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328846)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arquivo-agencia-brasilia-4-1-scaled-ozcilu.jpeg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328846/; classtype:trojan-activity;sid:84191946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328847)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_milky-taslan.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328847/; classtype:trojan-activity;sid:84191947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-48-radicado-3671262024-nombre-peticionario-anonimo.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328848/; classtype:trojan-activity;sid:84191948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328849)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-online.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328849/; classtype:trojan-activity;sid:84191949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328842)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0017.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328842/; classtype:trojan-activity;sid:84191942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328843)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgm7473-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328843/; classtype:trojan-activity;sid:84191943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328844)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8_w2000-merchandising-guide-indonesia.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328844/; classtype:trojan-activity;sid:84191944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328845)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lliga-tradicional_historic-pardinyes789.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328845/; classtype:trojan-activity;sid:84191945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328834)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/design-sem-nome-1-ojcqef.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328834/; classtype:trojan-activity;sid:84191934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328835)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-album-explora-biobio.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328835/; classtype:trojan-activity;sid:84191935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328836)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmd-tgd-1-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328836/; classtype:trojan-activity;sid:84191936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328837)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agencia-brasil-calor-sao-paulo-1500-27082021101124708-69vmvw.jpeg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328837/; classtype:trojan-activity;sid:84191937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328838)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58119_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328838/; classtype:trojan-activity;sid:84191938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328839)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carrara-200x200-1.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328839/; classtype:trojan-activity;sid:84191939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328840)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-01-26-at-21.36.59.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328840/; classtype:trojan-activity;sid:84191940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328841)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1729785997c32d0bc5a358971d37e9041cde88d19c.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328841/; classtype:trojan-activity;sid:84191941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328831)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60121_14.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328831/; classtype:trojan-activity;sid:84191931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328832)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.-15.11.2024-per-portalin-24-25.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328832/; classtype:trojan-activity;sid:84191932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328833)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1666-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328833/; classtype:trojan-activity;sid:84191933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328830)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paginaweb-nota3-170724-oald.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328830/; classtype:trojan-activity;sid:84191930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328823)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20191011_083012-min-1024x743.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328823/; classtype:trojan-activity;sid:84191923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328824)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/caroline-buy-birkin-faury.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328824/; classtype:trojan-activity;sid:84191924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328825)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cheesecake-de-chocolate-y-moras.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328825/; classtype:trojan-activity;sid:84191925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328826)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ssm-profile-2018.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328826/; classtype:trojan-activity;sid:84191926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328827)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/projectshipment-general13.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328827/; classtype:trojan-activity;sid:84191927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328828)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01-3.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328828/; classtype:trojan-activity;sid:84191928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328829)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170878_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328829/; classtype:trojan-activity;sid:84191929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328814)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/porta-folhetos-de-mesa-em-acrilico-6290.png.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328814/; classtype:trojan-activity;sid:84191914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328815)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/projectshipment-adhiheavymachinery1.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328815/; classtype:trojan-activity;sid:84191915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328816)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fullrunning-galeria-5.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328816/; classtype:trojan-activity;sid:84191916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328817)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6351.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328817/; classtype:trojan-activity;sid:84191917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-lab-1.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328818/; classtype:trojan-activity;sid:84191918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328819)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2878263_l.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328819/; classtype:trojan-activity;sid:84191919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xuong-nhom-kinh-nam-tien-window.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328820/; classtype:trojan-activity;sid:84191920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328821)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hostel-zmaj.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328821/; classtype:trojan-activity;sid:84191921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328822)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328822/; classtype:trojan-activity;sid:84191922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328811)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-31-de-diciembre-2016-pdf_.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328811/; classtype:trojan-activity;sid:84191911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328812)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alisa-tantraphol-bio-with-pic1.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328812/; classtype:trojan-activity;sid:84191912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328813)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aa04b6e8-599a-55b1-18d2-44bc22dc77fe-1.png.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328813/; classtype:trojan-activity;sid:84191913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328807)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-10-1200x800.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328807/; classtype:trojan-activity;sid:84191907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328808)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tende-classiche-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328808/; classtype:trojan-activity;sid:84191908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328809)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/institutional_distinctiveness_2022_23.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328809/; classtype:trojan-activity;sid:84191909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328810)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pexels-houzlook-com-3926542.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328810/; classtype:trojan-activity;sid:84191910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328801)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7b-400x250-1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328801/; classtype:trojan-activity;sid:84191901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328802)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/high02.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328802/; classtype:trojan-activity;sid:84191902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328803)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.edsalaryacquitancenov.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328803/; classtype:trojan-activity;sid:84191903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328804)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image_123650291-hejawy.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328804/; classtype:trojan-activity;sid:84191904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328805)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238772757_106308398432320_6212608678507245095_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328805/; classtype:trojan-activity;sid:84191905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328806)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2017-09-07_23-16-36.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328806/; classtype:trojan-activity;sid:84191906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328797)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16-1024x576.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328797/; classtype:trojan-activity;sid:84191897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328798)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bolsonaro3_evento-ktxlvs.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328798/; classtype:trojan-activity;sid:84191898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328799)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juguete-pipa-con-pelota.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328799/; classtype:trojan-activity;sid:84191899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328800)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-6.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328800/; classtype:trojan-activity;sid:84191900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328793)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56918_27.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328793/; classtype:trojan-activity;sid:84191893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328794)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-19.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328794/; classtype:trojan-activity;sid:84191894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328795)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-constance-mini-shoulder-bag-in-khaki-crocodile.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328795/; classtype:trojan-activity;sid:84191895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328796)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/addition-roof-aiding-windows-gutters-pavers-garage-door-img2.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328796/; classtype:trojan-activity;sid:84191896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328790)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryanytile.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328790/; classtype:trojan-activity;sid:84191890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328791)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-21.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328791/; classtype:trojan-activity;sid:84191891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/instructivo-1d1c-2018-rmso.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328792/; classtype:trojan-activity;sid:84191892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328789)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presentation-synthe2525252525252525252525252525252525252525cc252525252525252525252525252525252525252581tique-pj.pdf.lnk"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328789/; classtype:trojan-activity;sid:84191889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xxiii-trofeu-ciutat-de-lleida-2015.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328786/; classtype:trojan-activity;sid:84191886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zero-gravity-4-e1686217141720.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328787/; classtype:trojan-activity;sid:84191887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pm-rrss-v1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328788/; classtype:trojan-activity;sid:84191888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polvo-dream-woman-canela-set-x-12-l228101.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328781/; classtype:trojan-activity;sid:84191881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rekomendacje-diagnostyczno-terapeutyczne-w-zespole-jelita-nadwrazliwego-2018.pdf.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328782/; classtype:trojan-activity;sid:84191882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informacion-alergenos-manjares_02-1030x728.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328783/; classtype:trojan-activity;sid:84191883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/triptico-rrar.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328784/; classtype:trojan-activity;sid:84191884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2023-presupuesto-planificacion-deportiva-1-1.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328785/; classtype:trojan-activity;sid:84191885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-066.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328770/; classtype:trojan-activity;sid:84191870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190927_130711-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328771/; classtype:trojan-activity;sid:84191871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-07-06-at-13.21.43.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328772/; classtype:trojan-activity;sid:84191872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328773)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap_security_best_practices_20245.5.7.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328773/; classtype:trojan-activity;sid:84191873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/y_e3dsin-0i-hmyvxi.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328774/; classtype:trojan-activity;sid:84191874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/302-tvd_p1_depto-tecnico.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328775/; classtype:trojan-activity;sid:84191875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21669b6c-64bb-40cc-a743-638bb9f45f9f.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328776/; classtype:trojan-activity;sid:84191876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20230618-wa0015.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328777/; classtype:trojan-activity;sid:84191877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nicole_pollard_lalaluxe.jpeg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328778/; classtype:trojan-activity;sid:84191878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-travertin-9.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328779/; classtype:trojan-activity;sid:84191879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/239563742_106373755092451_1722810089890174612_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328780/; classtype:trojan-activity;sid:84191880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/880144b6-889f-665d-54a8-b560c78322e1-1.png.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328769/; classtype:trojan-activity;sid:84191869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6170-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328764/; classtype:trojan-activity;sid:84191864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/big_villa_elia_bathroom.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328765/; classtype:trojan-activity;sid:84191865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/heavy_metal_cologne_artwork_lo_res.png.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328766/; classtype:trojan-activity;sid:84191866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-7.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328767/; classtype:trojan-activity;sid:84191867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328768)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/princess-peach-coloring-page-free.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328768/; classtype:trojan-activity;sid:84191868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-sub.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328760/; classtype:trojan-activity;sid:84191860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nikhil-x-pakhi-2-min-scaled.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328761/; classtype:trojan-activity;sid:84191861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/smartie-cookie-400x400.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328762/; classtype:trojan-activity;sid:84191862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mpt-fim-desconto-folha-contribuicao-1.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328763/; classtype:trojan-activity;sid:84191863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/service-ac-bekasi-2.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328753/; classtype:trojan-activity;sid:84191853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modificacion-codigo-penal.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328754/; classtype:trojan-activity;sid:84191854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328755)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/back-view-3-1024x576.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328755/; classtype:trojan-activity;sid:84191855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328756)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/scanned-documents-2.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328756/; classtype:trojan-activity;sid:84191856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328757/; classtype:trojan-activity;sid:84191857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8_9_11zon.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328758/; classtype:trojan-activity;sid:84191858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-living-room-tv-1.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328759/; classtype:trojan-activity;sid:84191859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zvdnguspgc323unkmwvv_08_c04b715d84f986275965b59e60873660_file.pdf.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328749/; classtype:trojan-activity;sid:84191849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328750)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/portafolio-xingmedical-2024.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328750/; classtype:trojan-activity;sid:84191850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-1-1200x628.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328751/; classtype:trojan-activity;sid:84191851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1698.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328752/; classtype:trojan-activity;sid:84191852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/camscanner-04-06-2022-16.58.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328746/; classtype:trojan-activity;sid:84191846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/53352456257_e80e306669_k-qhmfp0.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328747/; classtype:trojan-activity;sid:84191847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-devel.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328748/; classtype:trojan-activity;sid:84191848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-tundra-6.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328745/; classtype:trojan-activity;sid:84191845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11.-protocolo-vulneracion-de-derechos.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328742/; classtype:trojan-activity;sid:84191842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/27197_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328743/; classtype:trojan-activity;sid:84191843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/samsung-11kg-ai-control-front-load-washing-machine-ww11cg604dlb-3.png.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328744/; classtype:trojan-activity;sid:84191844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afaceri-felso-setany.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328735/; classtype:trojan-activity;sid:84191835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-10.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328736/; classtype:trojan-activity;sid:84191836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/optimus-prime-coloring-pages.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328737/; classtype:trojan-activity;sid:84191837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328738)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2.scholarships-1_1_11zon.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328738/; classtype:trojan-activity;sid:84191838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328739)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standee-hoi-cho-6.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328739/; classtype:trojan-activity;sid:84191839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328740)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4059cf09-d0ba-385d-7bbb-381c997280c2.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328740/; classtype:trojan-activity;sid:84191840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328741)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1022-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328741/; classtype:trojan-activity;sid:84191841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1712111418967.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328730/; classtype:trojan-activity;sid:84191830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328731)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-allback-backpack--083582ckaa-worn-1-0-0-1000-1000_g.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328731/; classtype:trojan-activity;sid:84191831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328732)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-11-1199x800.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328732/; classtype:trojan-activity;sid:84191832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5085-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328733/; classtype:trojan-activity;sid:84191833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/608_ttsa_cambios-en-el-patrimonio_dic2020.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328734/; classtype:trojan-activity;sid:84191834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/392764933_900751121775249_2961701548563232424_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328724/; classtype:trojan-activity;sid:84191824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/41zwghbvm1s.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328725/; classtype:trojan-activity;sid:84191825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328726)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fybcom-sem-ii-prospectus.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328726/; classtype:trojan-activity;sid:84191826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance_coin_ecosystem_report_2024_3.5.1.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328727/; classtype:trojan-activity;sid:84191827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56295_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328728/; classtype:trojan-activity;sid:84191828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_11.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328729/; classtype:trojan-activity;sid:84191829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/june-to-august-2020_gmail-pal.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328719/; classtype:trojan-activity;sid:84191819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aulas3.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328720/; classtype:trojan-activity;sid:84191820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4943-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328721/; classtype:trojan-activity;sid:84191821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/princess-peach-coloring-page.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328722/; classtype:trojan-activity;sid:84191822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328723)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-regulatory-compliance-guide-2024-5-7-6.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328723/; classtype:trojan-activity;sid:84191823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/etyeki-furdoszobaszalon-5-1.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328718/; classtype:trojan-activity;sid:84191818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/astrum-location-map.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328716/; classtype:trojan-activity;sid:84191816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328717)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/173153139261c4c54eba059974fc26414941251868.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328717/; classtype:trojan-activity;sid:84191817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328712)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/smile-amazon.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328712/; classtype:trojan-activity;sid:84191812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328713)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pais-ficam-chocados-apos-filha-voltar-da-escola-sem-calcas-2-4rov9m.jpeg.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328713/; classtype:trojan-activity;sid:84191813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7759-4500-x-3000-2250-x-1500.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328714/; classtype:trojan-activity;sid:84191814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nisperos.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328715/; classtype:trojan-activity;sid:84191815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agua-micelar-bioderma-foto-de-capa.png.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328707/; classtype:trojan-activity;sid:84191807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328708)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spring-update-2024.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328708/; classtype:trojan-activity;sid:84191808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328709)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/revised-course-structure-msc.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328709/; classtype:trojan-activity;sid:84191809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328710)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vanitacasa_starlight-3.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328710/; classtype:trojan-activity;sid:84191810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328711)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-770-2022-reconocer-la-condicion-de-trabajador-permanente-de-la-mdc-a-la-servidora-publica-elizabeth-jenneferd-quispe-hachircana.pdf.lnk"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328711/; classtype:trojan-activity;sid:84191811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328704)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-05-28-at-10.37.06-am.png.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328704/; classtype:trojan-activity;sid:84191804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328705)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wildwood-e1474907937620.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328705/; classtype:trojan-activity;sid:84191805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328706)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.png.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328706/; classtype:trojan-activity;sid:84191806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328700)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01906-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328700/; classtype:trojan-activity;sid:84191800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328701)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112198291816.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328701/; classtype:trojan-activity;sid:84191801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328702)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/concurso-pintura-20151.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328702/; classtype:trojan-activity;sid:84191802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328703)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cf3c496d-2316-653d-d29b-7172cc2dadb8.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328703/; classtype:trojan-activity;sid:84191803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clinical-study-02.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328693/; classtype:trojan-activity;sid:84191793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328694)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171258c-kim-jones-x-converse-chuck-70-high-natural-ivory-grailify-1.jpg.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328694/; classtype:trojan-activity;sid:84191794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328695)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/an4.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328695/; classtype:trojan-activity;sid:84191795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328696)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery-img3.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328696/; classtype:trojan-activity;sid:84191796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328697)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51357_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328697/; classtype:trojan-activity;sid:84191797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328698)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ikmskpd-triwulan-5.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328698/; classtype:trojan-activity;sid:84191798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328699)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0671.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328699/; classtype:trojan-activity;sid:84191799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328691)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0416-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328691/; classtype:trojan-activity;sid:84191791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328692)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capa-55-scaled-h7w8sl.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328692/; classtype:trojan-activity;sid:84191792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328684)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tv-55-.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328684/; classtype:trojan-activity;sid:84191784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328685)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-385.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328685/; classtype:trojan-activity;sid:84191785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328686)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/funci2525252525252525252525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525252525252525252525b3nfiscal-2.png.lnk"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328686/; classtype:trojan-activity;sid:84191786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328687)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0a60cfd3-9aa4-98a6-c81a-4550a61bf814.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328687/; classtype:trojan-activity;sid:84191787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328688)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j4a4739-scaled.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328688/; classtype:trojan-activity;sid:84191788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328689)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4776-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328689/; classtype:trojan-activity;sid:84191789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328690)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20210901_090005.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328690/; classtype:trojan-activity;sid:84191790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328680)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/regulamentul-masurilor-metodologice-organizatorice-termenele-si-circulatia-proiectelor-de-dispozitii-ale-autoritatii-executive.pdf.lnk"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328680/; classtype:trojan-activity;sid:84191780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328681)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328681/; classtype:trojan-activity;sid:84191781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328682)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/live-05-28abril2021-2.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328682/; classtype:trojan-activity;sid:84191782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328683)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp5946.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328683/; classtype:trojan-activity;sid:84191783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328678)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5c00c784-39de-4ce7-a920-91798f270709-e1731931541904-i0zoha.jpeg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328678/; classtype:trojan-activity;sid:84191778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328679)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/braces-header-small.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328679/; classtype:trojan-activity;sid:84191779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328672)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20160406_111924.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328672/; classtype:trojan-activity;sid:84191772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328673)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/105.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328673/; classtype:trojan-activity;sid:84191773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328674)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/249.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328674/; classtype:trojan-activity;sid:84191774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flamingo_villa_apartman_sauna.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328675/; classtype:trojan-activity;sid:84191775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328676)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/62150_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328676/; classtype:trojan-activity;sid:84191776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328677)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238875488_106313468431813_7856116964321025469_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328677/; classtype:trojan-activity;sid:84191777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328669)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328669/; classtype:trojan-activity;sid:84191769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328670)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fitness-5.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328670/; classtype:trojan-activity;sid:84191770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328671)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/air-max-ngo-2.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328671/; classtype:trojan-activity;sid:84191771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0795-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328665/; classtype:trojan-activity;sid:84191765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328666)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/explora_me252525252525252525252525252525cc25252525252525252525252525252581todo-cienti252525252525252525252525252525cc25252525252525252525252525252581fico_mv.pdf.lnk"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328666/; classtype:trojan-activity;sid:84191766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328667)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328667/; classtype:trojan-activity;sid:84191767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328668)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/39_veggie-bowl-3_4_retouch-min-1.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328668/; classtype:trojan-activity;sid:84191768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sige-pag-web_torre-alacena-inf.-plus-sige.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328662/; classtype:trojan-activity;sid:84191762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/678403238902_ruou-johnnie-walker-18-nam.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328663/; classtype:trojan-activity;sid:84191763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flujo-de-efectivo-2012.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328664/; classtype:trojan-activity;sid:84191764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libroresumenescongreso2022.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328653/; classtype:trojan-activity;sid:84191753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acidente-porsche-1-600x400-1.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328654/; classtype:trojan-activity;sid:84191754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-ecosystem-report-2024-1-6-5.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328655/; classtype:trojan-activity;sid:84191755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nignyhoxutejvsmij4coitahilzm6elnthoiq9k0.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328656/; classtype:trojan-activity;sid:84191756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-03-10-at-23.03.43-1-scaled.jpeg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328657/; classtype:trojan-activity;sid:84191757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/07ddc7cb4eb6110da897f24434b3b17c.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328658/; classtype:trojan-activity;sid:84191758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kuppel-gewaechshaeus-9.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328659/; classtype:trojan-activity;sid:84191759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informaci252525252525252525252525252525252525c325252525252525252525252525252525252593n-proceso-de-admisi252525252525252525252525252525252525c325252525252525252525252525252525252593n-cupo-explora-unesco-2025-1.pdf.lnk"; http_uri; depth:227; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328660/; classtype:trojan-activity;sid:84191760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/edital_rt_65_tematica_provas_digitais.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328649/; classtype:trojan-activity;sid:84191749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp8628.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328650/; classtype:trojan-activity;sid:84191750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-2.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328651/; classtype:trojan-activity;sid:84191751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryconvocatorian.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328652/; classtype:trojan-activity;sid:84191752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/763-sf-dark-charm-min-min-scaled.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328645/; classtype:trojan-activity;sid:84191745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170091_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328646/; classtype:trojan-activity;sid:84191746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/24.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328647/; classtype:trojan-activity;sid:84191747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ea87d368-7e8d-b7b0-8b08-994f78550ae7.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328648/; classtype:trojan-activity;sid:84191748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-14-at-21.09.18-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328640/; classtype:trojan-activity;sid:84191740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-terminal-de-trasnporte-mayo-2024.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328641/; classtype:trojan-activity;sid:84191741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-30-4000has-sector-entre-guerrero-y-santa-monica-4000has-13.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328642/; classtype:trojan-activity;sid:84191742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1981.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328643/; classtype:trojan-activity;sid:84191743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-hut-10-kelly-green.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328644/; classtype:trojan-activity;sid:84191744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57201_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328636/; classtype:trojan-activity;sid:84191736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/co2-system-cylinder-valve-assembly.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328637/; classtype:trojan-activity;sid:84191737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hostel-karadjordje8.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328638/; classtype:trojan-activity;sid:84191738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spirulina-gamma-scan.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328639/; classtype:trojan-activity;sid:84191739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-21-at-14.18.03.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328633/; classtype:trojan-activity;sid:84191733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/607_ttsa_resultado_dic2020.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328634/; classtype:trojan-activity;sid:84191734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politicas-y-procedimientos-de-proteccion-de-datos-personales-de-euroamerican-1-1.pdf.lnk"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328635/; classtype:trojan-activity;sid:84191735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guia-cambio-climatico_final.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328631/; classtype:trojan-activity;sid:84191731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/may-2020_digital-poster-making.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328632/; classtype:trojan-activity;sid:84191732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img4.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328629/; classtype:trojan-activity;sid:84191729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01780-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328630/; classtype:trojan-activity;sid:84191730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/schnell-automatic-stirrup-bender-formula-14-sapiens.png.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328625/; classtype:trojan-activity;sid:84191725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/261.pdf.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328626/; classtype:trojan-activity;sid:84191726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diary_2022_website.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328627/; classtype:trojan-activity;sid:84191727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/242756052_2975915225866119_7215513324326658144_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328623/; classtype:trojan-activity;sid:84191723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m.com_.programme_outcome.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328624/; classtype:trojan-activity;sid:84191724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/home-office-02.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328615/; classtype:trojan-activity;sid:84191715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328616)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/macaslang.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328616/; classtype:trojan-activity;sid:84191716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bepink-company-profile-2023.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328617/; classtype:trojan-activity;sid:84191717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-07-at-19.58.31_06017811-768x1024.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328618/; classtype:trojan-activity;sid:84191718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-submission-e2.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328619/; classtype:trojan-activity;sid:84191719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11.-zips-single-port-alarm-unit-english.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328620/; classtype:trojan-activity;sid:84191720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-4.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328621/; classtype:trojan-activity;sid:84191721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/live-05-28abril2021-6.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328622/; classtype:trojan-activity;sid:84191722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/optimus-prime-truck-coloring-page.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328609/; classtype:trojan-activity;sid:84191709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/declaratie-scoatere-din-evidenta-auto-pf-pj.doc.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328610/; classtype:trojan-activity;sid:84191710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/weinstndronshot-gosolarpower-solar-panels-palm-beach-boynton-beach-1.png.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328611/; classtype:trojan-activity;sid:84191711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sne-tache-3.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328612/; classtype:trojan-activity;sid:84191712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/who-makes-the-worlds-most-expensive-handbag-1-jpg.webp.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328613/; classtype:trojan-activity;sid:84191713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4.-ideacion-consumacion-e-intento-de-suicidio.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328614/; classtype:trojan-activity;sid:84191714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8421-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328606/; classtype:trojan-activity;sid:84191706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/poupec-allure-int-apt-cam-01-r02resultado-1.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328607/; classtype:trojan-activity;sid:84191707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tutti-twilly-d-hermes-eau-de-parfum--110826v0-worn-2-0-0-1000-1000_g.jpg.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328608/; classtype:trojan-activity;sid:84191708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/113231940073.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328603/; classtype:trojan-activity;sid:84191703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9301s-l-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328604/; classtype:trojan-activity;sid:84191704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731447405cc3feb082bdc01cfdf365d1e0d3029e0.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328605/; classtype:trojan-activity;sid:84191705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/653_resultado-marzo-2021_0.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328597/; classtype:trojan-activity;sid:84191697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/streszczenie_pracy_doktorskiej_lek_agnieszka_sieczkowska.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328598/; classtype:trojan-activity;sid:84191698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/radiografia-de-mastoides.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328599/; classtype:trojan-activity;sid:84191699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ted_final-cut-1.mp4.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328600/; classtype:trojan-activity;sid:84191700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cronograma-2.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328601/; classtype:trojan-activity;sid:84191701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/yhmcyth6kvhgdc433m6wpsql5y.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328602/; classtype:trojan-activity;sid:84191702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/33e94da2c542744e5f3405fb494dcfab.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328594/; classtype:trojan-activity;sid:84191694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cities-of-tomorrow-2024-oradea.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328595/; classtype:trojan-activity;sid:84191695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/88-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328596/; classtype:trojan-activity;sid:84191696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oks-464-msds.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328591/; classtype:trojan-activity;sid:84191691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/86256b.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328592/; classtype:trojan-activity;sid:84191692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-03-06-at-22.54.53.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328593/; classtype:trojan-activity;sid:84191693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.42.20-2-1024x1024.jpeg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328588/; classtype:trojan-activity;sid:84191688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lightning-mcqueen-color-page.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328589/; classtype:trojan-activity;sid:84191689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7731-14_aprueba_bases_tecnologias_que_cambiaron_el_mundo.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328590/; classtype:trojan-activity;sid:84191690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/playera-nike-2.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328584/; classtype:trojan-activity;sid:84191684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mikolajki-1.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328585/; classtype:trojan-activity;sid:84191685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shallipopi_-_free_service.mp3.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328586/; classtype:trojan-activity;sid:84191686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bwk-sat-1-332-1.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328587/; classtype:trojan-activity;sid:84191687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/245110491_3040022849455356_8440628558795082494_n-1024x1024.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328579/; classtype:trojan-activity;sid:84191679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/avvistamento-delfini.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328580/; classtype:trojan-activity;sid:84191680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/air-max-ngo.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328581/; classtype:trojan-activity;sid:84191681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/251991-461x1024.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328582/; classtype:trojan-activity;sid:84191682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/visit-to-khoj-museum_828790106713227264_n.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328583/; classtype:trojan-activity;sid:84191683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2.chichen-itza-mexico.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328575/; classtype:trojan-activity;sid:84191675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the_sf_skyline.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328576/; classtype:trojan-activity;sid:84191676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/armario-firenze-40x2050x61-con-2-cajones-con-5-perchas.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328577/; classtype:trojan-activity;sid:84191677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-fap-decomore-burkolattal-9.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328578/; classtype:trojan-activity;sid:84191678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47103376894_f045a425cb_o-2iuqls.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328571/; classtype:trojan-activity;sid:84191671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/frame-2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328572/; classtype:trojan-activity;sid:84191672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-deve.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328573/; classtype:trojan-activity;sid:84191673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/af7f86b0-f1fe-475b-9905-a19a9baa0b3c.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328574/; classtype:trojan-activity;sid:84191674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1000073563.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328569/; classtype:trojan-activity;sid:84191669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56235_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328570/; classtype:trojan-activity;sid:84191670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/417452806_965299795320381_4504497064540550010_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328562/; classtype:trojan-activity;sid:84191662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56973_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328563/; classtype:trojan-activity;sid:84191663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sprawozdanie2015.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328564/; classtype:trojan-activity;sid:84191664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img20220622090502-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328565/; classtype:trojan-activity;sid:84191665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dar-al-najm_product-catalogue-1.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328566/; classtype:trojan-activity;sid:84191666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/twitter_-it_s-what_s-happening_.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328567/; classtype:trojan-activity;sid:84191667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2.-mezcladora-de-concreto-1-bulto-ft.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328568/; classtype:trojan-activity;sid:84191668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6677.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328556/; classtype:trojan-activity;sid:84191656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/66-3.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328557/; classtype:trojan-activity;sid:84191657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-11-21-at-10.48.21-2.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328558/; classtype:trojan-activity;sid:84191658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/basespipe-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328559/; classtype:trojan-activity;sid:84191659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-campamento-2022.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328560/; classtype:trojan-activity;sid:84191660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54153648398_4ff91ab3c9_k-e1732146238716-slujie.jpeg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328561/; classtype:trojan-activity;sid:84191661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4d6bdfcd-a0c2-4f1b-9352-6cf5ed548bac-1024x576.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328554/; classtype:trojan-activity;sid:84191654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55963_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328555/; classtype:trojan-activity;sid:84191655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2017-09-07_20-35-02.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328553/; classtype:trojan-activity;sid:84191653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/haiti-eco-1.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328543/; classtype:trojan-activity;sid:84191643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328544)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acordao-do-pleno.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328544/; classtype:trojan-activity;sid:84191644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328545)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-63-radicado-5091502024-nombre-peticionario-rosalba-moreno-machado.pdf.lnk"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328545/; classtype:trojan-activity;sid:84191645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56295_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328546/; classtype:trojan-activity;sid:84191646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/841873620220806-1-bxuehe.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328547/; classtype:trojan-activity;sid:84191647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17314455247a4e70556fc70192cf3edbfc7308cd8c.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328548/; classtype:trojan-activity;sid:84191648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-min.jpg4545454-min-1-scaled.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328549/; classtype:trojan-activity;sid:84191649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/45.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328550/; classtype:trojan-activity;sid:84191650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-ben-1-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328551/; classtype:trojan-activity;sid:84191651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rex-140-adjudica-concurso-par-1.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328552/; classtype:trojan-activity;sid:84191652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunline-spec-sheet-for-wind-devil-2.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328539/; classtype:trojan-activity;sid:84191639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-investigaci2525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525b3n-e-innovaci2525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525b3n-escolar-2024.pdf.lnk"; http_uri; depth:254; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328540/; classtype:trojan-activity;sid:84191640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8.8.-directorio-de-contratistas-trimestre-iv-2023.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328541/; classtype:trojan-activity;sid:84191641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5.cumbre-alto-surini-peru.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328542/; classtype:trojan-activity;sid:84191642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/curriculum-vitae-vectar.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328531/; classtype:trojan-activity;sid:84191631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328532)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0586.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328532/; classtype:trojan-activity;sid:84191632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-cropped-business-things-192x192.png.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328534/; classtype:trojan-activity;sid:84191634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aakanksha-x-vivek-14.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328535/; classtype:trojan-activity;sid:84191635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328536)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-de-la-3a-etapa-de-la-copa-pirineos.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328536/; classtype:trojan-activity;sid:84191636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328537)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-tip-solicitari-diverse-compartiment-patrimoniu-si-asociatii-de-proprietari.pdf.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328537/; classtype:trojan-activity;sid:84191637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328538)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ficha-tecnica-rojo-hd.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328538/; classtype:trojan-activity;sid:84191638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328530)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ovc-color-web-logo-ohio-valley-conference-1024x668-1024x668.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328530/; classtype:trojan-activity;sid:84191630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/neurosurgery.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328529/; classtype:trojan-activity;sid:84191629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-tundra-5.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328523/; classtype:trojan-activity;sid:84191623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/underwater-grass-for-aquarium-eleocharis-pusilla-eleocharis-parvula-or-hairgrass-7-e1516038923774.jpg.lnk"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328524/; classtype:trojan-activity;sid:84191624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328525)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-explorines-preescolar-a-4to-basico-2.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328525/; classtype:trojan-activity;sid:84191625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/colombian-cocaine-buy-drugs-online-cocaine-mdma-heroin-crystal-meth-signal-idbestonlinechems.07-copy.jpeg.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328526/; classtype:trojan-activity;sid:84191626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tether-community-guidelines-2024-4.6.3.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328527/; classtype:trojan-activity;sid:84191627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a01_771-117.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328528/; classtype:trojan-activity;sid:84191628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_valextra.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328521/; classtype:trojan-activity;sid:84191621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-345.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328522/; classtype:trojan-activity;sid:84191622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/les-jardins-partages-20-ans-2.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328515/; classtype:trojan-activity;sid:84191615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eb00585075.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328516/; classtype:trojan-activity;sid:84191616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tc-tipis_1_11zon-1.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328517/; classtype:trojan-activity;sid:84191617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imagpost.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328518/; classtype:trojan-activity;sid:84191618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20160618_174316-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328519/; classtype:trojan-activity;sid:84191619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/instrukcja-uzytkowania-i-montazu-1013bq.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328520/; classtype:trojan-activity;sid:84191620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-jend.-sudirman-temanggung.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328506/; classtype:trojan-activity;sid:84191606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1818.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328508/; classtype:trojan-activity;sid:84191608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1039.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328509/; classtype:trojan-activity;sid:84191609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/himanshu-x-yogita-10-scaled.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328510/; classtype:trojan-activity;sid:84191610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8.-ws2-integrated-charging-exposed-cable-zw1002-indonesia.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328511/; classtype:trojan-activity;sid:84191611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20201102_150220.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328512/; classtype:trojan-activity;sid:84191612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kwebn.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328513/; classtype:trojan-activity;sid:84191613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328503)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1466-wr.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328503/; classtype:trojan-activity;sid:84191603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/decreto-1047-de-14-de-agosto-de-2024.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328504/; classtype:trojan-activity;sid:84191604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328505)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-travertin-8.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328505/; classtype:trojan-activity;sid:84191605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328493)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zhenshchiny.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328493/; classtype:trojan-activity;sid:84191593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328494)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16fb580e-67d7-8c5f-b24e-acf55d660784.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328494/; classtype:trojan-activity;sid:84191594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328495)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-dev.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:236; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328495/; classtype:trojan-activity;sid:84191595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328496)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7753-533x800.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328496/; classtype:trojan-activity;sid:84191596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328497)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_9n_bar.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328497/; classtype:trojan-activity;sid:84191597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328498)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp6647.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328498/; classtype:trojan-activity;sid:84191598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328499)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-regulatory-compliance-guide-20242.2.1.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328499/; classtype:trojan-activity;sid:84191599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328500)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-black-geta-shoulder-bag-in-black-chevre-mysore-with-gold-hardware.jpeg.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328500/; classtype:trojan-activity;sid:84191600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328501)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pos_ba.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328501/; classtype:trojan-activity;sid:84191601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328502)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20170203-wa0018.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328502/; classtype:trojan-activity;sid:84191602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328490)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1823.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328490/; classtype:trojan-activity;sid:84191590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328492)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/png-clipart-sneakers-shoe-footwear-puma-sportswear-michael-jordan-miscellaneous-purple.png.lnk"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328492/; classtype:trojan-activity;sid:84191592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a0194053.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328489/; classtype:trojan-activity;sid:84191589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328488)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/391619314_2277607795765709_3028509983299016635_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328488/; classtype:trojan-activity;sid:84191588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328484)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-0036-1589222.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328484/; classtype:trojan-activity;sid:84191584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328485)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presentacion-pe-en-la-pagina-de-la-terminal_2018.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328485/; classtype:trojan-activity;sid:84191585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328486)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-30-4000has-sector-entre-guerrero-y-santa-monica-4000has-10.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328486/; classtype:trojan-activity;sid:84191586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328487)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/himanshu-x-yogita-8.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328487/; classtype:trojan-activity;sid:84191587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328481)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4.jpeg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328481/; classtype:trojan-activity;sid:84191581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328482)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/verb-moringa-jojoba-oil-1oz-rve-ver-lmjo01-228x228-1.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328482/; classtype:trojan-activity;sid:84191582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328483)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/big_villa_elia_olive_tree_night.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328483/; classtype:trojan-activity;sid:84191583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328474)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/backdrop-chia-tay-5.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328474/; classtype:trojan-activity;sid:84191574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328475)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sig-p320-compact.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328475/; classtype:trojan-activity;sid:84191575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328476)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_backpack_01.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328476/; classtype:trojan-activity;sid:84191576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328477)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:194; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328477/; classtype:trojan-activity;sid:84191577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328478)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-marvel-onyx-6-scaled.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328478/; classtype:trojan-activity;sid:84191578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328479)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/302-tvd_p2_depto-tecnico2.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328479/; classtype:trojan-activity;sid:84191579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328480)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60130_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328480/; classtype:trojan-activity;sid:84191580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328469)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afiche-feriacienciauv.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328469/; classtype:trojan-activity;sid:84191569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328470)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-tundra-13.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328470/; classtype:trojan-activity;sid:84191570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328471)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1667.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328471/; classtype:trojan-activity;sid:84191571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328472)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/new-denajee-aloe-protein-shampoo.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328472/; classtype:trojan-activity;sid:84191572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328473)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/course-structure-dept-of-economics-12-2022.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328473/; classtype:trojan-activity;sid:84191573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328466)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uklele.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328466/; classtype:trojan-activity;sid:84191566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328467)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2713341156480.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328467/; classtype:trojan-activity;sid:84191567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328468)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112356858125.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328468/; classtype:trojan-activity;sid:84191568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328463)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20341.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328463/; classtype:trojan-activity;sid:84191563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328464)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guia-de-tributacao-cardano-20241.6.2.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328464/; classtype:trojan-activity;sid:84191564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328465)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum-ecosystem-report-20243.6.2.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328465/; classtype:trojan-activity;sid:84191565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328459)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6361.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328459/; classtype:trojan-activity;sid:84191559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328460)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cesco_2.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328460/; classtype:trojan-activity;sid:84191560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328461)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arabika-3.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328461/; classtype:trojan-activity;sid:84191561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328462)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/printable-princess-peach-coloring-pages.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328462/; classtype:trojan-activity;sid:84191562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328452)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polityka-prywatnosci-strony-internetowej.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328452/; classtype:trojan-activity;sid:84191552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328453)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02904.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328453/; classtype:trojan-activity;sid:84191553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328454)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/laporan-analisa-makanan-2021.jpeg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328454/; classtype:trojan-activity;sid:84191554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328455)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_soluciones_para_el_futuro_2017.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328455/; classtype:trojan-activity;sid:84191555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328456)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/67b794cd35c2f01476520d70166a019c.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328456/; classtype:trojan-activity;sid:84191556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328457)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/07-rema-ozeba-bazemack.com_.mp3.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328457/; classtype:trojan-activity;sid:84191557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328458)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-060.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328458/; classtype:trojan-activity;sid:84191558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328448)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/line_album_1-bed-plus-bp1-34-sq.m_230119_4.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328448/; classtype:trojan-activity;sid:84191548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328449)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryconvocatorian.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:239; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328449/; classtype:trojan-activity;sid:84191549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328450)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zim20240531001-e1732057847442-qaznld.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328450/; classtype:trojan-activity;sid:84191550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328451)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-398.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328451/; classtype:trojan-activity;sid:84191551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328447)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryangled_bottom_up_roller_specs.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328447/; classtype:trojan-activity;sid:84191547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/top-load-washer-wa80cg4240bwnq-1.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328441/; classtype:trojan-activity;sid:84191541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328442)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ab1a482f-d64c-f93b-147d-e8945a312ca3.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328442/; classtype:trojan-activity;sid:84191542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328443)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01ley29090.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328443/; classtype:trojan-activity;sid:84191543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328444)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/muffinbreak_342744_regular_cup_cappucino.png.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328444/; classtype:trojan-activity;sid:84191544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328445)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170739_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328445/; classtype:trojan-activity;sid:84191545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328446)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8a92f9d7-d266-4da9-a801-a0e9a96c4939.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328446/; classtype:trojan-activity;sid:84191546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328437)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0142.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328437/; classtype:trojan-activity;sid:84191537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328438)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9778-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328438/; classtype:trojan-activity;sid:84191538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328439)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/versace-pour-femme-dylan-blue-eau-de-parfum-100ml-edp-spray.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328439/; classtype:trojan-activity;sid:84191539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328440)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/omega-3-500-capsule-yam-nutrition.png.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328440/; classtype:trojan-activity;sid:84191540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328432)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328432/; classtype:trojan-activity;sid:84191532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328433)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flora-and-vegetation-of-wadi-zaza-2003_compressed.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328433/; classtype:trojan-activity;sid:84191533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328434)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mutation.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328434/; classtype:trojan-activity;sid:84191534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328435)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/front.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328435/; classtype:trojan-activity;sid:84191535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328436)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seleccionados-iie-2022.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328436/; classtype:trojan-activity;sid:84191536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328426)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/240574-1_20hermes_20kelly_20gourmette_20bracelet_2018k_20rose_20gold_20with_20diamonds_20very_20small_2d_0002_336x336.jpg.lnk"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328426/; classtype:trojan-activity;sid:84191526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328427)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-08-at-13.18.05_7d21767d.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328427/; classtype:trojan-activity;sid:84191527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20171025_155118-m2525252525252525252525252525c32525252525252525252525252525a1solata.jpg.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328428/; classtype:trojan-activity;sid:84191528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328429)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/honeycomb_skylight_outside_mount_specs.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328429/; classtype:trojan-activity;sid:84191529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328430)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_milano.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328430/; classtype:trojan-activity;sid:84191530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328431)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0256.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328431/; classtype:trojan-activity;sid:84191531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328423)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20221108_133401-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328423/; classtype:trojan-activity;sid:84191523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328424)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mirabol-protein-94-750g-280x280-1.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328424/; classtype:trojan-activity;sid:84191524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328425)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-dkn812.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328425/; classtype:trojan-activity;sid:84191525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328412)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59806_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328412/; classtype:trojan-activity;sid:84191512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328413)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mission-news-tedim-4th-qtr-2023.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328413/; classtype:trojan-activity;sid:84191513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328414)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/legalitas11.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328414/; classtype:trojan-activity;sid:84191514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328415)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/algorand-risk-assessment-report-2024-4.1.9.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328415/; classtype:trojan-activity;sid:84191515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328417)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/haiti-eco-2.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328417/; classtype:trojan-activity;sid:84191517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328418)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coolbell-8.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328418/; classtype:trojan-activity;sid:84191518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328419)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/052.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328419/; classtype:trojan-activity;sid:84191519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328420)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47-725x544-1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328420/; classtype:trojan-activity;sid:84191520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/products.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328421/; classtype:trojan-activity;sid:84191521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328422)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zoology.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328422/; classtype:trojan-activity;sid:84191522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328409)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57127_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328409/; classtype:trojan-activity;sid:84191509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328410)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/silvas-2094.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328410/; classtype:trojan-activity;sid:84191510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328411)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/30e82579-0bcb-6ed5-4e58-cee069b980d5.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328411/; classtype:trojan-activity;sid:84191511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328408)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-integral-junio-2024.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328408/; classtype:trojan-activity;sid:84191508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328406)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/suswa-women-pic-2.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328406/; classtype:trojan-activity;sid:84191506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328407)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vagas-para-o-dia-13-de-novembro-de-2024-clique-aqui-2.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328407/; classtype:trojan-activity;sid:84191507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328405)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imagenes-presenciales-1.png.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328405/; classtype:trojan-activity;sid:84191505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328397)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/notas-estados-financieros-31-de-diciembre-2016.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328397/; classtype:trojan-activity;sid:84191497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328398)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-final-auditoria-de-regularidad-pad-2020.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328398/; classtype:trojan-activity;sid:84191498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328399)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img5.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328399/; classtype:trojan-activity;sid:84191499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328400)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/notas-estados-financieros-2017-ttb.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328400/; classtype:trojan-activity;sid:84191500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328401)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-pimiento-aristotle.pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328401/; classtype:trojan-activity;sid:84191501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328402)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/res_ex_n2525252525252525252525252525c22525252525252525252525252525b0110_2023_apr_ins_rend_sctci.pdf.lnk"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328402/; classtype:trojan-activity;sid:84191502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328403)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mario-kart-color-page.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328403/; classtype:trojan-activity;sid:84191503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328404)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/planimetria-b-2.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328404/; classtype:trojan-activity;sid:84191504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328392)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328392/; classtype:trojan-activity;sid:84191492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328393)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-22-radicado-2332292024-nombre-peticionario-jesner-ivan-barragan.pdf.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328393/; classtype:trojan-activity;sid:84191493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328394)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boitier-porte-2.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328394/; classtype:trojan-activity;sid:84191494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328395)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img1.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328395/; classtype:trojan-activity;sid:84191495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328396)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47479_10.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328396/; classtype:trojan-activity;sid:84191496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328386)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/instrukcja-montazu-4020fb-4020fw-4030f-4050fw.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328386/; classtype:trojan-activity;sid:84191486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328387)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/540-direccion-de-recursos-tecnologicos.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328387/; classtype:trojan-activity;sid:84191487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328388)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-seminario-eds-agosto-2015.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328388/; classtype:trojan-activity;sid:84191488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328390)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/remik-pharma-fdfs-ampoules.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328390/; classtype:trojan-activity;sid:84191490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328391)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-7.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328391/; classtype:trojan-activity;sid:84191491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-audit-report-2024-2.1.8.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328383/; classtype:trojan-activity;sid:84191483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328384)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312111418945.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328384/; classtype:trojan-activity;sid:84191484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328385)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_35.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328385/; classtype:trojan-activity;sid:84191485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328377)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60253_box2_v39_1.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328377/; classtype:trojan-activity;sid:84191477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328378)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ttsa-info_empalme_gestion_y_desempeno_institucional.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328378/; classtype:trojan-activity;sid:84191478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/staff-parties-img-8-408x544-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328380/; classtype:trojan-activity;sid:84191480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clinical-study-01.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328381/; classtype:trojan-activity;sid:84191481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328382)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monerostakingguide20241.7.2.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328382/; classtype:trojan-activity;sid:84191482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328373)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10-3.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328373/; classtype:trojan-activity;sid:84191473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328374)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bhagavad-gita-by-sri-swami-sivananda.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328374/; classtype:trojan-activity;sid:84191474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328375)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/laboratory-oven2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252c-xu-series.pdf.lnk"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328375/; classtype:trojan-activity;sid:84191475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328376)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resoluci2525252525252525252525252525252525252525c32525252525252525252525252525252525252525b3n-admisibilidad-par-explora-2025-2026-1.pdf.lnk"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328376/; classtype:trojan-activity;sid:84191476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328370)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17315941226395c34b9a469f10a54725a3d3a2151c.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328370/; classtype:trojan-activity;sid:84191470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328371)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zomi-cover1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328371/; classtype:trojan-activity;sid:84191471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328372)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d185d0bed182d0b5d0bb.png.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328372/; classtype:trojan-activity;sid:84191472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328366)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s2104102219471_01.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328366/; classtype:trojan-activity;sid:84191466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328367)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-54-radicado-4253692024-nombre-peticionario-anonimo-1.pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328367/; classtype:trojan-activity;sid:84191467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328368)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mzf_4583-1202x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328368/; classtype:trojan-activity;sid:84191468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328369)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-kemeja-konveksi-pdh-buat-pdh.jpg.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328369/; classtype:trojan-activity;sid:84191469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328362)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-2.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328362/; classtype:trojan-activity;sid:84191462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328363)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roller_shades_room_darkening2-scaled.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328363/; classtype:trojan-activity;sid:84191463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328364)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landscapes-2.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328364/; classtype:trojan-activity;sid:84191464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328365)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-blockchain-architecture-diagram-2024-292.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328365/; classtype:trojan-activity;sid:84191465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328355)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galala-cream-1.jpeg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328355/; classtype:trojan-activity;sid:84191455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328356)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6368-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328356/; classtype:trojan-activity;sid:84191456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328357)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731445524c82f2e56a17d587454ba00c27f5b7878.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328357/; classtype:trojan-activity;sid:84191457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328358)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/large-industrial-oven2525252525252525252525252525252525252525252525252525252525252525252525252525252525252c-xxl-series.pdf.lnk"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328358/; classtype:trojan-activity;sid:84191458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328359)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55979_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328359/; classtype:trojan-activity;sid:84191459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328360)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-11-21-at-10.48.17.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328360/; classtype:trojan-activity;sid:84191460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328361)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wem-1.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328361/; classtype:trojan-activity;sid:84191461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328351)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-min-1024x700.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328351/; classtype:trojan-activity;sid:84191451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328352)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58000_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328352/; classtype:trojan-activity;sid:84191452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328353)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_11b_bar.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328353/; classtype:trojan-activity;sid:84191453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328354)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fg0bihh-bks_774128-jicuaw.jpeg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328354/; classtype:trojan-activity;sid:84191454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328347)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/239017072_106313035098523_7493926151110735030_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328347/; classtype:trojan-activity;sid:84191447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328348)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mission-news-cover.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328348/; classtype:trojan-activity;sid:84191448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328349)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-11-23-at-11.23.06.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328349/; classtype:trojan-activity;sid:84191449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328350)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6.-cataratas-do-iguacu-brasil.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328350/; classtype:trojan-activity;sid:84191450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328341)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1730473795f467d999db983bb15f2ace35a001c711.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328341/; classtype:trojan-activity;sid:84191441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328342)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20241023_144228.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328342/; classtype:trojan-activity;sid:84191442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paig-wj1550_v1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328343/; classtype:trojan-activity;sid:84191443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328344)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-tokenomics-report-2024-3.8.6.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328344/; classtype:trojan-activity;sid:84191444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328345)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-15.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328345/; classtype:trojan-activity;sid:84191445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328346)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-215-scaled.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328346/; classtype:trojan-activity;sid:84191446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328336)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/blk-9-lot-27.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328336/; classtype:trojan-activity;sid:84191436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328337)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nota-ice-ied.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328337/; classtype:trojan-activity;sid:84191437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328338)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aphmau-coloring-pages.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328338/; classtype:trojan-activity;sid:84191438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328339)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/r-sk-hak-dan-kewajiban-pasien.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328339/; classtype:trojan-activity;sid:84191439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328340)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.-convocatoria-laboratorios-itinerantes-curiosasmentes-.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328340/; classtype:trojan-activity;sid:84191440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328332)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eweewqe.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328332/; classtype:trojan-activity;sid:84191432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328333)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/denajee-aloe-protein-shampoo-front-copy.png.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328333/; classtype:trojan-activity;sid:84191433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328334)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/512356858136.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328334/; classtype:trojan-activity;sid:84191434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328335)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jamaicablue_bigbrekkie_topview_hires.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328335/; classtype:trojan-activity;sid:84191435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328330)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tusne-2021.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328330/; classtype:trojan-activity;sid:84191430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328331)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/18x26-combo-scaled.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328331/; classtype:trojan-activity;sid:84191431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328326)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/udhezim-i-perbashket-mas-meki-nr-13-dt-10.07.2024-per-vitin-shkollor-2024-2025-ne-sistemin-arsimor-parauniv-2.pdf.lnk"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328326/; classtype:trojan-activity;sid:84191426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328327)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin_legal_contract_2024_1_8_6.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328327/; classtype:trojan-activity;sid:84191427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328328)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-sat-m100-bar.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328328/; classtype:trojan-activity;sid:84191428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328329)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfin-top-20-stockholders-as-of-may-11-2021.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328329/; classtype:trojan-activity;sid:84191429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hostel-karadjordje2.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328322/; classtype:trojan-activity;sid:84191422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328323)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msc.programme.specific.outcome.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328323/; classtype:trojan-activity;sid:84191423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328324)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f665f71a-9f82-db2c-46f2-c8588b936d3a.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328324/; classtype:trojan-activity;sid:84191424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328325)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-birkin-25-cm-handbag-in-rose-d-ete-swift-leather.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328325/; classtype:trojan-activity;sid:84191425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328318)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-67.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328318/; classtype:trojan-activity;sid:84191418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328319)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/25.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328319/; classtype:trojan-activity;sid:84191419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328320)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_5773791619563242013_w.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328320/; classtype:trojan-activity;sid:84191420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328321)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/top-load-washer-wa80cg4240bwnq-2.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328321/; classtype:trojan-activity;sid:84191421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328313)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alphapro100_whey5kgchocolatefrontalexardenti13.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328313/; classtype:trojan-activity;sid:84191413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328314)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3312678087240.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328314/; classtype:trojan-activity;sid:84191414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328315)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/big_villa_elia_bedroom_2_closet.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328315/; classtype:trojan-activity;sid:84191415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328316)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ca920a86743cefa9ae8510f1a2bf7295.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328316/; classtype:trojan-activity;sid:84191416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328317)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duplex-icarai-7.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328317/; classtype:trojan-activity;sid:84191417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328309)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1530.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328309/; classtype:trojan-activity;sid:84191409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328310)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328310/; classtype:trojan-activity;sid:84191410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328311)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/company-profile-aalaf-international-2.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328311/; classtype:trojan-activity;sid:84191411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328301)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-1-725x544.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328301/; classtype:trojan-activity;sid:84191401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4d073249-2381-4051-80d6-68313655356f-scaled.jpeg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328302/; classtype:trojan-activity;sid:84191402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12-1200x800.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328303/; classtype:trojan-activity;sid:84191403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dagang-ekspor1.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328304/; classtype:trojan-activity;sid:84191404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328305)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/y-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328305/; classtype:trojan-activity;sid:84191405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328306)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/372-pengumuman-pendaftaran-bacalon-pilkada-lebak.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328306/; classtype:trojan-activity;sid:84191406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328307)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-geovana-albuquerque-1-vlpzb2.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328307/; classtype:trojan-activity;sid:84191407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328308)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/perfect_fit_drapery_cavity_instructions.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328308/; classtype:trojan-activity;sid:84191408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328296)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lich-doc-kinh-thanh_page_2.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328296/; classtype:trojan-activity;sid:84191396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328297)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55876_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328297/; classtype:trojan-activity;sid:84191397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328298)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328298/; classtype:trojan-activity;sid:84191398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328299)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-s.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328299/; classtype:trojan-activity;sid:84191399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328300)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/no_image.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328300/; classtype:trojan-activity;sid:84191400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328293)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/y27-succ88per-mat-vizon.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328293/; classtype:trojan-activity;sid:84191393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328294)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/02.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328294/; classtype:trojan-activity;sid:84191394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328295)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seismoelectrics-3-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328295/; classtype:trojan-activity;sid:84191395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-submis.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328289/; classtype:trojan-activity;sid:84191389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328290)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/267.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328290/; classtype:trojan-activity;sid:84191390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328291)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto4-scaled-e1666447686458.jpeg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328291/; classtype:trojan-activity;sid:84191391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328292)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roller_64_round_fascia_mount.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328292/; classtype:trojan-activity;sid:84191392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/puma_jordan.gif.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328283/; classtype:trojan-activity;sid:84191383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58000_35.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328284/; classtype:trojan-activity;sid:84191384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328285)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_nagata-drill-1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328285/; classtype:trojan-activity;sid:84191385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328286)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-ejecutado-a-diciembre-de-2017-en-formato-pdf.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328286/; classtype:trojan-activity;sid:84191386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328287)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/outsyd_dj_ft_famous_pluto_outsyd_eddie_tega_boi_dc_-_feel_d_mood.mp3.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328287/; classtype:trojan-activity;sid:84191387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chocolate-cake-3-pound.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328288/; classtype:trojan-activity;sid:84191388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328279)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10-1069x800.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328279/; classtype:trojan-activity;sid:84191379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328280)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/v1-3.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328280/; classtype:trojan-activity;sid:84191380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-n252525252525252525252525252525c2252525252525252525252525252525b02-c-respaldo-proyecto-modalidad-aprendizaje-en-casa.docx.lnk"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328281/; classtype:trojan-activity;sid:84191381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preuzmite-odlomak.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328282/; classtype:trojan-activity;sid:84191382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328278)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-fap-decomore-burkolattal-2.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328278/; classtype:trojan-activity;sid:84191378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328271)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs-2024-final-program-main-v10-4ed-26-oct-28oct-2.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328271/; classtype:trojan-activity;sid:84191371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328272)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery-img2.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328272/; classtype:trojan-activity;sid:84191372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328273)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-afisare-oferta-persoane-fizice.docx.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328273/; classtype:trojan-activity;sid:84191373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328274)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta_ice_2018_final.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328274/; classtype:trojan-activity;sid:84191374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-7.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328275/; classtype:trojan-activity;sid:84191375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328276)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rttc-save-water-6.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328276/; classtype:trojan-activity;sid:84191376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328277)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/grand-bahama-aerials-5-scaled.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328277/; classtype:trojan-activity;sid:84191377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328266)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61898_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328266/; classtype:trojan-activity;sid:84191366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328267)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_4871-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328267/; classtype:trojan-activity;sid:84191367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328268)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requirement.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:256; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328268/; classtype:trojan-activity;sid:84191368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328269)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forgotten-children-july-en-2.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328269/; classtype:trojan-activity;sid:84191369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328270)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aakanksha-x-vivek-3-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328270/; classtype:trojan-activity;sid:84191370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328259)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-2024.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328259/; classtype:trojan-activity;sid:84191359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328260)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dispozitie-privind-interzicerea-comercializarii-sau-a-consumului-de-bauturi-alcoolice.pdf.lnk"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328260/; classtype:trojan-activity;sid:84191360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328261)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/psos_english.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328261/; classtype:trojan-activity;sid:84191361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328262)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56918_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328262/; classtype:trojan-activity;sid:84191362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328263)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/junior.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328263/; classtype:trojan-activity;sid:84191363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328264)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/az_title_new_010122_lo-1-scaled.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328264/; classtype:trojan-activity;sid:84191364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328265)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p.pdf.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328265/; classtype:trojan-activity;sid:84191365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328253)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-lumina-5.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328253/; classtype:trojan-activity;sid:84191353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328254)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pol11.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328254/; classtype:trojan-activity;sid:84191354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328255)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/172f73c7-b95d-4d94-8514-7b3b76be0bef-roguintan-nadeak-1.jpeg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328255/; classtype:trojan-activity;sid:84191355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328256)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11.-zips-single-port-alarm-unit-thai-translation.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328256/; classtype:trojan-activity;sid:84191356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328257)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bella_shmurda_-_shalaye.mp3.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328257/; classtype:trojan-activity;sid:84191357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328258)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328258/; classtype:trojan-activity;sid:84191358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328247)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2525252525252525252525252525c32525252525252525252525252525a1lbum_explora_2017_oceano.pdf.lnk"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328247/; classtype:trojan-activity;sid:84191347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328248)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requi.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328248/; classtype:trojan-activity;sid:84191348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328249)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01306-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328249/; classtype:trojan-activity;sid:84191349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328250)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-de-eureka-power-gym-explora-biobio.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328250/; classtype:trojan-activity;sid:84191350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328251)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sivoia_qs_wireless_basic_setup.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328251/; classtype:trojan-activity;sid:84191351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328252)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328252/; classtype:trojan-activity;sid:84191352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328243)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fama-sunny-hall-ext-piscina-condominio-cam03-r02resultado-1.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328243/; classtype:trojan-activity;sid:84191343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328244)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e-shraman-sanskriti-oct-2021.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328244/; classtype:trojan-activity;sid:84191344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328245)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/institutional-distinctiveness.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328245/; classtype:trojan-activity;sid:84191345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328246)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55876_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328246/; classtype:trojan-activity;sid:84191346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328242)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pic_11.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328242/; classtype:trojan-activity;sid:84191342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328236)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/english.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328236/; classtype:trojan-activity;sid:84191336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328238)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731504820af0d175bac42926838a2aa1967bb7289.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328238/; classtype:trojan-activity;sid:84191338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328239)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sportswear-mens-pants-9wjtcr.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328239/; classtype:trojan-activity;sid:84191339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328240)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barbie-mermaid-coloring-page.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328240/; classtype:trojan-activity;sid:84191340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328241)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carmel_ex_voice_of_carmel_poster.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328241/; classtype:trojan-activity;sid:84191341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328230)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-3.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328230/; classtype:trojan-activity;sid:84191330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328231)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59421_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328231/; classtype:trojan-activity;sid:84191331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328232)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/catalogo-general-cicrosa-2022.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328232/; classtype:trojan-activity;sid:84191332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328233)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-09-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328233/; classtype:trojan-activity;sid:84191333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328234)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/program-audiente-mai.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328234/; classtype:trojan-activity;sid:84191334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328235)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/32_breeky-burger-3_4_retouch.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328235/; classtype:trojan-activity;sid:84191335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328227)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vacuum-drying-oven-compact-dp300.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328227/; classtype:trojan-activity;sid:84191327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328228)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/terra-1-e1731924991611.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328228/; classtype:trojan-activity;sid:84191328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328229)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3117838_1646161408662.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328229/; classtype:trojan-activity;sid:84191329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328223)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1440x576.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328223/; classtype:trojan-activity;sid:84191323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328224)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/celex-31999l0045-ro-txt.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328224/; classtype:trojan-activity;sid:84191324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328225)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-94.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328225/; classtype:trojan-activity;sid:84191325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328226)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/173031162257eb214edfebc3d94fa3c5a3a5feb88e.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328226/; classtype:trojan-activity;sid:84191326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328219)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arvo-2024-annual-meeting-pocket-guide.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328219/; classtype:trojan-activity;sid:84191319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328220)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/destaque-572100-morte-visitaintima.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328220/; classtype:trojan-activity;sid:84191320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328221)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/analyse-du-marche-eos-rapport-2024-2-4-2.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328221/; classtype:trojan-activity;sid:84191321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328222)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1_install-guide-bahasa-indonesian-ws2-apple-watch-tray-sensors-zw1051-52.pdf.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328222/; classtype:trojan-activity;sid:84191322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328209)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/front-1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328209/; classtype:trojan-activity;sid:84191309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328210)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ckkurumsal06b.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328210/; classtype:trojan-activity;sid:84191310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328211)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/50862722.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328211/; classtype:trojan-activity;sid:84191311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328212)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59021_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328212/; classtype:trojan-activity;sid:84191312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328213)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solicitud-retiro-p.-de-acuerdo-autorizacion-para-contratar.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328213/; classtype:trojan-activity;sid:84191313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328214)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-brocoli-legacy.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328214/; classtype:trojan-activity;sid:84191314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328215)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/commsec_state_of_the_states_october2016.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328215/; classtype:trojan-activity;sid:84191315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328216)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/239480654_106373931759100_1350128503818017235_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328216/; classtype:trojan-activity;sid:84191316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328217)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190615_101536.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328217/; classtype:trojan-activity;sid:84191317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328218)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rahasia-sukses-generasi-muda-di-era-digital.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328218/; classtype:trojan-activity;sid:84191318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328205)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eclipse-pppv-baseball-1.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328205/; classtype:trojan-activity;sid:84191305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328206)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-developm.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328206/; classtype:trojan-activity;sid:84191306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328207)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/parijs-bank-met-ottomane-4.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328207/; classtype:trojan-activity;sid:84191307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328208)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49700_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328208/; classtype:trojan-activity;sid:84191308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328202)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-harlow-rd-greening-glade-kitchen-.jpeg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328202/; classtype:trojan-activity;sid:84191302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328203)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/super_rare_hermes_birkin_pytho_1674355142_b40a92a1_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328203/; classtype:trojan-activity;sid:84191303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328204)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rainbow-bay-google-maps-south-scaled.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328204/; classtype:trojan-activity;sid:84191304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328197)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59421_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328197/; classtype:trojan-activity;sid:84191297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mailto25252525252525252525252525253acv252525252525252525252525252540aliphdeen.com.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328198/; classtype:trojan-activity;sid:84191298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328199)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20241124_213300_canva-787x1030.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328199/; classtype:trojan-activity;sid:84191299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328200)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/613wil252br8ol._ac_uf894252c1000_ql80_.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328200/; classtype:trojan-activity;sid:84191300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328201)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-explora-el-cine.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328201/; classtype:trojan-activity;sid:84191301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328191)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/herme2525cc252580s252bevelyne252bpm252bbag252breview252bfeat.252blxr252b252526252bco25252c252bwoahstyle.com252bby252bnathalie252bmartin_0137.jpg.lnk"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328191/; classtype:trojan-activity;sid:84191291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328192)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vinyl-the-simpsons-moes-tavern-mini-figure-series-by-kidrobot-2_600x.jpg.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328192/; classtype:trojan-activity;sid:84191292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328193)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1525.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328193/; classtype:trojan-activity;sid:84191293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328194)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10864_alt10.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328194/; classtype:trojan-activity;sid:84191294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328195)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plat-map-royal-palm-bay-blk-6-lot-24-corlo-scaled.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328195/; classtype:trojan-activity;sid:84191295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328196)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-42.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328196/; classtype:trojan-activity;sid:84191296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328188)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bao-cao-1312.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328188/; classtype:trojan-activity;sid:84191288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328189)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/memoria_deportiva_2017.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328189/; classtype:trojan-activity;sid:84191289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328190)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libroresumenescongreso.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328190/; classtype:trojan-activity;sid:84191290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328184)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/18.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328184/; classtype:trojan-activity;sid:84191284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328185)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/is-blue-chew-safe-to-take.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328185/; classtype:trojan-activity;sid:84191285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328186)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3427-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328186/; classtype:trojan-activity;sid:84191286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328187)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/new.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328187/; classtype:trojan-activity;sid:84191287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328177)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/valefl_1.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328177/; classtype:trojan-activity;sid:84191277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328178)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8846-min-scaled.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328178/; classtype:trojan-activity;sid:84191278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328179)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/https25253a25252f25252fd1e00ek4ebabms.cloudfront.net25252fproduction25252ff215ec38-e291-42e9-8892-02181bd0f97e.jpg.lnk"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328179/; classtype:trojan-activity;sid:84191279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328180)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/330-direccion-de-seguridad-opereacional_0.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328180/; classtype:trojan-activity;sid:84191280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328182)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vans-sk8-hi-wear-test-front-600x400.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328182/; classtype:trojan-activity;sid:84191282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328183)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tu-parque-acceso.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328183/; classtype:trojan-activity;sid:84191283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328175)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-kelly-black-croco-32cm-cites-1974-shop-katheleys-vintage-vip.webp.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328175/; classtype:trojan-activity;sid:84191275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328176)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/algorand-smart-contract-tutorial-2024-5-6-2.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328176/; classtype:trojan-activity;sid:84191276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328169)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vol5422015133.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328169/; classtype:trojan-activity;sid:84191269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328170)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-2-4.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328170/; classtype:trojan-activity;sid:84191270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328171)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galva.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328171/; classtype:trojan-activity;sid:84191271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328173)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3117840_1646161413391.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328173/; classtype:trojan-activity;sid:84191273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328174)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zestawienie-nr-07.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328174/; classtype:trojan-activity;sid:84191274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328163)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56295_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328163/; classtype:trojan-activity;sid:84191263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328164)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-mesa-de-trabajo-1-32x32.png.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328164/; classtype:trojan-activity;sid:84191264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328165)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin_smart_contract_tutorial_2024_4.1.6.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328165/; classtype:trojan-activity;sid:84191265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328166)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xuong-san-xuat-nam-tien-window-1.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328166/; classtype:trojan-activity;sid:84191266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328167)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6162.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328167/; classtype:trojan-activity;sid:84191267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328168)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/emas.-declaracion-del-verificador-centro-de-referencia-2020.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328168/; classtype:trojan-activity;sid:84191268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328158)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01954-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328158/; classtype:trojan-activity;sid:84191258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328159)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-bb202-p-1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328159/; classtype:trojan-activity;sid:84191259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328160)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/66-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328160/; classtype:trojan-activity;sid:84191260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328161)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aakanksha-x-vivek-8-compressed-1-scaled.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328161/; classtype:trojan-activity;sid:84191261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328162)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kitchen-remodel.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328162/; classtype:trojan-activity;sid:84191262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328157)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/love-potion-camiseta-blanca-1-2.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328157/; classtype:trojan-activity;sid:84191257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328149)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20240108-matriz-riesgos-corrupcion_soborno_sarlaft.xlsx.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328149/; classtype:trojan-activity;sid:84191249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328150)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duplex-icarai-17.jpeg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328150/; classtype:trojan-activity;sid:84191250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328151)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04083.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328151/; classtype:trojan-activity;sid:84191251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328152)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/code-de-conduite-des-fournisseurs.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328152/; classtype:trojan-activity;sid:84191252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328153)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aakanksha-x-vivek-13-scaled.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328153/; classtype:trojan-activity;sid:84191253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328154)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-xx600-da-62-s-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328154/; classtype:trojan-activity;sid:84191254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328155)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juliapiquer4aalnacinal.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328155/; classtype:trojan-activity;sid:84191255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328156)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/817qnrw9i3l._ac_sl1000_.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328156/; classtype:trojan-activity;sid:84191256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328146)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-whitepaper-2024-2-6-6.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328146/; classtype:trojan-activity;sid:84191246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328147)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fl-pl01dr-u-ww-1080x1920-001-450x800.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328147/; classtype:trojan-activity;sid:84191247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328148)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dispozitia-244-din-24.04.2024-privind-regulamentul-intern-de-acordare-a-voucherelor-de-vacanta-pentru-salariatii-din-cadrul-orasului-targu-frumos.pdf.lnk"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328148/; classtype:trojan-activity;sid:84191248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328144)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hig04.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328144/; classtype:trojan-activity;sid:84191244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328145)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328145/; classtype:trojan-activity;sid:84191245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328138)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-cdmlg-4.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328138/; classtype:trojan-activity;sid:84191238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328139)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery-img-6.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328139/; classtype:trojan-activity;sid:84191239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328140)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238363478_106315291764964_8610512863580051888_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328140/; classtype:trojan-activity;sid:84191240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328141)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp5149.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328141/; classtype:trojan-activity;sid:84191241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328142)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plasma-modifier-barrel-chamber-pm100.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328142/; classtype:trojan-activity;sid:84191242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328143)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/turbine_large.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328143/; classtype:trojan-activity;sid:84191243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328137)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4th-page.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328137/; classtype:trojan-activity;sid:84191237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328127)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/glock-19-engrave.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328127/; classtype:trojan-activity;sid:84191227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328128)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/serena_spec_guide.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328128/; classtype:trojan-activity;sid:84191228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328129)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplu.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:229; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328129/; classtype:trojan-activity;sid:84191229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328130)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/date-firme-din-conflict.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328130/; classtype:trojan-activity;sid:84191230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328131)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/electricite-2.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328131/; classtype:trojan-activity;sid:84191231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328132)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21324-box1-v39_ksmk3zgcpbeuqnxl.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328132/; classtype:trojan-activity;sid:84191232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328133)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328133/; classtype:trojan-activity;sid:84191233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328134)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-whitepaper-2024-1.6.9.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328134/; classtype:trojan-activity;sid:84191234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328135)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1747.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328135/; classtype:trojan-activity;sid:84191235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328136)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20170203-wa0004.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328136/; classtype:trojan-activity;sid:84191236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328120)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57658_33.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328120/; classtype:trojan-activity;sid:84191220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328121)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/neukunden.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328121/; classtype:trojan-activity;sid:84191221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328122)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deep-em-2-scaled.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328122/; classtype:trojan-activity;sid:84191222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328123)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-ecosystem-report-2024-3-5-1.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328123/; classtype:trojan-activity;sid:84191223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328124)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp5760.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328124/; classtype:trojan-activity;sid:84191224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328125)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/copia-de-lucas_00006.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328125/; classtype:trojan-activity;sid:84191225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328126)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/persian-singers-2.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328126/; classtype:trojan-activity;sid:84191226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328118)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_934add09fd21848a1478f64245f93ecd.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328118/; classtype:trojan-activity;sid:84191218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328119)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/elektroniczny-bidet-instrukcja-obs25252525252525252525252525252525252525252525c52525252525252525252525252525252525252525252582ugi-i-monta25252525252525252525252525252525252525252525c525252525252525252525252525252525252525252525bcu.pdf.lnk"; http_uri; depth:249; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328119/; classtype:trojan-activity;sid:84191219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328111)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/elle-botas-track-1571322040.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328111/; classtype:trojan-activity;sid:84191211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328112)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/academias-en-ciencias-sociales.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328112/; classtype:trojan-activity;sid:84191212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328113)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/473_resized_detail_800_0_0_1_1.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328113/; classtype:trojan-activity;sid:84191213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328114)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02274.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328114/; classtype:trojan-activity;sid:84191214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328115)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/all2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328115/; classtype:trojan-activity;sid:84191215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328116)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-25.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328116/; classtype:trojan-activity;sid:84191216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328117)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01345-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328117/; classtype:trojan-activity;sid:84191217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328108)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-auditoria-de-regularidad-pad2019.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328108/; classtype:trojan-activity;sid:84191208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328109)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comprar-viagra-barato-italia-viagra.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328109/; classtype:trojan-activity;sid:84191209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328110)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saules-02.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328110/; classtype:trojan-activity;sid:84191210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328104)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_cotton-carded.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328104/; classtype:trojan-activity;sid:84191204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328106)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/150010_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328106/; classtype:trojan-activity;sid:84191206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328107)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11-decret-2003-804-ce-ore.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328107/; classtype:trojan-activity;sid:84191207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328101)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60k_besz_2022.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328101/; classtype:trojan-activity;sid:84191201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328102)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryvendet-e-lira-dt.-15.11.2024-per-portalin-24-25.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:204; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328102/; classtype:trojan-activity;sid:84191202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328103)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento-de-evaluacion-calificacion-y-promocion-jandrews-2023-1-1.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328103/; classtype:trojan-activity;sid:84191203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328099)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/278615599_4825347297576002_5348081232507470234_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328099/; classtype:trojan-activity;sid:84191199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328100)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formato-invitacion-privada-suministro-de-stickers.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328100/; classtype:trojan-activity;sid:84191200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328093)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn-web-colabo-v7_01.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328093/; classtype:trojan-activity;sid:84191193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328094)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238886407_106316005098226_7930080017706288837_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328094/; classtype:trojan-activity;sid:84191194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328096)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-e1626804353510.jpeg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328096/; classtype:trojan-activity;sid:84191196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328097)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/convenioiconcursocampamentos.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328097/; classtype:trojan-activity;sid:84191197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328098)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/440205-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328098/; classtype:trojan-activity;sid:84191198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328089)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vaccaro-acetals-cattoday-pre-accepted.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328089/; classtype:trojan-activity;sid:84191189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328090)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-3.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328090/; classtype:trojan-activity;sid:84191190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328091)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/convocatoria-laboratorios-itinerantes-curiosasmentes.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328091/; classtype:trojan-activity;sid:84191191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328092)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gts-po01-politica-y-objetivos-de-seguridad-y-salud-en-el-trabajo-v1.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328092/; classtype:trojan-activity;sid:84191192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328084)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/itapua-09-rotated.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328084/; classtype:trojan-activity;sid:84191184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328085)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58097_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328085/; classtype:trojan-activity;sid:84191185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328086)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide-de-taxation-tron-20241-6-1.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328086/; classtype:trojan-activity;sid:84191186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328087)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp9660.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328087/; classtype:trojan-activity;sid:84191187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328088)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-1-afri-septianingrini-1.png.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328088/; classtype:trojan-activity;sid:84191188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328075)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20170831_balance.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328075/; classtype:trojan-activity;sid:84191175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328076)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-de-convocatoria-peal-2023_.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328076/; classtype:trojan-activity;sid:84191176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328077)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200925_150659-1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328077/; classtype:trojan-activity;sid:84191177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328078)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3454-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328078/; classtype:trojan-activity;sid:84191178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328079)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/haidan-zy26j3pa65y-unsplash-scaled.jpeg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328079/; classtype:trojan-activity;sid:84191179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328080)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/events-for-edm-5.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328080/; classtype:trojan-activity;sid:84191180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328081)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/certificato_rina.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328081/; classtype:trojan-activity;sid:84191181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328082)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/front-bumber4-am.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328082/; classtype:trojan-activity;sid:84191182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328072)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/congreso-2022.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328072/; classtype:trojan-activity;sid:84191172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328073)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/szallas009.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328073/; classtype:trojan-activity;sid:84191173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328074)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59607_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328074/; classtype:trojan-activity;sid:84191174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328066)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-convocatoria-iie2021.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328066/; classtype:trojan-activity;sid:84191166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328067)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ficha25252525252525252525252525252520m252525252525252525252525252525c3252525252525252525252525252525a9dica25252525252525252525252525252520chile25252525252525252525252525252520va25252525252525252525252525252521252525252525252525252525252525202014.doc.lnk"; http_uri; depth:264; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328067/; classtype:trojan-activity;sid:84191167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328068)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/igk-good-behavior-blowout-balm-5oz-rig-igk-lgbbb05-228x228-1.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328068/; classtype:trojan-activity;sid:84191168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328069)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deska-sedesowa-z-funkcja-bidetu-majormaker-smaragd-200a-1.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328069/; classtype:trojan-activity;sid:84191169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328070)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cbtt-bienban25252525252525252525252525252527252525252525252525252525252525c425252525252525252525252525252590h252525252525252525252525252525c425252525252525252525252525252590c252525252525252525252525252525c4252525252525252525252525252525902024-dt.pdf.lnk"; http_uri; depth:264; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328070/; classtype:trojan-activity;sid:84191170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328061)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/home-jardin.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328061/; classtype:trojan-activity;sid:84191161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328062)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/enterprise-dt-baseball-1.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328062/; classtype:trojan-activity;sid:84191162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328063)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/colorker-tangram-2.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328063/; classtype:trojan-activity;sid:84191163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328064)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6972-scaled.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328064/; classtype:trojan-activity;sid:84191164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328065)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-api-documentation-20245.7.9.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328065/; classtype:trojan-activity;sid:84191165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328058)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01561-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328058/; classtype:trojan-activity;sid:84191158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328059)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_taslan.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328059/; classtype:trojan-activity;sid:84191159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328060)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m.sc_food_technology_course_outcome.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328060/; classtype:trojan-activity;sid:84191160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328052)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-congreso-regional-2022_compressed.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328052/; classtype:trojan-activity;sid:84191152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328053)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2600062836913_7_b.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328053/; classtype:trojan-activity;sid:84191153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328054)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-11.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328054/; classtype:trojan-activity;sid:84191154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/513231940084.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328055/; classtype:trojan-activity;sid:84191155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328056)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/daftar-nominatif-pantarlih-pemilu-tahun-2024-kecamatan-kalang-anyar.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328056/; classtype:trojan-activity;sid:84191156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328057)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucio2525252525252525252525252525cc252525252525252525252525252581n-bases.pdf.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328057/; classtype:trojan-activity;sid:84191157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328047)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-1620x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328047/; classtype:trojan-activity;sid:84191147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328048)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6360.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328048/; classtype:trojan-activity;sid:84191148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328049)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328049/; classtype:trojan-activity;sid:84191149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328050)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pin-sunscreen-chemicals.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328050/; classtype:trojan-activity;sid:84191150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328051)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/notice-for-result-declaration.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328051/; classtype:trojan-activity;sid:84191151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328041)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/squat-2-600x637.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328041/; classtype:trojan-activity;sid:84191141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328042)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-15.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328042/; classtype:trojan-activity;sid:84191142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328043)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-9-1-1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328043/; classtype:trojan-activity;sid:84191143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328044)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6744.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328044/; classtype:trojan-activity;sid:84191144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328045)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lucky-star-camiseta-negra.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328045/; classtype:trojan-activity;sid:84191145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328046)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/173159833724c22c53eb2a2c3121821d6a0c70f889.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328046/; classtype:trojan-activity;sid:84191146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328036)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20180102_130911-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328036/; classtype:trojan-activity;sid:84191136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328037)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hoa-lan-tang-sinh-nhat.png.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328037/; classtype:trojan-activity;sid:84191137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328038)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fdv1baknkeo-scaled.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328038/; classtype:trojan-activity;sid:84191138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328039)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/studio-one-5-meta-image.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328039/; classtype:trojan-activity;sid:84191139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328040)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/strawberry-handwash-70-off-1.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328040/; classtype:trojan-activity;sid:84191140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328032)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pexels-curtis-adams-16249171.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328032/; classtype:trojan-activity;sid:84191132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328033)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/400802411_918682076648820_1250559864979353172_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328033/; classtype:trojan-activity;sid:84191133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328034)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/et-180.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328034/; classtype:trojan-activity;sid:84191134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328035)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rof-2024.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328035/; classtype:trojan-activity;sid:84191135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328023)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roller_shades_sunscreen8-scaled.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328023/; classtype:trojan-activity;sid:84191123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328024)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58049_36.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328024/; classtype:trojan-activity;sid:84191124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328025)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-485-gallery-2.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328025/; classtype:trojan-activity;sid:84191125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328026)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5386-8-scaled.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328026/; classtype:trojan-activity;sid:84191126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328027)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-11.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328027/; classtype:trojan-activity;sid:84191127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328029)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coffee-store-shopkeeper-and-waitress-using-cash-re-2023-11-27-05-27-38-utc.jpg.lnk"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328029/; classtype:trojan-activity;sid:84191129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328030)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arada_sub_city.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328030/; classtype:trojan-activity;sid:84191130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328031)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa02suites_venda_centro-caucaia-ce-8.jpeg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328031/; classtype:trojan-activity;sid:84191131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328022)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14-1440x1080.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328022/; classtype:trojan-activity;sid:84191122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328017)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22520157_1974864216121622_1660874090646632341_o.jpeg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328017/; classtype:trojan-activity;sid:84191117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328018)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-wonderspace-4.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328018/; classtype:trojan-activity;sid:84191118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328019)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cwreport2019-20.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328019/; classtype:trojan-activity;sid:84191119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328020)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d4541.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328020/; classtype:trojan-activity;sid:84191120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328021)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sorteo-de-dianas.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328021/; classtype:trojan-activity;sid:84191121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328016)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/105990031_10157831464973743_7784540790604732729_o.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328016/; classtype:trojan-activity;sid:84191116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328009)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d.el_.edbedrecognisation.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328009/; classtype:trojan-activity;sid:84191109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328010)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/projekt-uchwaly-antysmogowej.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328010/; classtype:trojan-activity;sid:84191110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328011)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/224691280_4191788824207609_4696977106515522522_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328011/; classtype:trojan-activity;sid:84191111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328012)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-034.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328012/; classtype:trojan-activity;sid:84191112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328013)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2022-sprawozdanie-merytoryczne-fundacja-impuls.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328013/; classtype:trojan-activity;sid:84191113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328014)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22gb-water-shot.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328014/; classtype:trojan-activity;sid:84191114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328003)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landscapes-8.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328003/; classtype:trojan-activity;sid:84191103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328004)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aerea-02-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328004/; classtype:trojan-activity;sid:84191104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328005)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/orange-handwash-70-off-1.png.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328005/; classtype:trojan-activity;sid:84191105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328006)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/48-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328006/; classtype:trojan-activity;sid:84191106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328007)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anti-ragging-poster.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328007/; classtype:trojan-activity;sid:84191107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328008)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/itapua-04-rotated.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328008/; classtype:trojan-activity;sid:84191108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327997)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00197630160527____34__640x640.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327997/; classtype:trojan-activity;sid:84191097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327998)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/la-guajira-noticias-jueves-21-de-noviembre-de-2024.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327998/; classtype:trojan-activity;sid:84191098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327999)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/140812_eye_sec1.jpg.crop_.original-original.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327999/; classtype:trojan-activity;sid:84191099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328000)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baby-yoda-coloring-sheet-5.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328000/; classtype:trojan-activity;sid:84191100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3328002)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/view-1.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3328002/; classtype:trojan-activity;sid:84191102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327993)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/48103_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327993/; classtype:trojan-activity;sid:84191093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327994)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/510-direccion-de-gestion-humana.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327994/; classtype:trojan-activity;sid:84191094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327995)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srishti-x-abhinav-4-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327995/; classtype:trojan-activity;sid:84191095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327996)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados_divulgacion.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327996/; classtype:trojan-activity;sid:84191096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327986)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-18.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327986/; classtype:trojan-activity;sid:84191086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327987)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diario-de-viaje-ece-2023.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327987/; classtype:trojan-activity;sid:84191087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327989)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59421_10.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327989/; classtype:trojan-activity;sid:84191089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327990)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-kelly-28-craie-epsom-palladium-hardware-1.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327990/; classtype:trojan-activity;sid:84191090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327991)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59980_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327991/; classtype:trojan-activity;sid:84191091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327992)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp_ecosystem_report_20244.0.6.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327992/; classtype:trojan-activity;sid:84191092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327982)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-8.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327982/; classtype:trojan-activity;sid:84191082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327983)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alephnotadeporte.jpeg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327983/; classtype:trojan-activity;sid:84191083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327984)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-security-best-practices-2024-5-3-8.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327984/; classtype:trojan-activity;sid:84191084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327985)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-88-scaled.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327985/; classtype:trojan-activity;sid:84191085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327980)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-de-preferencia-no.-05_2017.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327980/; classtype:trojan-activity;sid:84191080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327981)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/343469_500.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327981/; classtype:trojan-activity;sid:84191081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327978)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-8551-c.-santa-elena-y-saltillo-col.-nisperos-4.jpeg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327978/; classtype:trojan-activity;sid:84191078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327979)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/prospectus_2022_23.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327979/; classtype:trojan-activity;sid:84191079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327972)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tower-hamlets-communty-project-img-6-725x544-1.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327972/; classtype:trojan-activity;sid:84191072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327973)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-label-invisible-performance-01.png.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327973/; classtype:trojan-activity;sid:84191073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327974)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/beauty-instruments.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327974/; classtype:trojan-activity;sid:84191074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327975)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/03-normas-planificacion-deportiva-2023-1.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327975/; classtype:trojan-activity;sid:84191075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327976)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/botas-chelsea-track-sarah-descho-kuah--720x9002525252525252540mujerhoy.jpg.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327976/; classtype:trojan-activity;sid:84191076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327968)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1113866373383.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327968/; classtype:trojan-activity;sid:84191068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327969)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8e38e0ed-7c2c-4d9b-b580-6ab1df89d068-1200x750-1.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327969/; classtype:trojan-activity;sid:84191069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-282-2024-disponer-que-el-servidor-abog-tomas-avelino-lopez-negron-reasuma-sus-funciones-en-el-cargo-de.pdf.lnk"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327970/; classtype:trojan-activity;sid:84191070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327971)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lista-de-utiles-playgroupg-2024.docx.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327971/; classtype:trojan-activity;sid:84191071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327962)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327962/; classtype:trojan-activity;sid:84191062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327963)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imagen-1.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327963/; classtype:trojan-activity;sid:84191063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327964)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3975-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327964/; classtype:trojan-activity;sid:84191064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327965)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ldmini8ftcgp.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327965/; classtype:trojan-activity;sid:84191065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327966)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-mining-setup-guide-2024-2.1.1.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327966/; classtype:trojan-activity;sid:84191066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327967)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20141019_100954.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327967/; classtype:trojan-activity;sid:84191067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327959)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vacuum-drying-oven-dp610.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327959/; classtype:trojan-activity;sid:84191059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327960)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/25_may_prospectus_2024_25.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327960/; classtype:trojan-activity;sid:84191060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327961)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/muad-planlama-katalog-2016-2.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327961/; classtype:trojan-activity;sid:84191061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327952)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/silvas-1888.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327952/; classtype:trojan-activity;sid:84191052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327953)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/motorcycle-accidents-2-min.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327953/; classtype:trojan-activity;sid:84191053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327955)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/service-ac-jababeka-cikarang-1.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327955/; classtype:trojan-activity;sid:84191055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327956)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pagina_nota1_20_11_24_oald.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327956/; classtype:trojan-activity;sid:84191056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327957)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/esf-diciembre-2022.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327957/; classtype:trojan-activity;sid:84191057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327958)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/colorker-tangram-4.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327958/; classtype:trojan-activity;sid:84191058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscina-21-elite.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327945/; classtype:trojan-activity;sid:84191045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327946)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tarapith-complex-1024x678_20180209134559.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327946/; classtype:trojan-activity;sid:84191046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327947)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20220120_085105.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327947/; classtype:trojan-activity;sid:84191047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327948)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2024-08-01_10-48-01-1030x728.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327948/; classtype:trojan-activity;sid:84191048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327949)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysuami.masjidnurulashri.comcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327949/; classtype:trojan-activity;sid:84191049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327950)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a17i9782.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327950/; classtype:trojan-activity;sid:84191050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327951)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/siding-img2.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327951/; classtype:trojan-activity;sid:84191051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327941)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kontakty-umig-marzec-2015_anon.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327941/; classtype:trojan-activity;sid:84191041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327942)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/noi-that-phong-ngu-3.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327942/; classtype:trojan-activity;sid:84191042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327943)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-25.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327943/; classtype:trojan-activity;sid:84191043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327944)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rex-246-2023.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327944/; classtype:trojan-activity;sid:84191044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327937)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4c5ccc27-22ab-f988-68c2-f0ba04c43c13.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327937/; classtype:trojan-activity;sid:84191037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327938)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1743.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327938/; classtype:trojan-activity;sid:84191038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327939)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327939/; classtype:trojan-activity;sid:84191039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327940)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1730473795bcbd005ea552cd95d1a74d2ad4bdd585.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327940/; classtype:trojan-activity;sid:84191040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327932)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/legalitas1.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327932/; classtype:trojan-activity;sid:84191032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327933)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-rock-haut-a-courroies-birkn-bag-2022-2.jpeg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327933/; classtype:trojan-activity;sid:84191033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327934)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-052.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327934/; classtype:trojan-activity;sid:84191034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327935)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20211007215306_248a4479-scaled.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327935/; classtype:trojan-activity;sid:84191035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327936)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2713981994673.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327936/; classtype:trojan-activity;sid:84191036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327930)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/newsletter-fall-2022-3.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327930/; classtype:trojan-activity;sid:84191030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327931)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vt-362-ejido-san-isidro-lote-58-2922.48m2-.jpeg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327931/; classtype:trojan-activity;sid:84191031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327923)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m500303_0004000_p.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327923/; classtype:trojan-activity;sid:84191023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327924)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14618411.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327924/; classtype:trojan-activity;sid:84191024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327925)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gts-mn01-manual-de-funciones-v5-1.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327925/; classtype:trojan-activity;sid:84191025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327926)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-produk-2.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327926/; classtype:trojan-activity;sid:84191026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327927)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-integral-a-30-de-junio-de-2022-ttb-en-formato-pdf.pdf.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327927/; classtype:trojan-activity;sid:84191027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327928)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/botas-track-look-7_c81fdf73_1280x1829.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327928/; classtype:trojan-activity;sid:84191028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327929)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20241023_143916.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327929/; classtype:trojan-activity;sid:84191029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327917)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-educational-material-20244.4.8.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327917/; classtype:trojan-activity;sid:84191017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327918)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-8551-c.-santa-elena-y-saltillo-col.-nisperos-6.jpeg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327918/; classtype:trojan-activity;sid:84191018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327919)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20201031_115636.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327919/; classtype:trojan-activity;sid:84191019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327920)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mario-kart-coloring-pages.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327920/; classtype:trojan-activity;sid:84191020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327921)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mzf_4470-1400x788.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327921/; classtype:trojan-activity;sid:84191021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327922)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-21-at-14.39.45-t8dmxs.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327922/; classtype:trojan-activity;sid:84191022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327913)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-sat-m100-bar-2-e1530712398262.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327913/; classtype:trojan-activity;sid:84191013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327914)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/udhezimi-n.-22-date-27.07.2022-per-vitin-shkollor-2022-2023-ne-sistemin-arsimor-parauniversitar-1.pdf.lnk"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327914/; classtype:trojan-activity;sid:84191014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327915)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thais-bbb-2.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327915/; classtype:trojan-activity;sid:84191015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327916)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moroccanoil-curl-enhancing-shampoo-rmo-mor-scs34-228x228-1.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327916/; classtype:trojan-activity;sid:84191016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327909)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wellcare_kidsfer-kutu-sise_gorsel_022022.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327909/; classtype:trojan-activity;sid:84191009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327910)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/my-melody-printable-coloring-pages.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327910/; classtype:trojan-activity;sid:84191010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327911)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fullrunning-galeria-3.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327911/; classtype:trojan-activity;sid:84191011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327899)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/terminos-y-condici0nes-sitio-web-de-la-terminal-1.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327899/; classtype:trojan-activity;sid:84190999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327900)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59138_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327900/; classtype:trojan-activity;sid:84191000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327901)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/41zyow22b3l.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327901/; classtype:trojan-activity;sid:84191001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327902)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/118579224_10158000107718743_2410324073093610208_o.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327902/; classtype:trojan-activity;sid:84191002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327903)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requi.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327903/; classtype:trojan-activity;sid:84191003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327904)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/investigaci25252525252525252525252525252525252525c325252525252525252525252525252525252525b3n-e-innovaci25252525252525252525252525252525252525c325252525252525252525252525252525252525b3n-escolar-2025-2026.pdf.lnk"; http_uri; depth:221; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327904/; classtype:trojan-activity;sid:84191004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327905)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tether-ecosystem-report-2024-2-5-7.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327905/; classtype:trojan-activity;sid:84191005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327906)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-cibitung-alt2.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327906/; classtype:trojan-activity;sid:84191006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327907)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/makan-makan_justus.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327907/; classtype:trojan-activity;sid:84191007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327908)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0427.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327908/; classtype:trojan-activity;sid:84191008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327893)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nt_-majocchi_srl-9001-ita.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327893/; classtype:trojan-activity;sid:84190993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327894)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/matara.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327894/; classtype:trojan-activity;sid:84190994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327895)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afajui22-1024x1024.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327895/; classtype:trojan-activity;sid:84190995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327897)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apocc81s-homem-se-explodir-perto-do-stf-esplanada-ecc81-isolada-por-risco-de-mais-bombas-brasicc81lia-df-metropoles-2-2-2a7awn.jpeg.lnk"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327897/; classtype:trojan-activity;sid:84190997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327898)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-milano-floor-4.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327898/; classtype:trojan-activity;sid:84190998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327891)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cecos-college-complaints-policy-and-procedures.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327891/; classtype:trojan-activity;sid:84190991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327892)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47479_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327892/; classtype:trojan-activity;sid:84190992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327886)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-mario-kart.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327886/; classtype:trojan-activity;sid:84190986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327887)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/376.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327887/; classtype:trojan-activity;sid:84190987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327888)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/descripcion-de-procesos-ttsa.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327888/; classtype:trojan-activity;sid:84190988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327889)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-sat-1-arm-2.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327889/; classtype:trojan-activity;sid:84190989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flow-tshirt-001-640x800.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327890/; classtype:trojan-activity;sid:84190990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327881)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20200103_185101-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327881/; classtype:trojan-activity;sid:84190981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327882)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/302-tvd_p3_-depto-financiero.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327882/; classtype:trojan-activity;sid:84190982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327883)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327883/; classtype:trojan-activity;sid:84190983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327884)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1049b780bd888dd141bfc8a132ebfa93.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327884/; classtype:trojan-activity;sid:84190984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327885)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-steuerleitfaden-2024-4-8-6.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327885/; classtype:trojan-activity;sid:84190985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327875)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plants-vs-zombies-plants-coloring-pages.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327875/; classtype:trojan-activity;sid:84190975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327876)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9718-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327876/; classtype:trojan-activity;sid:84190976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327877)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phan-mem-trinh-chieu-co-doc-v4-1-3.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327877/; classtype:trojan-activity;sid:84190977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327878)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/electrobombas.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327878/; classtype:trojan-activity;sid:84190978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327879)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1000079705.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327879/; classtype:trojan-activity;sid:84190979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327880)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/planificacion-deportiva-oficial-2023-1.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327880/; classtype:trojan-activity;sid:84190980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327871)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-245-scaled.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327871/; classtype:trojan-activity;sid:84190971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327872)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/item7.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327872/; classtype:trojan-activity;sid:84190972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327873)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-4.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327873/; classtype:trojan-activity;sid:84190973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327874)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/front-7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327874/; classtype:trojan-activity;sid:84190974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327869)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resistance-bands-for-physiotherapy-exercise.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327869/; classtype:trojan-activity;sid:84190969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327870)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14.-solicitud-de-audiencia-para-atencion-del-senor-gobernador-pdf.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327870/; classtype:trojan-activity;sid:84190970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327867)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunline-spec-sheet-for-reinforced-poly-sheeting.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327867/; classtype:trojan-activity;sid:84190967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327868)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0_1310-w-stewart-ste-504-orange-ca_0_2.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327868/; classtype:trojan-activity;sid:84190968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327861)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/551.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327861/; classtype:trojan-activity;sid:84190961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327862)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/detalhes-mecanismo-consenso-chainlink-20244.2.3.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327862/; classtype:trojan-activity;sid:84190962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327863)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2.-manual-de-contratacion-en-pdf.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327863/; classtype:trojan-activity;sid:84190963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327864)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/233.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327864/; classtype:trojan-activity;sid:84190964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327865)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/honeycomb_7_11zon.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327865/; classtype:trojan-activity;sid:84190965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327855)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plan-daction-de-reinstallation-par.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327855/; classtype:trojan-activity;sid:84190955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327856)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_24.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327856/; classtype:trojan-activity;sid:84190956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327857)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-blockchain-architecture-diagram-20243.9.2.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327857/; classtype:trojan-activity;sid:84190957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327858)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/04.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327858/; classtype:trojan-activity;sid:84190958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327859)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1558-done-for-gb.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327859/; classtype:trojan-activity;sid:84190959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327860)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4f259259-1cc2-420f-8b0f-7d38f232ebad.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327860/; classtype:trojan-activity;sid:84190960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327851)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roller_shades_sunscreen7.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327851/; classtype:trojan-activity;sid:84190951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327852)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/designer-3.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327852/; classtype:trojan-activity;sid:84190952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327853)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moroccanoil-infrared-hair-dryer-rmo-mor-tbssihd-500x500-1.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327853/; classtype:trojan-activity;sid:84190953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327854)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55046_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327854/; classtype:trojan-activity;sid:84190954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/btn-sat-1-300-rh-1.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327848/; classtype:trojan-activity;sid:84190948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327849)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ufuktezemir1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327849/; classtype:trojan-activity;sid:84190949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327850)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/favicon-1.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327850/; classtype:trojan-activity;sid:84190950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327842)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pi_oks_4220_110676_en.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327842/; classtype:trojan-activity;sid:84190942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327843)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/versio252525252525252525252525252525252525252525cc25252525252525252525252525252525252525252581n-3-libro-de-actividades-mito-rali_light.pdf.lnk"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327843/; classtype:trojan-activity;sid:84190943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327844)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/producto-eliptic-ofteno-pf.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327844/; classtype:trojan-activity;sid:84190944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327845)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4509-2-scaled.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327845/; classtype:trojan-activity;sid:84190945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327846)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hp-15s-eq2116au-_amd-ryzen-5-5500u-processor-02.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327846/; classtype:trojan-activity;sid:84190946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327847)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/focaccina-da-55-grammi-eat-pro-focaccina-proteica-chetogenica-naturale.jpg.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327847/; classtype:trojan-activity;sid:84190947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327838)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/102-tvd_direccion-de-c.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327838/; classtype:trojan-activity;sid:84190938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327839)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/admission-form-jm.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327839/; classtype:trojan-activity;sid:84190939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327840)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731598337d3cd97aba175244be54e86804edc013c.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327840/; classtype:trojan-activity;sid:84190940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327841)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seismoelectronics-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327841/; classtype:trojan-activity;sid:84190941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327834)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-22.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327834/; classtype:trojan-activity;sid:84190934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327835)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/molykote_cu-7439_plus_paste_v1_71-0182k-01.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327835/; classtype:trojan-activity;sid:84190935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327836)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7_ws2-exposed-cable-merchandising-guide.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327836/; classtype:trojan-activity;sid:84190936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327837)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-1440x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327837/; classtype:trojan-activity;sid:84190937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327831)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/41jgzi6seel._sx466_.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327831/; classtype:trojan-activity;sid:84190931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327832)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landscapes-1.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327832/; classtype:trojan-activity;sid:84190932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327833)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6670.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327833/; classtype:trojan-activity;sid:84190933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327827)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/trust-deed.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327827/; classtype:trojan-activity;sid:84190927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327828)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kabah-masjidil-haram-makkah.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327828/; classtype:trojan-activity;sid:84190928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327829)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-nft-guide-2024-1-9-0.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327829/; classtype:trojan-activity;sid:84190929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327823)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8968-min-scaled.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327823/; classtype:trojan-activity;sid:84190923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327824)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-495.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327824/; classtype:trojan-activity;sid:84190924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327825)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_e5bebd9a5285055b65f871e815e6c2f0.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327825/; classtype:trojan-activity;sid:84190925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327826)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-6.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327826/; classtype:trojan-activity;sid:84190926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sprawozdanie-finansowe-2023-wizualizacja-scalone.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327818/; classtype:trojan-activity;sid:84190918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327819)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brochure-a4.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327819/; classtype:trojan-activity;sid:84190919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-37.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327820/; classtype:trojan-activity;sid:84190920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327821)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-tbs-1a-3800-split-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327821/; classtype:trojan-activity;sid:84190921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327822)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3rd-qtr-2022-mission-news-fold.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327822/; classtype:trojan-activity;sid:84190922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327816)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cobb.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327816/; classtype:trojan-activity;sid:84190916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327817)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-t2525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525adtulo-1-19.jpg.lnk"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327817/; classtype:trojan-activity;sid:84190917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327813)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59138_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327813/; classtype:trojan-activity;sid:84190913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327814)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mailto252525252525252525252525253acv2525252525252525252525252540aliphdeen.com.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327814/; classtype:trojan-activity;sid:84190914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327815)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_crecyt_2016_metropolitana.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327815/; classtype:trojan-activity;sid:84190915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327804)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/497-sf-italian-granite-min-min-scaled.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327804/; classtype:trojan-activity;sid:84190904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327805)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/directorio-de-trabajadores-mayo-2021_0.xlsx.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327805/; classtype:trojan-activity;sid:84190905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327806)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/htb1w5bvpxxxxxbvxxxxq6xxfxxxw.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327806/; classtype:trojan-activity;sid:84190906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327807)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-10.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327807/; classtype:trojan-activity;sid:84190907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327808)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lemon-handwash-70-off-700x700-1.png.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327808/; classtype:trojan-activity;sid:84190908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327809)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deep-em-3-scaled.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327809/; classtype:trojan-activity;sid:84190909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327810)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boletin-marzo.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327810/; classtype:trojan-activity;sid:84190910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327811)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3881799-6711_01.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327811/; classtype:trojan-activity;sid:84190911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327812)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/513220745041.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327812/; classtype:trojan-activity;sid:84190912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327800)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-energy-saving-dne650.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327800/; classtype:trojan-activity;sid:84190900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327801)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-349-2022-felicitar-a-la-licenciada-morgot-cornejo-arredondo.pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327801/; classtype:trojan-activity;sid:84190901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327802)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57835853.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327802/; classtype:trojan-activity;sid:84190902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327803)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-331-2022-aceptar-la-renuncia-del-abg-angel-horacio-chicata-valdivia.pdf.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327803/; classtype:trojan-activity;sid:84190903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327795)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mi-proyecto.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327795/; classtype:trojan-activity;sid:84190895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327796)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6a5efa1d-113c-2975-1377-1d46c622afeb.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327796/; classtype:trojan-activity;sid:84190896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327797)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1730990922cf374a6c3b706dbb468e3824be395625.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327797/; classtype:trojan-activity;sid:84190897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327798)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/466864854_18021792044538979_5334817551571649538_n.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327798/; classtype:trojan-activity;sid:84190898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327799)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ieo-guide-20242.0.5.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327799/; classtype:trojan-activity;sid:84190899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327793)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/banco-terminologico-publicar.xlsx.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327793/; classtype:trojan-activity;sid:84190893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327794)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55046_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327794/; classtype:trojan-activity;sid:84190894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327790)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informaci25252525252525252525252525252525c32525252525252525252525252525252593n-proceso-de-admisi25252525252525252525252525252525c32525252525252525252525252525252593n-cupo-explora-unesco-2025-1.pdf.lnk"; http_uri; depth:211; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327790/; classtype:trojan-activity;sid:84190890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327791)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requirements-submissi.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:266; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327791/; classtype:trojan-activity;sid:84190891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/314108023304.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327792/; classtype:trojan-activity;sid:84190892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/u011_professional_universal_wi_1670393714_b9902a05_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327785/; classtype:trojan-activity;sid:84190885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jht-j245-platinum-charcoal.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327786/; classtype:trojan-activity;sid:84190886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sach-msutong-tap-11.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327787/; classtype:trojan-activity;sid:84190887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politica_de_reserva_in.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327788/; classtype:trojan-activity;sid:84190888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327789)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-taman-tol-padalarang.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327789/; classtype:trojan-activity;sid:84190889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-concurso.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327783/; classtype:trojan-activity;sid:84190883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guida-allo-staking-uniswap-2024-2.9.9.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327784/; classtype:trojan-activity;sid:84190884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-09-22-at-20.24.27-1024x768.jpeg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327778/; classtype:trojan-activity;sid:84190878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-tanpa-judul-91.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327779/; classtype:trojan-activity;sid:84190879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paige-leather-constance-skinny-jeans_17480076_36905239_2048.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327780/; classtype:trojan-activity;sid:84190880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-pepinillo-exocet.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327781/; classtype:trojan-activity;sid:84190881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-lab-4.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327782/; classtype:trojan-activity;sid:84190882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kumipalkeen_asennusohje.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327775/; classtype:trojan-activity;sid:84190875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo1.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327776/; classtype:trojan-activity;sid:84190876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01859-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327777/; classtype:trojan-activity;sid:84190877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/loctite-lb-771-en_gl.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327772/; classtype:trojan-activity;sid:84190872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327773)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/trust-member.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327773/; classtype:trojan-activity;sid:84190873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/smc-mn02-politicas-de-integridad-v2.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327774/; classtype:trojan-activity;sid:84190874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57529_27.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327769/; classtype:trojan-activity;sid:84190869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-005-solicitud-regional-juvenil.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327770/; classtype:trojan-activity;sid:84190870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/37-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327771/; classtype:trojan-activity;sid:84190871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/64b55fdbf576b95c488e66be_6257cdd37e45da0743bc92fc_planet54-acr.png.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327763/; classtype:trojan-activity;sid:84190863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0018.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327764/; classtype:trojan-activity;sid:84190864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carhartt-29-03-23.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327765/; classtype:trojan-activity;sid:84190865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-staking-guide-2024-3.0.4.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327766/; classtype:trojan-activity;sid:84190866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-26-at-10.01.59.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327767/; classtype:trojan-activity;sid:84190867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327755)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/racis_8_11zon.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327755/; classtype:trojan-activity;sid:84190855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327756)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/city.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327756/; classtype:trojan-activity;sid:84190856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/live-05-28abril2021-8.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327757/; classtype:trojan-activity;sid:84190857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-jaket-konveksi-hoodie2.jpg.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327758/; classtype:trojan-activity;sid:84190858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plaquette-jardins-collectifs-2-accompagnement.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327759/; classtype:trojan-activity;sid:84190859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.81.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327760/; classtype:trojan-activity;sid:84190860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55963_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327761/; classtype:trojan-activity;sid:84190861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ma_psychology_programme_outcomes.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327762/; classtype:trojan-activity;sid:84190862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roman_shades.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327753/; classtype:trojan-activity;sid:84190853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/300-tvd_p3_gerencia-admin-financiera.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327754/; classtype:trojan-activity;sid:84190854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/middle-sections-much-anticipated-annual-event-noir-et-blanc-4.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327749/; classtype:trojan-activity;sid:84190849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327750)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/affliation-b.ed.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327750/; classtype:trojan-activity;sid:84190850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hericium-plus-funghi-energia-e-salute.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327751/; classtype:trojan-activity;sid:84190851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-21.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327752/; classtype:trojan-activity;sid:84190852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/participacion-para-el-diagnostico_encuesta-resultados-y-definicion-tematicas.pdf.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327743/; classtype:trojan-activity;sid:84190843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-get-rid-of-boner.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327744/; classtype:trojan-activity;sid:84190844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lightloftarchitecturalguide.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327745/; classtype:trojan-activity;sid:84190845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/towards-a-federal-land-law-mm.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327746/; classtype:trojan-activity;sid:84190846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carmel_college_policies.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327747/; classtype:trojan-activity;sid:84190847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59906_13.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327748/; classtype:trojan-activity;sid:84190848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327740)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marcoregulatorioiie.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327740/; classtype:trojan-activity;sid:84190840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nazrahotel01.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327742/; classtype:trojan-activity;sid:84190842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60121_12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327737/; classtype:trojan-activity;sid:84190837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327738)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/08laboratorios-sophia-1.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327738/; classtype:trojan-activity;sid:84190838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j19_smokedebony_lifestyle_v3.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327735/; classtype:trojan-activity;sid:84190835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rst00231.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327736/; classtype:trojan-activity;sid:84190836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-regulatory-compliance-guide-2024-1.7.7.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327733/; classtype:trojan-activity;sid:84190833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6958-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327734/; classtype:trojan-activity;sid:84190834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/09_origin-soho-bkk_sky-lounge_final-1.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327728/; classtype:trojan-activity;sid:84190828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-sandia-afrodita.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327729/; classtype:trojan-activity;sid:84190829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23b83960f007044aca94e26f5c6b170fe102.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327730/; classtype:trojan-activity;sid:84190830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327731)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rf202517-425252525252525252525252525252525252525252525252525252525252525c225252525252525252525252525252525252525252525252525252525252525aa-tirada_liga-rfeta-campo-2017_r.pdf.lnk"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327731/; classtype:trojan-activity;sid:84190831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327732)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/etats-financiers-avant-audit-2020-2021-et-2022.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327732/; classtype:trojan-activity;sid:84190832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327723)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preguntas-frecuentes-cupo-explora-unesco-admisio252525252525252525252525252525252525cc25252525252525252525252525252525252581n-2025.pdf.lnk"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327723/; classtype:trojan-activity;sid:84190823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo2.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327724/; classtype:trojan-activity;sid:84190824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20231130_091833-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327725/; classtype:trojan-activity;sid:84190825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327726)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/my-melody-coloring-pages-free.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327726/; classtype:trojan-activity;sid:84190826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery16.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327727/; classtype:trojan-activity;sid:84190827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327717)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unknown-8.jpeg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327717/; classtype:trojan-activity;sid:84190817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7386.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327718/; classtype:trojan-activity;sid:84190818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/my-melody-coloring-page.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327719/; classtype:trojan-activity;sid:84190819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47479_43.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327720/; classtype:trojan-activity;sid:84190820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/100-tvd_p2_gerencia-ge.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327721/; classtype:trojan-activity;sid:84190821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-t2525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525adtulo-1-4.jpg.lnk"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327722/; classtype:trojan-activity;sid:84190822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/90402470_3037516942952985_5173660766451522078_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327715/; classtype:trojan-activity;sid:84190815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61e64orth3s._ac_sl1000_.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327716/; classtype:trojan-activity;sid:84190816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327712)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0625.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327712/; classtype:trojan-activity;sid:84190812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327713)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/metalurgica.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327713/; classtype:trojan-activity;sid:84190813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/citacion-reunion-ordinaria-20.10.2023.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327714/; classtype:trojan-activity;sid:84190814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327709)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3438-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327709/; classtype:trojan-activity;sid:84190809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327710)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rainbow-bay-google-maps-north.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327710/; classtype:trojan-activity;sid:84190810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327711)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bif-sajt.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327711/; classtype:trojan-activity;sid:84190811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2024-krahn-retail-price-list.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327707/; classtype:trojan-activity;sid:84190807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327708)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-tokenomics-report-20245-6-2.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327708/; classtype:trojan-activity;sid:84190808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327704)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie5.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327704/; classtype:trojan-activity;sid:84190804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327705)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs-2024-guide-2-exhibitors-opportunities-.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327705/; classtype:trojan-activity;sid:84190805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327706)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fl-pl01dr-u-bb-1080x1920-001-450x800.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327706/; classtype:trojan-activity;sid:84190806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327701)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47479_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327701/; classtype:trojan-activity;sid:84190801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327702)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_birkin_30_rose_jaipur_e_1704173495_4401fc51_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327702/; classtype:trojan-activity;sid:84190802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327703)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/denajee-aloe-protein-shampoo-back-copy.png.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327703/; classtype:trojan-activity;sid:84190803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327695)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-ano-2014-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327695/; classtype:trojan-activity;sid:84190795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327696)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/contribution_of_military_psychology_to_the_armed_forces_and_society.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327696/; classtype:trojan-activity;sid:84190796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327697)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-3-5.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327697/; classtype:trojan-activity;sid:84190797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327698)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ak_title_new_010122_lo-1-scaled.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327698/; classtype:trojan-activity;sid:84190798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327699)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/el-portal-de-maria.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327699/; classtype:trojan-activity;sid:84190799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327700)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hisense-65-inch-quantum-uled-smart-4k-tv-65u6k.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327700/; classtype:trojan-activity;sid:84190800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327692)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-14.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327692/; classtype:trojan-activity;sid:84190792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stairway-ministries-letter-for-sept.-2015.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327693/; classtype:trojan-activity;sid:84190793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327694)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shefali-khanna-at-world-marketing-congress-1.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327694/; classtype:trojan-activity;sid:84190794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327691)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roller_64_square_fascia_mount.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327691/; classtype:trojan-activity;sid:84190791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327684)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos252525252525252520staking252525252525252520guide25252525252525252020241.8.8.pdf.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327684/; classtype:trojan-activity;sid:84190784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327685)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/labcanna_10x20-fbd-2-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327685/; classtype:trojan-activity;sid:84190785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327686)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-developmen.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327686/; classtype:trojan-activity;sid:84190786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327687)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reichert_1-.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327687/; classtype:trojan-activity;sid:84190787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327688)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thach-canxi-jelly-vi-dao.png.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327688/; classtype:trojan-activity;sid:84190788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327689)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20-1607x1080.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327689/; classtype:trojan-activity;sid:84190789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327690)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plan-anticorrupcion-2016.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327690/; classtype:trojan-activity;sid:84190790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327682)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.-convocatoria-mola-curiosasmentes.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327682/; classtype:trojan-activity;sid:84190782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327683)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultados-2015.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327683/; classtype:trojan-activity;sid:84190783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327674)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/situacion-financiera-31-de-diciembre-2017_.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327674/; classtype:trojan-activity;sid:84190774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image00013.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327675/; classtype:trojan-activity;sid:84190775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327676)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54456_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327676/; classtype:trojan-activity;sid:84190776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327677)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0895.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327677/; classtype:trojan-activity;sid:84190777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327678)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-2-scaled.jpeg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327678/; classtype:trojan-activity;sid:84190778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327679)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3016999.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327679/; classtype:trojan-activity;sid:84190779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327680)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/takbiratul-ihram-sholat.jpeg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327680/; classtype:trojan-activity;sid:84190780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327681)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01628-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327681/; classtype:trojan-activity;sid:84190781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327673)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boston-charles-river-aerial-photography-downtown-1.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327673/; classtype:trojan-activity;sid:84190773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327668)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-20-at-09.13.57.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327668/; classtype:trojan-activity;sid:84190768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327669)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin-bag-price.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327669/; classtype:trojan-activity;sid:84190769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327670)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/administration-executive.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327670/; classtype:trojan-activity;sid:84190770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327671)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sarjana-tekniks-3.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327671/; classtype:trojan-activity;sid:84190771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327672)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1913341156478.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327672/; classtype:trojan-activity;sid:84190772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327667)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/qbic-renovation-header-s.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327667/; classtype:trojan-activity;sid:84190767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327666)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cso-leaders-covid-19-urgent-statement-english.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327666/; classtype:trojan-activity;sid:84190766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327661)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bulletin-adhesionadresseok.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327661/; classtype:trojan-activity;sid:84190761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/praktika-profesionale-periudha-e-2-dhe-e-3-viti-2024-2025.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327662/; classtype:trojan-activity;sid:84190762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2017-09-07_23-23-20.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327663/; classtype:trojan-activity;sid:84190763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/74632425_1244223699095736_3094411391444975616_o_1244223695762403.jpg.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327664/; classtype:trojan-activity;sid:84190764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-01-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327665/; classtype:trojan-activity;sid:84190765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2024-sfwsc-95-points-muscat-cask.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327658/; classtype:trojan-activity;sid:84190758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento_y_normativa_copa_pirineos.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327659/; classtype:trojan-activity;sid:84190759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fleur-tv-meubel-landelijk-wit-145cm-4.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327660/; classtype:trojan-activity;sid:84190760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stomatoloski-fakultet-monografija.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327654/; classtype:trojan-activity;sid:84190754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0629.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327655/; classtype:trojan-activity;sid:84190755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ice-snow-ice-flake-1-ton-2-1.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327656/; classtype:trojan-activity;sid:84190756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-1024x576.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327651/; classtype:trojan-activity;sid:84190751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0555.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327652/; classtype:trojan-activity;sid:84190752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-consensus-mechanism-details-20244.6.3.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327653/; classtype:trojan-activity;sid:84190753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1234.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327650/; classtype:trojan-activity;sid:84190750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carro-do-homem-bomba-que-se-explodiu-em-frente-ao-stf-ecc81-retirado-do-estacionamento-do-anexo-iv-da-cacc82mara-dos-deputados-metrocc81poles-4-gbjzvf.jpeg.lnk"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327645/; classtype:trojan-activity;sid:84190745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-audit-report-20241.7.2.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327646/; classtype:trojan-activity;sid:84190746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-risk-assessment-report-2024-1-9-0.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327647/; classtype:trojan-activity;sid:84190747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rttc-college-1-1.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327648/; classtype:trojan-activity;sid:84190748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informare-termen.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327649/; classtype:trojan-activity;sid:84190749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deporte2.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327644/; classtype:trojan-activity;sid:84190744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20220604-wa0026.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327637/; classtype:trojan-activity;sid:84190737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estatuto_amatra1_17.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327638/; classtype:trojan-activity;sid:84190738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carhartt-103296-relaxed-fit-heavyweight-short-sleeve-k87-pocket-t-shirt-workwear-nation-ltd-7292_560x.gif.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327639/; classtype:trojan-activity;sid:84190739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-de-token252525c3252525b3mica-tether-2024-1.4.2.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327640/; classtype:trojan-activity;sid:84190740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58531_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327641/; classtype:trojan-activity;sid:84190741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tagreuters.com2024binary_lynxnpek3b0m0-filedimage-r4vwwd.jpeg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327642/; classtype:trojan-activity;sid:84190742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/637_ejecucion-presupuestal-corte-dic-2020.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327643/; classtype:trojan-activity;sid:84190743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01982-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327631/; classtype:trojan-activity;sid:84190731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9301-l-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327632/; classtype:trojan-activity;sid:84190732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/376405253_877714000745628_6742737697956652007_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327633/; classtype:trojan-activity;sid:84190733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alphapro100_whey5kgchocolatesidealexardenticopy.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327634/; classtype:trojan-activity;sid:84190734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-40.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327635/; classtype:trojan-activity;sid:84190735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-22-at-10.49.57-pm-2.jpeg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327636/; classtype:trojan-activity;sid:84190736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myjaca-majormaker-classic-4050fw-1.png.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327628/; classtype:trojan-activity;sid:84190728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01-1.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327629/; classtype:trojan-activity;sid:84190729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/covolan_488855252525252525252525252525252525252525252525252525252520bsoh_pt-br.pdf.lnk"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327630/; classtype:trojan-activity;sid:84190730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0516.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327626/; classtype:trojan-activity;sid:84190726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tramites-ttsa-suit.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327627/; classtype:trojan-activity;sid:84190727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-3.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327623/; classtype:trojan-activity;sid:84190723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ophthalmic.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327624/; classtype:trojan-activity;sid:84190724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adi-oab-mp-contribuicao-sindical-folha.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327625/; classtype:trojan-activity;sid:84190725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-78-e1603175881465.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327619/; classtype:trojan-activity;sid:84190719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1261924-migliorato-nr.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327620/; classtype:trojan-activity;sid:84190720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fl-ba01at-u-bb-1080x1920-001-450x800.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327621/; classtype:trojan-activity;sid:84190721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49700_19.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327622/; classtype:trojan-activity;sid:84190722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tokuteiginou-31.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327617/; classtype:trojan-activity;sid:84190717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plan-pastoral-estrate252525252525252525252525cc25252525252525252525252581gico-2011-2021.pdf.lnk"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327618/; classtype:trojan-activity;sid:84190718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/book.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327615/; classtype:trojan-activity;sid:84190715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327616)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fl-studio-cracked.com.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327616/; classtype:trojan-activity;sid:84190716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/436787711_342763718803801_4696946486848032525_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327610/; classtype:trojan-activity;sid:84190710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/manual-del-servicio-a-la-ciudadania.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327611/; classtype:trojan-activity;sid:84190711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-outnva-rossignol-rsgl-top-hombre-outdoor-beige-4.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327612/; classtype:trojan-activity;sid:84190712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mapa-ronco-do-bugio--scaled.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327613/; classtype:trojan-activity;sid:84190713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imagen-de-whatsapp-2024-08-06-a-las-21.53.39_ab0b6f3e.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327614/; classtype:trojan-activity;sid:84190714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/igk-pay-day-shampoo-8oz-rig-igk-cpds08-500x500-1.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327607/; classtype:trojan-activity;sid:84190707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oferta_piwa_ale.browar.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327608/; classtype:trojan-activity;sid:84190708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/typ3-c5.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327609/; classtype:trojan-activity;sid:84190709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pulsoximetro-c29-1.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327603/; classtype:trojan-activity;sid:84190703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2024-08-28-20-44-37.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327604/; classtype:trojan-activity;sid:84190704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-governance-proposal-2024-3-6-2.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327605/; classtype:trojan-activity;sid:84190705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kelly-youtube-thumbnail-224x126_x1.5.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327606/; classtype:trojan-activity;sid:84190706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-1-1024x768.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327599/; classtype:trojan-activity;sid:84190699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image11476.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327600/; classtype:trojan-activity;sid:84190700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-1440x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327601/; classtype:trojan-activity;sid:84190701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandeep-x-ankita-2.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327602/; classtype:trojan-activity;sid:84190702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2024-08-01_10-48-12-773x1030.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327594/; classtype:trojan-activity;sid:84190694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/inserir-um-titulo-13-nu81f0.jpeg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327595/; classtype:trojan-activity;sid:84190695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/it.pdf.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327596/; classtype:trojan-activity;sid:84190696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-defi-protocol-documentation-2024-5.7.9.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327597/; classtype:trojan-activity;sid:84190697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-cebolla-campo-lindo.pdf.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327598/; classtype:trojan-activity;sid:84190698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/scratch-card_v2.1_leaflet_hindi-1.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327588/; classtype:trojan-activity;sid:84190688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/myopia_report_020517.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327589/; classtype:trojan-activity;sid:84190689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/odwyers-magazine-october-2018.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327590/; classtype:trojan-activity;sid:84190690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mushroom_and_swiss_stuffed_burger_800x800.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327591/; classtype:trojan-activity;sid:84190691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01997-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327592/; classtype:trojan-activity;sid:84190692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-audit-report-2024-5-1-7.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327593/; classtype:trojan-activity;sid:84190693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/24-royal-palm-bay-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327586/; classtype:trojan-activity;sid:84190686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/blackbalance_keksit_syvatty-611x1024.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327587/; classtype:trojan-activity;sid:84190687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/avis.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327583/; classtype:trojan-activity;sid:84190683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/equipo-escuela-anadime.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327584/; classtype:trojan-activity;sid:84190684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp8100.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327585/; classtype:trojan-activity;sid:84190685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/255.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327580/; classtype:trojan-activity;sid:84190680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/field-stone-5.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327581/; classtype:trojan-activity;sid:84190681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duplex-icarai-5.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327582/; classtype:trojan-activity;sid:84190682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rubrica-videos.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327573/; classtype:trojan-activity;sid:84190673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/g-shank.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327574/; classtype:trojan-activity;sid:84190674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3118066_1646162694249.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327575/; classtype:trojan-activity;sid:84190675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs-2024-exhibitor-branding-opportunities-20240601.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327576/; classtype:trojan-activity;sid:84190676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/partageons-les-jardins1-e1705679755491.png.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327577/; classtype:trojan-activity;sid:84190677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327578/; classtype:trojan-activity;sid:84190678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standard-electric-furnace-fo300.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327579/; classtype:trojan-activity;sid:84190679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-10-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327570/; classtype:trojan-activity;sid:84190670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryangled_bottom_up_roller_specs.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:255; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327571/; classtype:trojan-activity;sid:84190671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56918_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327572/; classtype:trojan-activity;sid:84190672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-regulatory-compliance-guide-2024-2.2.1.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327562/; classtype:trojan-activity;sid:84190662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mailto25252525252525252525252525252525253astittsvillefoodbank252525252525252525252525252525252540gmail.com.lnk"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327563/; classtype:trojan-activity;sid:84190663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/74532313_1244223579095748_2429789451774328832_o_1244223569095749.jpg.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327564/; classtype:trojan-activity;sid:84190664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juramant-alexandru.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327565/; classtype:trojan-activity;sid:84190665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/top-load-washer-wa80cg4240bwnq-4.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327566/; classtype:trojan-activity;sid:84190666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ws2-w2000-apple-watch-flex-tray-sensors-zw1921-22-zw1941-42-install-guide-english.pdf.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327567/; classtype:trojan-activity;sid:84190667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flujo-de-efectivo-2014.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327569/; classtype:trojan-activity;sid:84190669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kelly-rutherford-trim.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327557/; classtype:trojan-activity;sid:84190657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/369147_908453_40_anos_do_capacete_de_ayrton_senna.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327558/; classtype:trojan-activity;sid:84190658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58603_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327559/; classtype:trojan-activity;sid:84190659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1683138321ac95b11084ffcac1d7e81ca9b613a126.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327560/; classtype:trojan-activity;sid:84190660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vikrem.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327561/; classtype:trojan-activity;sid:84190661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-clubes-cientificos-2024-1.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327553/; classtype:trojan-activity;sid:84190653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kk.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327554/; classtype:trojan-activity;sid:84190654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1312259768184.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327555/; classtype:trojan-activity;sid:84190655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59906_12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327556/; classtype:trojan-activity;sid:84190656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asrs_geal_-10.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327551/; classtype:trojan-activity;sid:84190651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bathroom.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327552/; classtype:trojan-activity;sid:84190652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/princess-peach-mario-coloring-pages.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327546/; classtype:trojan-activity;sid:84190646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-favicon-1-192x192.png.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327547/; classtype:trojan-activity;sid:84190647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majocchi-politica-sa8000-2.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327548/; classtype:trojan-activity;sid:84190648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/certificacion-requisitos-rl.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327549/; classtype:trojan-activity;sid:84190649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deska-sedesowa-z-funkcja-bidetu-majormaker-rubine-290b-4-2.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327550/; classtype:trojan-activity;sid:84190650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327544)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-874924862.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327544/; classtype:trojan-activity;sid:84190644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327545)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-7.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327545/; classtype:trojan-activity;sid:84190645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-6.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327539/; classtype:trojan-activity;sid:84190639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/printable-plants-vs-zombies-coloring-pages.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327540/; classtype:trojan-activity;sid:84190640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_herbag_a_dos_zip_retour_1631681131_f234977e_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327541/; classtype:trojan-activity;sid:84190641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ham-cheese-toastie-angled.png.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327542/; classtype:trojan-activity;sid:84190642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/z4767191433839_e8d4e4554a98c8e168d9a27869497d02.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327543/; classtype:trojan-activity;sid:84190643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327537)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0.049.223_ibm-3583-19p3317-19p3254-remote-management-unit_a.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327537/; classtype:trojan-activity;sid:84190637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327538)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170366_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327538/; classtype:trojan-activity;sid:84190638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/beautiful-blonde-flower-flowers-girl-favim.com-143635-150x150.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327534/; classtype:trojan-activity;sid:84190634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/persian-singers-4.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327535/; classtype:trojan-activity;sid:84190635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327536)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-building-supply-p42i-tc-pellet-insert-1.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327536/; classtype:trojan-activity;sid:84190636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pujasera_2-e1659797476630.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327529/; classtype:trojan-activity;sid:84190629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327530)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/htb1a2w9lfxxxxbiaxxxq6xxfxxxz.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327530/; classtype:trojan-activity;sid:84190630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-07-06-at-13.00.10.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327531/; classtype:trojan-activity;sid:84190631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327532)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57786_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327532/; classtype:trojan-activity;sid:84190632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327533)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0667.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327533/; classtype:trojan-activity;sid:84190633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/347409408_624858526200686_2820878298386194053_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327519/; classtype:trojan-activity;sid:84190619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b1b32c_1eeb016e104248738df9a01fddf18a15.jpg_srz_p_900_600_85_22_0.50_1.20_0.jpg.lnk"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327520/; classtype:trojan-activity;sid:84190620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pro-railskirts-brochure.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327521/; classtype:trojan-activity;sid:84190621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambios-situacion-financiera-2013.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327522/; classtype:trojan-activity;sid:84190622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-kelly-dog-gold-plated-leather-bracelet.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327523/; classtype:trojan-activity;sid:84190623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-submission-e2.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327524/; classtype:trojan-activity;sid:84190624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327525)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-trofeo-san-vicente.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327525/; classtype:trojan-activity;sid:84190625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/organizational-chart.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327526/; classtype:trojan-activity;sid:84190626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerynovo-guia-de-identidade-visual-e-verbal-da-rede-lojacorr.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:213; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327527/; classtype:trojan-activity;sid:84190627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/distribuicao.-foto-neoenergia-1-qxoxul.jpeg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327528/; classtype:trojan-activity;sid:84190628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-education-material-2024-2-8-7.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327512/; classtype:trojan-activity;sid:84190612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-t2525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525adtulo-1-10.jpg.lnk"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327513/; classtype:trojan-activity;sid:84190613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327514)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-developme.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327514/; classtype:trojan-activity;sid:84190614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1000079706.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327515/; classtype:trojan-activity;sid:84190615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-kelly-dog-extreme-cuff-bracelet-etoupe-swift-67846_1.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327516/; classtype:trojan-activity;sid:84190616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.991.218-pc-samsung-thin-client-tc242-aio.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327517/; classtype:trojan-activity;sid:84190617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/installercheckin-scaled-2.png.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327518/; classtype:trojan-activity;sid:84190618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/64a5cddf-b8e1-4135-aac6-667fe55a1591-16169-00000c3b5681c97c.jpeg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327511/; classtype:trojan-activity;sid:84190611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59514_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327509/; classtype:trojan-activity;sid:84190609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/noc-.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327510/; classtype:trojan-activity;sid:84190610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-submis.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:195; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327504/; classtype:trojan-activity;sid:84190604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327505)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ekran-1579852449-10035677-1.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327505/; classtype:trojan-activity;sid:84190605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo-11.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327506/; classtype:trojan-activity;sid:84190606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327507)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kelly-spicers-case-study.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327507/; classtype:trojan-activity;sid:84190607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cedulas-de-dinheiro-real-moeda-brasileira_1022821_00600332_0_.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327508/; classtype:trojan-activity;sid:84190608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327498)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-808-2023-declarar-la-capacidad-de-yefferson-escobedo-charrez-y-maria-milagros-chuctaya-laucata.pdf.lnk"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327498/; classtype:trojan-activity;sid:84190598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327499)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phan-mem-trinh-chieu-co-doc-v4-1-4.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327499/; classtype:trojan-activity;sid:84190599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327500)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58603_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327500/; classtype:trojan-activity;sid:84190600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327501)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ_2304_3a_tirada_lliga_3d_2022_237480.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327501/; classtype:trojan-activity;sid:84190601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327502)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15-1.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327502/; classtype:trojan-activity;sid:84190602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327503)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6032406194abf7141d83bf344409abdd.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327503/; classtype:trojan-activity;sid:84190603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327494)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-frames-6.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327494/; classtype:trojan-activity;sid:84190594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327495)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lego-the-simpsons-house-set-71006-instructions-28.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327495/; classtype:trojan-activity;sid:84190595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327496)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3000w-instant-tankless-electric-hot-water-heater-faucet-kitchen-instant-heating-tap-water-heater-eu-plug-led-digital-display.jpg.lnk"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327496/; classtype:trojan-activity;sid:84190596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327497)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/o1cn01dinkme26jjo1yfe9j_6000000007698-0-tps-2480-3509.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327497/; classtype:trojan-activity;sid:84190597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327490)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-remo-bankstel-2-en-2.5-zits-8.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327490/; classtype:trojan-activity;sid:84190590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327491)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/i.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327491/; classtype:trojan-activity;sid:84190591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327492)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/algorand-smart-contract-tutorial-20245-6-2.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327492/; classtype:trojan-activity;sid:84190592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327493)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525a0-a-5.pdf.lnk"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327493/; classtype:trojan-activity;sid:84190593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327482)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gmc-mn01-manual-del-sistema-integrado-de-gestion-v2-intra.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327482/; classtype:trojan-activity;sid:84190582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327483)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-2-2017.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327483/; classtype:trojan-activity;sid:84190583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327484)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60078_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327484/; classtype:trojan-activity;sid:84190584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327486)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap-community-guidelines-20241.7.3.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327486/; classtype:trojan-activity;sid:84190586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327487)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vans-skate-ave-pro-black-252526-white-skate-shoes-_315467-front-us.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327487/; classtype:trojan-activity;sid:84190587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327488)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57852_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327488/; classtype:trojan-activity;sid:84190588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-whitepaper-20243.0.0.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327489/; classtype:trojan-activity;sid:84190589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327474)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55545_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327474/; classtype:trojan-activity;sid:84190574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327475)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryanytile.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327475/; classtype:trojan-activity;sid:84190575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327476)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/---_compressed.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327476/; classtype:trojan-activity;sid:84190576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327477)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-12.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327477/; classtype:trojan-activity;sid:84190577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327478)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-marvel-onyx-7.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327478/; classtype:trojan-activity;sid:84190578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327479)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-remo-hocker-2.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327479/; classtype:trojan-activity;sid:84190579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327480)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hl19clpg-500x500.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327480/; classtype:trojan-activity;sid:84190580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327481)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/almanca-kaynak.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327481/; classtype:trojan-activity;sid:84190581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327472)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-roadmap-2024-2-1-3.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327472/; classtype:trojan-activity;sid:84190572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327473)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/219.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327473/; classtype:trojan-activity;sid:84190573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327467)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barn-red.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327467/; classtype:trojan-activity;sid:84190567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327468)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bio04.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327468/; classtype:trojan-activity;sid:84190568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327470)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/muffinbreak_latte.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327470/; classtype:trojan-activity;sid:84190570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327460)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ferianinos2018-1-1.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327460/; classtype:trojan-activity;sid:84190560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327461)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/manual-de-procedimientos-administrativos-mapro.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327461/; classtype:trojan-activity;sid:84190561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327462)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/my-melody-coloring-pages-printable.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327462/; classtype:trojan-activity;sid:84190562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327463)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-deve.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327463/; classtype:trojan-activity;sid:84190563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327464)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/born-pink-camiseta-corta-blanca-1.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327464/; classtype:trojan-activity;sid:84190564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327465)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/colorker-tangram-3.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327465/; classtype:trojan-activity;sid:84190565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327466)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/edca-assets-sunscreen-infographics-1080x1080-spray_50spf_2000x.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327466/; classtype:trojan-activity;sid:84190566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327456)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/quatro-dos-cinco-presos-em-operaccca7acc83o-da-pf-golpe-militar-moraes-lula-alckmin-metrocc81poles-1jcaun.jpeg.lnk"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327456/; classtype:trojan-activity;sid:84190556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327457)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vibration-software.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327457/; classtype:trojan-activity;sid:84190557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327458)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo6.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327458/; classtype:trojan-activity;sid:84190558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327459)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/angled_bottom_up_roller_specs.pdfsearchqueryangled_bottom_up_roller_specs.pdfcrumb.lnk"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327459/; classtype:trojan-activity;sid:84190559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327453)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paap-actualizat-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327453/; classtype:trojan-activity;sid:84190553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327454)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6096-rotated.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327454/; classtype:trojan-activity;sid:84190554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327455)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/surat-nikah-yang-diduga-palsu-di-kecamatan-nagreg.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327455/; classtype:trojan-activity;sid:84190555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327450)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1000015695.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327450/; classtype:trojan-activity;sid:84190550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327451)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-1-cuadro-de-puestos-2.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327451/; classtype:trojan-activity;sid:84190551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327452)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327452/; classtype:trojan-activity;sid:84190552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327445)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo1.jpeg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327445/; classtype:trojan-activity;sid:84190545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327446)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/physics-programme_specific_outcome.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327446/; classtype:trojan-activity;sid:84190546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327447)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327447/; classtype:trojan-activity;sid:84190547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327448)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/300-tvd_p2_subgerencia-operativa.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327448/; classtype:trojan-activity;sid:84190548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327449)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-61-radicado-4943282024-nombre-peticionario-carlos-mario-lujan.pdf.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327449/; classtype:trojan-activity;sid:84190549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327439)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-30-4000has-sector-entre-guerrero-y-santa-monica-4000has-12.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327439/; classtype:trojan-activity;sid:84190539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327440)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/develi.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327440/; classtype:trojan-activity;sid:84190540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1690.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327441/; classtype:trojan-activity;sid:84190541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327442)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-7.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327442/; classtype:trojan-activity;sid:84190542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327443)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1680804305619ab9483f76783e791d7cc86ad942ef.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327443/; classtype:trojan-activity;sid:84190543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327444)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pro-sidewall-brochure.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327444/; classtype:trojan-activity;sid:84190544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327434)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-27-radicado-2460502024-nombre-peticionario-mary-sarmiento.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327434/; classtype:trojan-activity;sid:84190534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327435)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/herm_s-evelyne-iii-29-crossbody-bleu-jean-clemence_-62061_1.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327435/; classtype:trojan-activity;sid:84190535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327436)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/an25252525252525252525252525c325252525252525252525252525a1lise-de-mercado-eos-20244.9.4.pdf.lnk"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327436/; classtype:trojan-activity;sid:84190536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327437)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anf-10.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327437/; classtype:trojan-activity;sid:84190537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327438)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-convocatoria-entrevistas-en-medios.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327438/; classtype:trojan-activity;sid:84190538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327431)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-2.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327431/; classtype:trojan-activity;sid:84190531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327432)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-da-inserire-sul-sito-10.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327432/; classtype:trojan-activity;sid:84190532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327433)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-006-solicitud-campeonato-regional-de-palomos-jovenes-1.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327433/; classtype:trojan-activity;sid:84190533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327429)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/funci25252525252525252525252525252525252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525252525252525252525252525252525b3nfiscal-2.png.lnk"; http_uri; depth:197; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327429/; classtype:trojan-activity;sid:84190529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327430)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/48381779186_d9c6e26935_b-orqoqh.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327430/; classtype:trojan-activity;sid:84190530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327424)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aqar-report-2019-20.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327424/; classtype:trojan-activity;sid:84190524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327425)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/decizia-persoane-fizice.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327425/; classtype:trojan-activity;sid:84190525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327426)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oferta-vanzare-persoane-fizice.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327426/; classtype:trojan-activity;sid:84190526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327427)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/la-bonne-graine-2024-.pdf.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327427/; classtype:trojan-activity;sid:84190527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-12.jpeg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327428/; classtype:trojan-activity;sid:84190528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327420)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9.-universal-flex-sensor-zw1009_english-1.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327420/; classtype:trojan-activity;sid:84190520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-7.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327421/; classtype:trojan-activity;sid:84190521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327422)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/celex-31976l0769-ro-txt.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327422/; classtype:trojan-activity;sid:84190522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327423)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327423/; classtype:trojan-activity;sid:84190523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327417)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/concurs-de-recrutare-inspector-i-asistent-compartiment-contabilitate-si-buget.pdf.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327417/; classtype:trojan-activity;sid:84190517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327418)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solicitud-retiri-p.-de-acuerdo-autorizacion-contratacion-empresito.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327418/; classtype:trojan-activity;sid:84190518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327412)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc00508-2.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327412/; classtype:trojan-activity;sid:84190512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327413)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cbtn-dovitec-2023-dt2-2-ct-1.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327413/; classtype:trojan-activity;sid:84190513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327414)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucion-51-2021-adopta-manual-de-contratacion-1.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327414/; classtype:trojan-activity;sid:84190514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327415)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bumdes3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327415/; classtype:trojan-activity;sid:84190515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327416)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sig-p-365-7.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327416/; classtype:trojan-activity;sid:84190516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327402)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7751-4500-x-3000-2250-x-1500.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327402/; classtype:trojan-activity;sid:84190502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327403)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2022-06-02.-sk-pengelolaan-penanganan-pengaduan-pelanggan.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327403/; classtype:trojan-activity;sid:84190503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327404)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1713341156478.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327404/; classtype:trojan-activity;sid:84190504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327405)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rttc-save-water-8.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327405/; classtype:trojan-activity;sid:84190505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327406)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp9250.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327406/; classtype:trojan-activity;sid:84190506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327407)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gear_shield_nc_aerosol-1.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327407/; classtype:trojan-activity;sid:84190507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327408)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3952-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327408/; classtype:trojan-activity;sid:84190508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327409)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comunicare-acceptare-oferta-persoane-fizice.docx.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327409/; classtype:trojan-activity;sid:84190509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327410)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-fap-decomore-burkolattal-1.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327410/; classtype:trojan-activity;sid:84190510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327411)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-taxation-guide-2024-3-3-8.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327411/; classtype:trojan-activity;sid:84190511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327400)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anyfile.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327400/; classtype:trojan-activity;sid:84190500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327401)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1403-wr.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327401/; classtype:trojan-activity;sid:84190501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327396)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/love-potion-camiseta-blanca-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327396/; classtype:trojan-activity;sid:84190496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327397)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/staff-parties-img-6-408x544-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327397/; classtype:trojan-activity;sid:84190497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327398)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3062a.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327398/; classtype:trojan-activity;sid:84190498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327399)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312937339012.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327399/; classtype:trojan-activity;sid:84190499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327392)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327392/; classtype:trojan-activity;sid:84190492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327393)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-regulatory-compliance-guide-20241.7.7.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327393/; classtype:trojan-activity;sid:84190493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327394)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_10n_bar.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327394/; classtype:trojan-activity;sid:84190494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327395)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa-02-pousada-piedade-mata-atlantica-ronco-do-bugio.png.png.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327395/; classtype:trojan-activity;sid:84190495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327388)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_mayer.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327388/; classtype:trojan-activity;sid:84190488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327389)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55979_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327389/; classtype:trojan-activity;sid:84190489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327390)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01429-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327390/; classtype:trojan-activity;sid:84190490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327391)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/weltraf2.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327391/; classtype:trojan-activity;sid:84190491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327386)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.42.21-1024x1024.jpeg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327386/; classtype:trojan-activity;sid:84190486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327387)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/student-recruitment-officer-job-description.docx.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327387/; classtype:trojan-activity;sid:84190487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nsd-chemistry-final-brochure.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327380/; classtype:trojan-activity;sid:84190480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16866573922bab380641d6fc5f1e45adeeeb3478e0.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327381/; classtype:trojan-activity;sid:84190481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327382)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-milano-floor-5.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327382/; classtype:trojan-activity;sid:84190482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/album_explora_por-que.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327383/; classtype:trojan-activity;sid:84190483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327384)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/francisco-wanderley-luiz-rcnvby.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327384/; classtype:trojan-activity;sid:84190484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327385)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fl-sm01at-u-gg-1080x1920-001-450x800.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327385/; classtype:trojan-activity;sid:84190485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327376)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pro-weight-bags-brochure.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327376/; classtype:trojan-activity;sid:84190476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327377)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpa-outdo20-rossignol-rsgl-bottom-unisex-gris-6.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327377/; classtype:trojan-activity;sid:84190477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327378)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8041-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327378/; classtype:trojan-activity;sid:84190478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327379)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chez-hem-les-lundis-3.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327379/; classtype:trojan-activity;sid:84190479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327373)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/public-policy.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327373/; classtype:trojan-activity;sid:84190473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327374)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presentation-auscham-2024-en.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327374/; classtype:trojan-activity;sid:84190474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327375)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_personal_shopper__accessories_1531383049_05af277f.jpg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327375/; classtype:trojan-activity;sid:84190475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327369)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gebze-yetkili-servis-alveus.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327369/; classtype:trojan-activity;sid:84190469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327370)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15tmag-hermes-videosixteenbynine3000-v3-e9faf70335d67bdbd579ea68e5dbac4f_600x400.jpg.lnk"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327370/; classtype:trojan-activity;sid:84190470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327371)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-min-1024x764.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327371/; classtype:trojan-activity;sid:84190471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327372)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fluke_thermometres_numeriques_fr.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327372/; classtype:trojan-activity;sid:84190472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327365)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/08_june_prospectus_2024_25-bsc.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327365/; classtype:trojan-activity;sid:84190465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327366)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preds.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327366/; classtype:trojan-activity;sid:84190466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327367)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-remo-2.5-zits-6-e1589192412500.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327367/; classtype:trojan-activity;sid:84190467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327368)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/torres-energia-uvwbpm.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327368/; classtype:trojan-activity;sid:84190468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327357)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/samsung-11kg-ai-control-front-load-washing-machine-ww11cg604dlb-4.png.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327357/; classtype:trojan-activity;sid:84190457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327358)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01867-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327358/; classtype:trojan-activity;sid:84190458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327359)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-kelly-28-cm-handbag-in-craie-and-biscuit-epsom-leather.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327359/; classtype:trojan-activity;sid:84190459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327360)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unknown-3.jpeg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327360/; classtype:trojan-activity;sid:84190460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327361)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/225252525252525252525252525252525252525252525252525252525252525c225252525252525252525252525252525252525252525252525252525252525aa-tirada-de-liga-rfeta-de-campo-2015.pdf.lnk"; http_uri; depth:183; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327361/; classtype:trojan-activity;sid:84190461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327362)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vacuum-oven-up-to-10-2mbar2525252525252525252525252525252525252525252525252525252525252525252525252525252525252c-xfm-series.pdf.lnk"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327362/; classtype:trojan-activity;sid:84190462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327363)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boyfriend-jeans-cardigan.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327363/; classtype:trojan-activity;sid:84190463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327355)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/big_villa_elia_bedroom_1_closet.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327355/; classtype:trojan-activity;sid:84190455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327356)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/union-1.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327356/; classtype:trojan-activity;sid:84190456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327354)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54469_0.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327354/; classtype:trojan-activity;sid:84190454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327347)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kuppel-gewaechshaeus-6.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327347/; classtype:trojan-activity;sid:84190447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327348)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-64.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327348/; classtype:trojan-activity;sid:84190448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327350)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf0357.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327350/; classtype:trojan-activity;sid:84190450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327351)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51357_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327351/; classtype:trojan-activity;sid:84190451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327352)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-remo-2.5-zits-1.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327352/; classtype:trojan-activity;sid:84190452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327353)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-venti-boost-23.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327353/; classtype:trojan-activity;sid:84190453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327344)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/staff-parties-img-7-408x544-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327344/; classtype:trojan-activity;sid:84190444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327345)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327345/; classtype:trojan-activity;sid:84190445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327346)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/230718104930-01-hermes-birkin-bag-explainer-top-restricted.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327346/; classtype:trojan-activity;sid:84190446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327337)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-torneo-de-debates-2019-1.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327337/; classtype:trojan-activity;sid:84190437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327338)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eat-pro-protein-piada-2-piadine-da-50-grammi.jpg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327338/; classtype:trojan-activity;sid:84190438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327339)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d_nq_np_991427-mlm45538753234_042021-v.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327339/; classtype:trojan-activity;sid:84190439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327340)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/conversion.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327340/; classtype:trojan-activity;sid:84190440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327341)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lucas-alves-e-joao-vitor-guatemala-wo7o1m.jpeg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327341/; classtype:trojan-activity;sid:84190441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327342)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-2.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327342/; classtype:trojan-activity;sid:84190442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17297859972cfad0e96c8b2ec5f8fe58e6626af90a.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327343/; classtype:trojan-activity;sid:84190443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327336)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9589-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327336/; classtype:trojan-activity;sid:84190436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327334)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/peserta-fix-28-8.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327334/; classtype:trojan-activity;sid:84190434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327335)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pujasera_1-e1659797485505.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327335/; classtype:trojan-activity;sid:84190435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327326)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-su.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327326/; classtype:trojan-activity;sid:84190426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327327)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/_bases-congresos-provinciales-2017-hrxb.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327327/; classtype:trojan-activity;sid:84190427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327328)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-12-21-at-19.30.43-dijz6x.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327328/; classtype:trojan-activity;sid:84190428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327329)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_34c9ef76db031097602039efdecfc99b.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327329/; classtype:trojan-activity;sid:84190429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327330)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/noopur-x-deep-3-1-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327330/; classtype:trojan-activity;sid:84190430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327332)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juguete-perro-didactico.png.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327332/; classtype:trojan-activity;sid:84190432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327333)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/manual-campamento-explora-va-2025-2026.docx.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327333/; classtype:trojan-activity;sid:84190433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327320)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/backdrop-chia-tay-6.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327320/; classtype:trojan-activity;sid:84190420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327321)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/igk-good-behavior-4-in-1-prep-spray-7oz-rig-igk-fgb4n107-500x500-1.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327321/; classtype:trojan-activity;sid:84190421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/recognisation-d.el.ed.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327322/; classtype:trojan-activity;sid:84190422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327323)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10077597_001_358.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327323/; classtype:trojan-activity;sid:84190423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327324)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1261914-migliorato-nr.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327324/; classtype:trojan-activity;sid:84190424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327325)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aditi-x-harsh-1-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327325/; classtype:trojan-activity;sid:84190425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327313)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stevan-colovic_028.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327313/; classtype:trojan-activity;sid:84190413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327314)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/edital-leilao-presencial-no-02-2024.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327314/; classtype:trojan-activity;sid:84190414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327315)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/103.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327315/; classtype:trojan-activity;sid:84190415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327316)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo1.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327316/; classtype:trojan-activity;sid:84190416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327317)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7.3.-transito.-foto-paulo-h.-carvalho-agencia-brasilia-q2hmjn.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327317/; classtype:trojan-activity;sid:84190417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327318)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-crecyt-2018-rmso-.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327318/; classtype:trojan-activity;sid:84190418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327319)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandeep-x-ankita-3-scaled.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327319/; classtype:trojan-activity;sid:84190419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327310)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-nuevo-2.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327310/; classtype:trojan-activity;sid:84190410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327311)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/116673583.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327311/; classtype:trojan-activity;sid:84190411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327312)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/distribuicao.-foto-neoenergia-2-tolx2u.jpeg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327312/; classtype:trojan-activity;sid:84190412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13composicion-social.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327302/; classtype:trojan-activity;sid:84190402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_mini_lindy_etoupe_clemence_palladium_hw-1__47316.1602931635.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327303/; classtype:trojan-activity;sid:84190403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-api-documentation-2024-4.8.6.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327304/; classtype:trojan-activity;sid:84190404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327305)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/live-05-28abril2021-5.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327305/; classtype:trojan-activity;sid:84190405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327306)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fb_img_1609870743724-copy.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327306/; classtype:trojan-activity;sid:84190406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327307)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/welcome%20to%20the%20new%20eden.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327307/; classtype:trojan-activity;sid:84190407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327308)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/line_album_1-bed-plus-bp1-34-sq.m_230119_12.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327308/; classtype:trojan-activity;sid:84190408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327309)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_a9dfea494e1d49dbb561175ba19b7cc0.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327309/; classtype:trojan-activity;sid:84190409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327299)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.044.959_hdd-sas-2-5.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327299/; classtype:trojan-activity;sid:84190399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327300)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-governance-proposal-20243.5.8.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327300/; classtype:trojan-activity;sid:84190400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327301)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/perfect_fit_drapery_track_cavity.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327301/; classtype:trojan-activity;sid:84190401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327296)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sig-p365-w-sheild-rmsc.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327296/; classtype:trojan-activity;sid:84190396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327297)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20241119-wa0059.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327297/; classtype:trojan-activity;sid:84190397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327298)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1dining.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327298/; classtype:trojan-activity;sid:84190398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327285)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-api-documentation-2024-4-8-6.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327285/; classtype:trojan-activity;sid:84190385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327287)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin-1-1600x900.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327287/; classtype:trojan-activity;sid:84190387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59814_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327288/; classtype:trojan-activity;sid:84190388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58285_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327289/; classtype:trojan-activity;sid:84190389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327291)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nirf2024.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327291/; classtype:trojan-activity;sid:84190391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327292)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2018-09-12-at-3.18.31-pm.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327292/; classtype:trojan-activity;sid:84190392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327294)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/311_resized_detail_800_0_0_1_1.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327294/; classtype:trojan-activity;sid:84190394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327295)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_10.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327295/; classtype:trojan-activity;sid:84190395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0793.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327281/; classtype:trojan-activity;sid:84190381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-0909-1030x773.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327282/; classtype:trojan-activity;sid:84190382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryvendet-e-lira-dt.-15.11.2024-per-portalin-24-25.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327283/; classtype:trojan-activity;sid:84190383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juara-porsadinnas-07-07-03-07-1.png.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327284/; classtype:trojan-activity;sid:84190384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327274)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57199_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327274/; classtype:trojan-activity;sid:84190374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20180903_171808.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327275/; classtype:trojan-activity;sid:84190375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327276)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/line_album_1-bed-plus-bp1-34-sq.m_230119_13.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327276/; classtype:trojan-activity;sid:84190376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327277)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bandeiras-promocionais-dimensoes-p2-3-4_dimensoes.png.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327277/; classtype:trojan-activity;sid:84190377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327278)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7505.jpeg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327278/; classtype:trojan-activity;sid:84190378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327279)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-diciembre-2021.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327279/; classtype:trojan-activity;sid:84190379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327280)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-4.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327280/; classtype:trojan-activity;sid:84190380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327268)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/amenity-rooftop-deck.png.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327268/; classtype:trojan-activity;sid:84190368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327269)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/w2000_q60.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327269/; classtype:trojan-activity;sid:84190369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327271)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-dkn602.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327271/; classtype:trojan-activity;sid:84190371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327272)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/menu-novembre-2024.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327272/; classtype:trojan-activity;sid:84190372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327273)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/academic-calendar-2023.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327273/; classtype:trojan-activity;sid:84190373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327264)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-final-arcogpmadrid22-1.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327264/; classtype:trojan-activity;sid:84190364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327265)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0765.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327265/; classtype:trojan-activity;sid:84190365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327266)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/109525.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327266/; classtype:trojan-activity;sid:84190366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327267)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boletin-abril_ok.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327267/; classtype:trojan-activity;sid:84190367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327261)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-9.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327261/; classtype:trojan-activity;sid:84190361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327262)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01287-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327262/; classtype:trojan-activity;sid:84190362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327263)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aeroporto-guatemala-1-63l5g2.jpeg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327263/; classtype:trojan-activity;sid:84190363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327257)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa02suites_venda_centro-caucaia-ce-10.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327257/; classtype:trojan-activity;sid:84190357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327258)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmosecosystemreport2024521.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327258/; classtype:trojan-activity;sid:84190358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327259)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9738.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327259/; classtype:trojan-activity;sid:84190359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327260)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a0009666-1024x768.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327260/; classtype:trojan-activity;sid:84190360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327256)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171286_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327256/; classtype:trojan-activity;sid:84190356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327250)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/konkani.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327250/; classtype:trojan-activity;sid:84190350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327251)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryanytile.pngcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327251/; classtype:trojan-activity;sid:84190351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327252)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/993-sf-classic-walnut-min-min-scaled.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327252/; classtype:trojan-activity;sid:84190352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327253)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/81252b5ixdetfl._ac_ss450_.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327253/; classtype:trojan-activity;sid:84190353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327254)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-final-2t-promesasrfeta223344.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327254/; classtype:trojan-activity;sid:84190354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327255)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1_acta_2021_10_22_ordinaria.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327255/; classtype:trojan-activity;sid:84190355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327243)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20170203-wa0003.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327243/; classtype:trojan-activity;sid:84190343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327244)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eupati.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327244/; classtype:trojan-activity;sid:84190344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327245)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gyuerwxxeaaxqcd-1024x683.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327245/; classtype:trojan-activity;sid:84190345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327246)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento-academias-de-ciencias-2016-par-rmso.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327246/; classtype:trojan-activity;sid:84190346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327247)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ea7bca0a-7211-4c3a-8c0d-22587e62d773.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327247/; classtype:trojan-activity;sid:84190347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327248)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-725x544-1.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327248/; classtype:trojan-activity;sid:84190348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327249)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-148-mdc-2015-que-aprueba-el-reglamento-del-procedimiento-sancionador-y-aprueba-el-cuadro-de-unfracciones-y-sanciones-de-la-municipalid-distrital-de-cayma.pdf.lnk"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327249/; classtype:trojan-activity;sid:84190349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327233)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/il_1080xn.4172456419_ptgk.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327233/; classtype:trojan-activity;sid:84190333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327234)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-wallet-setup-guide-20245.9.3.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327234/; classtype:trojan-activity;sid:84190334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327236)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/o1cn01bvsldx1gkulxwgauo_6000000004180-2-tps-1190-1683.png.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327236/; classtype:trojan-activity;sid:84190336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327237)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tr1004.png.webp.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327237/; classtype:trojan-activity;sid:84190337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327238)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juego-android-cocina-tus-fajitas.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327238/; classtype:trojan-activity;sid:84190338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327239)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/work-and-holiday-presentation-2019.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327239/; classtype:trojan-activity;sid:84190339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327240)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01166-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327240/; classtype:trojan-activity;sid:84190340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327241)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afzmr47ayjljg8pnav8z.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327241/; classtype:trojan-activity;sid:84190341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327242)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/36x21-garage-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327242/; classtype:trojan-activity;sid:84190342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327231)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59421_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327231/; classtype:trojan-activity;sid:84190331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327232)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-feriacientifica-cach-2016.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327232/; classtype:trojan-activity;sid:84190332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327228)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20221007_111758-1-1125x1500-1-1030x772.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327228/; classtype:trojan-activity;sid:84190328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327229)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731504820a36d46335f6175e30e36ce9d886b512d.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327229/; classtype:trojan-activity;sid:84190329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327230)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie13.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327230/; classtype:trojan-activity;sid:84190330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327225)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7078486_1729693652961.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327225/; classtype:trojan-activity;sid:84190325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327227)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfin_annual-report_2019_r.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327227/; classtype:trojan-activity;sid:84190327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327219)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9.-w2000-zw2000-thai-translation.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327219/; classtype:trojan-activity;sid:84190319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327220)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/notas-estados-financieros-version-final-1.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327220/; classtype:trojan-activity;sid:84190320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327221)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-submission.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327221/; classtype:trojan-activity;sid:84190321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327222)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coolbell-5.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327222/; classtype:trojan-activity;sid:84190322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327223)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nt_politica_per_la_qualita-rev3.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327223/; classtype:trojan-activity;sid:84190323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327224)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525a0-b-3.pdf.lnk"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327224/; classtype:trojan-activity;sid:84190324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327218)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reparaciones.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327218/; classtype:trojan-activity;sid:84190318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327212)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-026.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327212/; classtype:trojan-activity;sid:84190312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327213)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.sc-sem-i-to-iv-repeat-exam-timetable-dec-2020.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327213/; classtype:trojan-activity;sid:84190313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327214)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-develo.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:239; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327214/; classtype:trojan-activity;sid:84190314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327215)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-211-scaled.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327215/; classtype:trojan-activity;sid:84190315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327216)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-09-04-at-09.37.52.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327216/; classtype:trojan-activity;sid:84190316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327217)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/catalogo-general-2024-rossignol.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327217/; classtype:trojan-activity;sid:84190317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327211)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-integral-marzo-2020.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327211/; classtype:trojan-activity;sid:84190311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327206)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gp-ciutat-de-lleida-2018.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327206/; classtype:trojan-activity;sid:84190306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327207)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d7bc07b9-1655-4e35-a7ca-a320c131897d.__cr0252c0252c970252c600_pt0_sx970_v1___.jpg.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327207/; classtype:trojan-activity;sid:84190307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327208)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/orbital233.mp3.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327208/; classtype:trojan-activity;sid:84190308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327209)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9.-w2000-zw2000-english.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327209/; classtype:trojan-activity;sid:84190309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327210)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-86.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327210/; classtype:trojan-activity;sid:84190310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327195)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2ed9a9ab-a761-9a1b-e717-3fbc2cf6f8e5.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327195/; classtype:trojan-activity;sid:84190295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327196)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bahamia-marina-blk-26-lot-25-drone-shot-scaled.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327196/; classtype:trojan-activity;sid:84190296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327197)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-r.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327197/; classtype:trojan-activity;sid:84190297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/white.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327198/; classtype:trojan-activity;sid:84190298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327199)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-herbag-bag-worn-on-the-shoulder-or-carried-in-the-hand-in-beige-canvas-and-natural-leather.jpg.lnk"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327199/; classtype:trojan-activity;sid:84190299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327200)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01430-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327200/; classtype:trojan-activity;sid:84190300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327201)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cgs_geoservices-list_2022.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327201/; classtype:trojan-activity;sid:84190301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327202)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kruyizy.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327202/; classtype:trojan-activity;sid:84190302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327203)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscina-2-elite.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327203/; classtype:trojan-activity;sid:84190303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327205)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-21-at-11.46.55-1l1a2n.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327205/; classtype:trojan-activity;sid:84190305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327192)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327192/; classtype:trojan-activity;sid:84190292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327193)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano_tokenomics_report_2024_v2.3.1.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327193/; classtype:trojan-activity;sid:84190293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327194)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscinas-28-elite.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327194/; classtype:trojan-activity;sid:84190294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327186)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-25252525252525252525252525c325252525252525252525252525b6kosystembericht-2024-5-5-0.pdf.lnk"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327186/; classtype:trojan-activity;sid:84190286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327187)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tupa-para-publicar-pag.-web-muni.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327187/; classtype:trojan-activity;sid:84190287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327188)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/118777623_3598257836885153_5448504208302033312_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327188/; classtype:trojan-activity;sid:84190288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327189)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/50202.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327189/; classtype:trojan-activity;sid:84190289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327190)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afadel19-1024x1024.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327190/; classtype:trojan-activity;sid:84190290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327191)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ribbon.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327191/; classtype:trojan-activity;sid:84190291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327179)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/manual-de-funciones-ttsa.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327179/; classtype:trojan-activity;sid:84190279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327180)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpk-louis-rossignol-rsgl-tercera-capa-hombre-parka-azul-6.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327180/; classtype:trojan-activity;sid:84190280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327181)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-extra-4.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327181/; classtype:trojan-activity;sid:84190281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327182)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comac.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327182/; classtype:trojan-activity;sid:84190282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327183)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rni-nio-xd140-nioxin-system-3-shampooconditioner-litre-duo-228x228-1.jpg.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327183/; classtype:trojan-activity;sid:84190283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327184)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/captura-de-pantalla-2019-07-26-a-las-16.29.27-286x300.png.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327184/; classtype:trojan-activity;sid:84190284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327185)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambios-en-el-patrimonio-diciembre-2019.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327185/; classtype:trojan-activity;sid:84190285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327176)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambios-en-el-patrimonio-2011.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327176/; classtype:trojan-activity;sid:84190276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327177)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9estrategia_racionalizacion_consolidado-ttsa.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327177/; classtype:trojan-activity;sid:84190277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327178)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327178/; classtype:trojan-activity;sid:84190278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327173)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20190710_115700-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327173/; classtype:trojan-activity;sid:84190273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327174)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/protection-contre-la-foudre-norme-francaise.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327174/; classtype:trojan-activity;sid:84190274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327175)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerylearn.skillnation.aicrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327175/; classtype:trojan-activity;sid:84190275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327170)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-railskirt-10-royal-blue.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327170/; classtype:trojan-activity;sid:84190270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327171)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/affiliation-letter-page-1-1.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327171/; classtype:trojan-activity;sid:84190271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327172)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/himanshu-x-yogita-11-scaled.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327172/; classtype:trojan-activity;sid:84190272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327165)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tapestries-on-blue-wall-decor.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327165/; classtype:trojan-activity;sid:84190265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327166)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfin-top-20-as-of-april-14-2023.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327166/; classtype:trojan-activity;sid:84190266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327167)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cd_env.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327167/; classtype:trojan-activity;sid:84190267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327168)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7078499_1729693666747.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327168/; classtype:trojan-activity;sid:84190268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327169)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0068.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327169/; classtype:trojan-activity;sid:84190269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327155)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/196.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327155/; classtype:trojan-activity;sid:84190255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327156)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-25-swift-brique-mauve-front.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327156/; classtype:trojan-activity;sid:84190256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327157)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/107094690_10157870921488743_426513812390890372_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327157/; classtype:trojan-activity;sid:84190257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327158)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/restaurant.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327158/; classtype:trojan-activity;sid:84190258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327159)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thumbnail-gac-ro-luoi-bicare.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327159/; classtype:trojan-activity;sid:84190259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327160)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_19.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327160/; classtype:trojan-activity;sid:84190260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327161)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-roadmap-20244.6.4.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327161/; classtype:trojan-activity;sid:84190261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327162)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-almamater-konveksi-almet1.jpg.lnk"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327162/; classtype:trojan-activity;sid:84190262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327163)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-aphmau.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327163/; classtype:trojan-activity;sid:84190263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327164)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sam_0742.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327164/; classtype:trojan-activity;sid:84190264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327153)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1730473794f5453ed05e87fac4435f1e1b7accf54a.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327153/; classtype:trojan-activity;sid:84190253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327154)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave_whitepaper_2024-3.7.5.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327154/; classtype:trojan-activity;sid:84190254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327149)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20241111-wa0014.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327149/; classtype:trojan-activity;sid:84190249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327150)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/info-asseg-accident-esportiu-tipus-llicencia.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327150/; classtype:trojan-activity;sid:84190250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327151)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/indice-de-informacion-clasificada.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327151/; classtype:trojan-activity;sid:84190251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327152)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-roma-gold-11.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327152/; classtype:trojan-activity;sid:84190252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327146)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/welcome%20to%20hell.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327146/; classtype:trojan-activity;sid:84190246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327147)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20190628-wa0009.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327147/; classtype:trojan-activity;sid:84190247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327148)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-submissio.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:198; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327148/; classtype:trojan-activity;sid:84190248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327142)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mailto252525252525252525252525252525253acv2525252525252525252525252525252540aliphdeen.com.lnk"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327142/; classtype:trojan-activity;sid:84190242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327143)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:180; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327143/; classtype:trojan-activity;sid:84190243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327144)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cat_s22_flip_02.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327144/; classtype:trojan-activity;sid:84190244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327137)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brochure_bewoners_-multifunctionele_woningen_56_woningen_zeeheldenwijk_te_urk.pdf.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327137/; classtype:trojan-activity;sid:84190237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327138)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave25252520ecosystem25252520report252525202024252525204.1.7.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327138/; classtype:trojan-activity;sid:84190238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327139)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/service-ac-5-768x768-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327139/; classtype:trojan-activity;sid:84190239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327140)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/callmehome.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327140/; classtype:trojan-activity;sid:84190240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327134)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brouchure_explora_online.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327134/; classtype:trojan-activity;sid:84190234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327135)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/senior.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327135/; classtype:trojan-activity;sid:84190235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327136)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312259768173.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327136/; classtype:trojan-activity;sid:84190236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327129)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-20-at-09.13.56-2.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327129/; classtype:trojan-activity;sid:84190229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327130)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pineda.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327130/; classtype:trojan-activity;sid:84190230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327131)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01735.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327131/; classtype:trojan-activity;sid:84190231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327132)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-educational-material-2024-5-3-3.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327132/; classtype:trojan-activity;sid:84190232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327133)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc08728-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327133/; classtype:trojan-activity;sid:84190233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327122)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/precision-07.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327122/; classtype:trojan-activity;sid:84190222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327123)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/741-1.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327123/; classtype:trojan-activity;sid:84190223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327124)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/live-05-28abril2021.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327124/; classtype:trojan-activity;sid:84190224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327125)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estructura-granja.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327125/; classtype:trojan-activity;sid:84190225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327126)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20180628_145946.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327126/; classtype:trojan-activity;sid:84190226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327127)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/crc-anti-seize-copper-tds.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327127/; classtype:trojan-activity;sid:84190227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327128)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standard-electric-furnace-fo710.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327128/; classtype:trojan-activity;sid:84190228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327115)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-18-at-14.25.37.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327115/; classtype:trojan-activity;sid:84190215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327116)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/co2-system-discharge-nozzle.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327116/; classtype:trojan-activity;sid:84190216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327117)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-315.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327117/; classtype:trojan-activity;sid:84190217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327118)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21.11.-materia-seedf-foto-jotta-casttro-seedf-mulheres-no-comando-tecnicas-quebram-barreiras-no-basquete-dos-jogos-da-juventude-2024-foto-capa-qxyfgx.jpeg.lnk"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327118/; classtype:trojan-activity;sid:84190218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327119)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lumeeee.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327119/; classtype:trojan-activity;sid:84190219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327120)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arab.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327120/; classtype:trojan-activity;sid:84190220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327121)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tercera-capa-2024-rossignol.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327121/; classtype:trojan-activity;sid:84190221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327110)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asm_halebasakcaglar_gorseli-1140x570-1.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327110/; classtype:trojan-activity;sid:84190210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327111)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20171109_085705.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327111/; classtype:trojan-activity;sid:84190211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327112)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/feestfolder-slagerij-brecht-2023.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327112/; classtype:trojan-activity;sid:84190212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327113)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anunt-privind-programarea-pentru-depunerea-cererii-pentru-eliberarea-actului-de-identitate.pdf.lnk"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327113/; classtype:trojan-activity;sid:84190213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327114)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-picotine-lock-bag-2.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327114/; classtype:trojan-activity;sid:84190214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327109)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carol-branden-106-edit.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327109/; classtype:trojan-activity;sid:84190209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327105)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/admissions-officer-job-description.docx.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327105/; classtype:trojan-activity;sid:84190205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327106)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-risk-assessment-report-2024-2-2-8.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327106/; classtype:trojan-activity;sid:84190206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327107)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/316.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327107/; classtype:trojan-activity;sid:84190207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327108)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5636-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327108/; classtype:trojan-activity;sid:84190208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327101)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mailto25252525252525252525253acv252525252525252525252540aliphdeen.com.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327101/; classtype:trojan-activity;sid:84190201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327102)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/canopy-by-hilton-istanbul-taksim-rendering.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327102/; classtype:trojan-activity;sid:84190202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327103)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_18.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327103/; classtype:trojan-activity;sid:84190203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327104)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/268.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327104/; classtype:trojan-activity;sid:84190204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327098)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum-risk-assessment-report-2024-1-9-0.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327098/; classtype:trojan-activity;sid:84190198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327099)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clinical-study-03.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327099/; classtype:trojan-activity;sid:84190199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327100)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srbija2.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327100/; classtype:trojan-activity;sid:84190200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327091)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirem.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327091/; classtype:trojan-activity;sid:84190191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327092)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58603_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327092/; classtype:trojan-activity;sid:84190192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327093)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-355.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327093/; classtype:trojan-activity;sid:84190193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327094)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duplex-icarai-14.jpeg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327094/; classtype:trojan-activity;sid:84190194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327095)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comunicado-de-opinion-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327095/; classtype:trojan-activity;sid:84190195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327096)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c_276740-l_1-k_imagepuff.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327096/; classtype:trojan-activity;sid:84190196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327097)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/346640308_1304366373448645_2596877935748904556_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327097/; classtype:trojan-activity;sid:84190197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327088)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_2.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327088/; classtype:trojan-activity;sid:84190188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327089)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2015-campionatdecatalunyacadetimenors.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327089/; classtype:trojan-activity;sid:84190189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327082)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-02-19-at-20.21.35-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327082/; classtype:trojan-activity;sid:84190182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327084)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/inscripcion.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327084/; classtype:trojan-activity;sid:84190184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327085)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/an-updated-marmarica-plateau-flora-2021.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327085/; classtype:trojan-activity;sid:84190185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327086)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/protection-against-water-drops-iec-60529.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327086/; classtype:trojan-activity;sid:84190186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327087)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bf_small_grants_annex-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327087/; classtype:trojan-activity;sid:84190187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327076)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hqdefault.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327076/; classtype:trojan-activity;sid:84190176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327077)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto6.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327077/; classtype:trojan-activity;sid:84190177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327078)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57658_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327078/; classtype:trojan-activity;sid:84190178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327079)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20220831_announcement_en.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327079/; classtype:trojan-activity;sid:84190179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327080)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seleccionados-exploradores-2024_actualizada.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327080/; classtype:trojan-activity;sid:84190180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327081)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327081/; classtype:trojan-activity;sid:84190181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327071)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/summer-2022-edition.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327071/; classtype:trojan-activity;sid:84190171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327072)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap-security-best-practices-2024-5-5-7.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327072/; classtype:trojan-activity;sid:84190172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327073)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a01_771-188.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327073/; classtype:trojan-activity;sid:84190173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327074)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pekka.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327074/; classtype:trojan-activity;sid:84190174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327075)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_2856.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327075/; classtype:trojan-activity;sid:84190175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327067)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lume-3-scaled.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327067/; classtype:trojan-activity;sid:84190167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327068)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1000073562.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327068/; classtype:trojan-activity;sid:84190168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327069)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-266.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327069/; classtype:trojan-activity;sid:84190169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327070)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-sabado.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327070/; classtype:trojan-activity;sid:84190170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327063)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59806_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327063/; classtype:trojan-activity;sid:84190163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327064)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59421_32.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327064/; classtype:trojan-activity;sid:84190164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327065)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rnt.pdf.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327065/; classtype:trojan-activity;sid:84190165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327066)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/point-2.15_4_11zon.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327066/; classtype:trojan-activity;sid:84190166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327059)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cli_0601-1-scaled.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327059/; classtype:trojan-activity;sid:84190159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327060)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3_bahasa-indonesian-penggantian-adhesive-pada-sensor-zw1051-52-di-ws-2.pdf.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327060/; classtype:trojan-activity;sid:84190160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327061)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-audit-report-2024-3.2.2.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327061/; classtype:trojan-activity;sid:84190161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327062)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gts-ft39-matriz-de-peligros.xlsx.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327062/; classtype:trojan-activity;sid:84190162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327057)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/basesfae2014.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327057/; classtype:trojan-activity;sid:84190157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327058)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/436817647_342763772137129_1093731478925508322_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327058/; classtype:trojan-activity;sid:84190158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327051)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gov.uscourts.cand_.293546.8088.0.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327051/; classtype:trojan-activity;sid:84190151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327052)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aakanksha-x-vivek-5.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327052/; classtype:trojan-activity;sid:84190152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327054)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20161205-wa0033.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327054/; classtype:trojan-activity;sid:84190154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/314044081926.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327055/; classtype:trojan-activity;sid:84190155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327056)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/images.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327056/; classtype:trojan-activity;sid:84190156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327046)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/trazimo-300x250-laptop-1.png.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327046/; classtype:trojan-activity;sid:84190146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327047)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-developm.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327047/; classtype:trojan-activity;sid:84190147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327048)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pennellino-painting-event-milano-poppies-02.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327048/; classtype:trojan-activity;sid:84190148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327049)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57104_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327049/; classtype:trojan-activity;sid:84190149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327050)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum-community-guidelines-20245-8-5.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327050/; classtype:trojan-activity;sid:84190150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327042)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2164dcfb-c0df-be07-96ba-8bebdda494ed.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327042/; classtype:trojan-activity;sid:84190142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327043)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_22.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327043/; classtype:trojan-activity;sid:84190143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327044)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery-img-4.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327044/; classtype:trojan-activity;sid:84190144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327045)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54152245067_4811ed7684_k-1-fobsss.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327045/; classtype:trojan-activity;sid:84190145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327032)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-56-radicado-4624032024-nombre-peticionario-orlando-nieto.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327032/; classtype:trojan-activity;sid:84190132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327033)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/valentine-img12-725x544.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327033/; classtype:trojan-activity;sid:84190133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327034)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dise25252525252525252525252525252525252525c325252525252525252525252525252525252525b1o-sin-t25252525252525252525252525252525252525c325252525252525252525252525252525252525adtulo-8.png.lnk"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327034/; classtype:trojan-activity;sid:84190134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327035)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dan-company-profile-2023.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327035/; classtype:trojan-activity;sid:84190135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327036)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-45-radicado-2995882024-nombre-anonimo.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327036/; classtype:trojan-activity;sid:84190136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327037)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-remo-bankstel-2-en-2.5-zits-15.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327037/; classtype:trojan-activity;sid:84190137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327038)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-governance-proposal-2024-1-4-4.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327038/; classtype:trojan-activity;sid:84190138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327039)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sluzbeni_list_24_2024.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327039/; classtype:trojan-activity;sid:84190139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327040)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-8.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327040/; classtype:trojan-activity;sid:84190140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327041)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paap-proiect-u.r.-impact-prioritizing-social-impact-in-urban-regeneration.pdf.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327041/; classtype:trojan-activity;sid:84190141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327031)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47479_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327031/; classtype:trojan-activity;sid:84190131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327027)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6654.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327027/; classtype:trojan-activity;sid:84190127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327028)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/amendment-of-bursary-scheme.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327028/; classtype:trojan-activity;sid:84190128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327029)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112937338988.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327029/; classtype:trojan-activity;sid:84190129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327030)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-atlas-concorde-marvel-gala-burkolattal-2.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327030/; classtype:trojan-activity;sid:84190130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327022)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_4540-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327022/; classtype:trojan-activity;sid:84190122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327023)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/239086098_106373421759151_7372755328007165957_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327023/; classtype:trojan-activity;sid:84190123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327024)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ikmskpd-triwulan-1-5.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327024/; classtype:trojan-activity;sid:84190124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327025)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59375_65.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327025/; classtype:trojan-activity;sid:84190125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327026)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aphmau-and-aaron-coloring-pages.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327026/; classtype:trojan-activity;sid:84190126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327021)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-guide-de-conformite-reglementaire-20241.9.5.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327021/; classtype:trojan-activity;sid:84190121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327019)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nikhil-x-pakhi-5-scaled.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327019/; classtype:trojan-activity;sid:84190119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327020)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-25-at-16.51.01_8549709e.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327020/; classtype:trojan-activity;sid:84190120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327016)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1313619844933.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327016/; classtype:trojan-activity;sid:84190116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327017)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/download-5.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327017/; classtype:trojan-activity;sid:84190117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327018)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327018/; classtype:trojan-activity;sid:84190118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327005)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60081_13.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327005/; classtype:trojan-activity;sid:84190105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327006)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5047-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327006/; classtype:trojan-activity;sid:84190106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327007)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-a.-yani-kayuringin.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327007/; classtype:trojan-activity;sid:84190107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327008)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/samsung-11kg-ai-control-front-load-washing-machine-ww11cg604dlb-5.png.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327008/; classtype:trojan-activity;sid:84190108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327009)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-014.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327009/; classtype:trojan-activity;sid:84190109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327010)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-30cm-hermes-birkin-30cm-gold-togo-leather-with-gold-hardware-37327441952924.jpg.lnk"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327010/; classtype:trojan-activity;sid:84190110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327011)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dji_0076-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327011/; classtype:trojan-activity;sid:84190111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327013)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deska-sedesowa-z-funkcja-bidetu-majormaker-rubine-290b-3-2.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327013/; classtype:trojan-activity;sid:84190113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327014)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-tundra-14.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327014/; classtype:trojan-activity;sid:84190114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326997)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dg-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326997/; classtype:trojan-activity;sid:84190097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326998)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-con-corte-a-31-de-marzo-2022-ttb-formato-pdf.pdf.lnk"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326998/; classtype:trojan-activity;sid:84190098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326999)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2427_hermes_herbag_39_sablenatural-ecru_xl_d8.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326999/; classtype:trojan-activity;sid:84190099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327000)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-event-light-single.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327000/; classtype:trojan-activity;sid:84190100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327001)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20200213-wa0053-768x1024.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327001/; classtype:trojan-activity;sid:84190101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327002)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/collier-de-chien-bracelet--068440cc89-worn-2-0-0-320-320_g.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327002/; classtype:trojan-activity;sid:84190102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327003)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a-realistic-sad-teenage-boy-with-black-hair-sitting-backwards-with-the-head-between-his-knees-with-empty-alcohol-bottles-around-him-copy.jpg.lnk"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327003/; classtype:trojan-activity;sid:84190103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3327004)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/341557675598.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3327004/; classtype:trojan-activity;sid:84190104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326993)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kurtulus_vakfi_1.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326993/; classtype:trojan-activity;sid:84190093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326994)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deilton-2-q0s7fw.jpeg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326994/; classtype:trojan-activity;sid:84190094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326995)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2_2_11zon.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326995/; classtype:trojan-activity;sid:84190095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326996)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2022-11-27-at-3.07.22-pm.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326996/; classtype:trojan-activity;sid:84190096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326988)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-final-acreditaciones-te25252525252525252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252525252525252581cnicos-2020-20219907.pdf.lnk"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326988/; classtype:trojan-activity;sid:84190088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326989)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/weblogiconoda-datasheet-1925421.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326989/; classtype:trojan-activity;sid:84190089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326990)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tsw07835-compressed-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326990/; classtype:trojan-activity;sid:84190090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326991)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-lego.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326991/; classtype:trojan-activity;sid:84190091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326992)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0b8e6972-d269-4743-b532-d5ba7bbf2df3-1200x750-1.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326992/; classtype:trojan-activity;sid:84190092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326984)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfin_annual-report_2022_r.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326984/; classtype:trojan-activity;sid:84190084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326985)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/precision-image-logo.png.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326985/; classtype:trojan-activity;sid:84190085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326987)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/electric-kettle.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326987/; classtype:trojan-activity;sid:84190087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326983)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/esf-dic-2023-1.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326983/; classtype:trojan-activity;sid:84190083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326982)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polo-efdeco.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326982/; classtype:trojan-activity;sid:84190082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326979)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fees.ma_.msc_.mcom-2024-25.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326979/; classtype:trojan-activity;sid:84190079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326980)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunny-side-web.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326980/; classtype:trojan-activity;sid:84190080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326981)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-19.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326981/; classtype:trojan-activity;sid:84190081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326977)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain-tokenomics-report-20245-4-2.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326977/; classtype:trojan-activity;sid:84190077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326978)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731531360873624bec68ad1a138708eb45dd4f807.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326978/; classtype:trojan-activity;sid:84190078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326973)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cod-etica-2020.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326973/; classtype:trojan-activity;sid:84190073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326974)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-19.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326974/; classtype:trojan-activity;sid:84190074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326975)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/equipo-club-deportivo-malaga-1903.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326975/; classtype:trojan-activity;sid:84190075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326976)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20141123_175549-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326976/; classtype:trojan-activity;sid:84190076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326967)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-12-24-presentacion-c.-piedras-negras-105-ote-villa-de-fuente-2395000.jpg.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326967/; classtype:trojan-activity;sid:84190067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326968)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-sub.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326968/; classtype:trojan-activity;sid:84190068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326969)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-09-16-at-19.25.00.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326969/; classtype:trojan-activity;sid:84190069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-09-03-at-13.00.40.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326970/; classtype:trojan-activity;sid:84190070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326971)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/183226373_3768945123216230_5824720924666076721_n-e1621254824678.jpg.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326971/; classtype:trojan-activity;sid:84190071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326972)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iss2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326972/; classtype:trojan-activity;sid:84190072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326954)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-cebolla-sweet-magnolia.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326954/; classtype:trojan-activity;sid:84190054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326955)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-developmen.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:243; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326955/; classtype:trojan-activity;sid:84190055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326956)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pepe.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326956/; classtype:trojan-activity;sid:84190056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326957)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-ylico-9.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326957/; classtype:trojan-activity;sid:84190057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326958)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mammoet-ale.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326958/; classtype:trojan-activity;sid:84190058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326959)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchquerypazrk-hals.jpgcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:236; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326959/; classtype:trojan-activity;sid:84190059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326960)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/octinoxate-avobenzone-oxybenzone-octocrylene-zinc-oxide-topical-solution-500x500.jpg.lnk"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326960/; classtype:trojan-activity;sid:84190060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326961)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-scaled.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326961/; classtype:trojan-activity;sid:84190061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326962)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lumeee.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326962/; classtype:trojan-activity;sid:84190062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326963)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/29729238-1_2.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326963/; classtype:trojan-activity;sid:84190063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326964)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/basesmediamaratonvaldivia2025.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326964/; classtype:trojan-activity;sid:84190064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326965)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/convocatoria-campamentos-final.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326965/; classtype:trojan-activity;sid:84190065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326966)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambios-en-el-patrimonio-2015.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326966/; classtype:trojan-activity;sid:84190066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326948)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/498-sf-light-granite-min-min-scaled.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326948/; classtype:trojan-activity;sid:84190048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326949)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kaseta-kdc-1803.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326949/; classtype:trojan-activity;sid:84190049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326950)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6722.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326950/; classtype:trojan-activity;sid:84190050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326951)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryinstrukcja-montazu-4020fb-4020fw-4030f-4050fw.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326951/; classtype:trojan-activity;sid:84190051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326952)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/278253398_541037990718186_4131581349435814295_n-1024x1024.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326952/; classtype:trojan-activity;sid:84190052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326953)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paris-1st-4.jpeg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326953/; classtype:trojan-activity;sid:84190053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326946)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-2.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326946/; classtype:trojan-activity;sid:84190046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326947)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/240599970_2061992807283359_950932983981469594_n-1.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326947/; classtype:trojan-activity;sid:84190047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informatii-generale.doc.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326945/; classtype:trojan-activity;sid:84190045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326941)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gp-header04.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326941/; classtype:trojan-activity;sid:84190041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326942)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mazurska_manufaktua-folder_produktowy2023.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326942/; classtype:trojan-activity;sid:84190042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326943)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phytosleep2.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326943/; classtype:trojan-activity;sid:84190043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326944)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/313619844911.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326944/; classtype:trojan-activity;sid:84190044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326937)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arabika-robusta.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326937/; classtype:trojan-activity;sid:84190037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326939)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ficha-reserva-mim-6-10.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326939/; classtype:trojan-activity;sid:84190039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326940)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juz-2.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326940/; classtype:trojan-activity;sid:84190040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326935)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/playgroup.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326935/; classtype:trojan-activity;sid:84190035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326936)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60019_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326936/; classtype:trojan-activity;sid:84190036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326915)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56295_10.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326915/; classtype:trojan-activity;sid:84190015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326916)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7smc-rg01-codigo-de-gobierno-corporativo.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326916/; classtype:trojan-activity;sid:84190016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326917)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1_622699_zm_thero.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326917/; classtype:trojan-activity;sid:84190017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326918)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/womens_day_2022_poster.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326918/; classtype:trojan-activity;sid:84190018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326919)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/instrukcja_instalatora_integra_24_pl.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326919/; classtype:trojan-activity;sid:84190019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326920)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/inofabfinal.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326920/; classtype:trojan-activity;sid:84190020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326921)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cinco-rios-header09.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326921/; classtype:trojan-activity;sid:84190021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326922)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8519-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326922/; classtype:trojan-activity;sid:84190022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326923)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/verb-curl-conditioner-32oz-rve-ver-ccuc32-500x500-1.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326923/; classtype:trojan-activity;sid:84190023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326924)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eur-lex-31991l0155-en.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326924/; classtype:trojan-activity;sid:84190024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326925)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1716-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326925/; classtype:trojan-activity;sid:84190025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326926)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap-community-guidelines-2024-1-7-3.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326926/; classtype:trojan-activity;sid:84190026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326927)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10078631_002_844.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326927/; classtype:trojan-activity;sid:84190027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326928)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rf203912-...pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326928/; classtype:trojan-activity;sid:84190028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326929)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/recognisation-b.ed.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326929/; classtype:trojan-activity;sid:84190029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326930)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/parallax.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326930/; classtype:trojan-activity;sid:84190030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326931)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-optimus-prime.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326931/; classtype:trojan-activity;sid:84190031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326932)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/instructions_for_students_filling_online_admission_form_for_ug_programmes_2023_2024.pdf.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326932/; classtype:trojan-activity;sid:84190032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326933)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ogolne-warunki-uczestnictwa.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326933/; classtype:trojan-activity;sid:84190033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326934)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fluke_testeurs_de_qualite_de_lair_interieur_fr.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326934/; classtype:trojan-activity;sid:84190034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326902)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-212-scaled.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326902/; classtype:trojan-activity;sid:84190002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326903)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.42.19-2-1024x1024.jpeg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326903/; classtype:trojan-activity;sid:84190003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326904)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/co_commerce.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326904/; classtype:trojan-activity;sid:84190004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326905)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57199_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326905/; classtype:trojan-activity;sid:84190005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326906)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6675.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326906/; classtype:trojan-activity;sid:84190006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326907)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/land-river-white.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326907/; classtype:trojan-activity;sid:84190007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326908)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326908/; classtype:trojan-activity;sid:84190008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326909)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-3.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326909/; classtype:trojan-activity;sid:84190009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326910)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery-img4.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326910/; classtype:trojan-activity;sid:84190010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326911)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01rm.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326911/; classtype:trojan-activity;sid:84190011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326912)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgm7457-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326912/; classtype:trojan-activity;sid:84190012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326913)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731504799dc1a24812b399f63019b3bd920849de2.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326913/; classtype:trojan-activity;sid:84190013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326914)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-2018_10_19-extraordinaria.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326914/; classtype:trojan-activity;sid:84190014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326901)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-bmh-32x32.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326901/; classtype:trojan-activity;sid:84190001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326896)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iso9001.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326896/; classtype:trojan-activity;sid:84189996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326898)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gagan-x-pooja-1-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326898/; classtype:trojan-activity;sid:84189998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326899)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-taxation-guide-2024-2.1.6.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326899/; classtype:trojan-activity;sid:84189999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326900)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-concurso-2023.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326900/; classtype:trojan-activity;sid:84190000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326885)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3112678087240.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326885/; classtype:trojan-activity;sid:84189985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326886)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flora-and-vegetation-on-south-el-marj-zone-2011.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326886/; classtype:trojan-activity;sid:84189986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326887)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-ejecutado-2012-en-formato-pdf.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326887/; classtype:trojan-activity;sid:84189987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326888)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7078501_1729693679950.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326888/; classtype:trojan-activity;sid:84189988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326889)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/red-birkin-1677075538.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326889/; classtype:trojan-activity;sid:84189989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8261.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326890/; classtype:trojan-activity;sid:84189990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326891)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clover-mini-3-nfc2.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326891/; classtype:trojan-activity;sid:84189991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326892)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-34.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326892/; classtype:trojan-activity;sid:84189992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326893)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/301.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326893/; classtype:trojan-activity;sid:84189993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326894)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3440-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326894/; classtype:trojan-activity;sid:84189994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326895)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-16-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326895/; classtype:trojan-activity;sid:84189995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326879)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8b60a4728985c211eb4297cbcbd2391a.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326879/; classtype:trojan-activity;sid:84189979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326880)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-11-21-at-10.48.24-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326880/; classtype:trojan-activity;sid:84189980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326881)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/past-awards-1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326881/; classtype:trojan-activity;sid:84189981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326882)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hotel-las-plazas-quito-ecuador-sala2.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326882/; classtype:trojan-activity;sid:84189982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326883)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iso_eng.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326883/; classtype:trojan-activity;sid:84189983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326884)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/events-for-rnb-pop-singers-2.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326884/; classtype:trojan-activity;sid:84189984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326878)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/canal-denuncias-dgenes-revisadoa.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326878/; classtype:trojan-activity;sid:84189978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326873)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/173150482000daaad3e98491e6c433f21c413247e5.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326873/; classtype:trojan-activity;sid:84189973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326874)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-taxation-guide-20244.8.6.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326874/; classtype:trojan-activity;sid:84189974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326875)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/self-assessment-report-sar-1-7.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326875/; classtype:trojan-activity;sid:84189975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326876)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guia-vechain-nft-2024-1-2-7.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326876/; classtype:trojan-activity;sid:84189976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326877)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bci02.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326877/; classtype:trojan-activity;sid:84189977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326863)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/713220745052.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326863/; classtype:trojan-activity;sid:84189963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326864)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-professional-weight-bag-set.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326864/; classtype:trojan-activity;sid:84189964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326865)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie19.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326865/; classtype:trojan-activity;sid:84189965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326866)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/line_album_1-bed-plus-bp1-34-sq.m_230119_15.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326866/; classtype:trojan-activity;sid:84189966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326867)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56221_37.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326867/; classtype:trojan-activity;sid:84189967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326868)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7a631ec0-d0d5-7160-9706-3c5ff2ff4586.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326868/; classtype:trojan-activity;sid:84189968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326869)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guida-fiscale-aave-2024-2-1-6.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326869/; classtype:trojan-activity;sid:84189969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326870)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requiremen.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326870/; classtype:trojan-activity;sid:84189970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326871)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-51.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326871/; classtype:trojan-activity;sid:84189971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326872)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-sheer-10.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326872/; classtype:trojan-activity;sid:84189972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326862)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-s.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:190; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326862/; classtype:trojan-activity;sid:84189962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326859)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00412.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326859/; classtype:trojan-activity;sid:84189959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326860)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5014-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326860/; classtype:trojan-activity;sid:84189960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326861)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-008.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326861/; classtype:trojan-activity;sid:84189961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326854)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/poster-_op_6_cp__1503786260416_64997090_ver1-min.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326854/; classtype:trojan-activity;sid:84189954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326855)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informaci2525252525252525252525252525252525252525c3252525252525252525252525252525252525252593n-proceso-de-admisi2525252525252525252525252525252525252525c3252525252525252525252525252525252525252593n-cupo-explora-unesco-2025-1.pdf.lnk"; http_uri; depth:243; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326855/; classtype:trojan-activity;sid:84189955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326856)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-30-scaled.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326856/; classtype:trojan-activity;sid:84189956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326857)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-neutra-13.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326857/; classtype:trojan-activity;sid:84189957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326858)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/women-s-bags-and-clutches-herme2525cc252580s-usa252b25252810252529.png.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326858/; classtype:trojan-activity;sid:84189958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326846)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bhutan_national_tiger_survey_report_2021-2022_final_website.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326846/; classtype:trojan-activity;sid:84189946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326847)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/balooo.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326847/; classtype:trojan-activity;sid:84189947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55979_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326848/; classtype:trojan-activity;sid:84189948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326849)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formular-de-25252525252525252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525252525252525aenscriere-546.pdf.lnk"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326849/; classtype:trojan-activity;sid:84189949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326850)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cypress-slate-16-2.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326850/; classtype:trojan-activity;sid:84189950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326851)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-tokenomics-report-20244.5.3.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326851/; classtype:trojan-activity;sid:84189951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326852)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-staking-guide-2024-3.0.4.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326852/; classtype:trojan-activity;sid:84189952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326853)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srbija9.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326853/; classtype:trojan-activity;sid:84189953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326844)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-mb404.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326844/; classtype:trojan-activity;sid:84189944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326845)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hellow.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326845/; classtype:trojan-activity;sid:84189945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326841)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-aprobado-2022-ttb-en-formato-pdf.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326841/; classtype:trojan-activity;sid:84189941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326842)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-09-22-at-20.24.27-1-1024x768.jpeg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326842/; classtype:trojan-activity;sid:84189942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326843)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/line_album_1-bed-plus-bp1-34-sq.m_230119_6.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326843/; classtype:trojan-activity;sid:84189943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326839)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paulo-iolovitch-compressed-xpkpms.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326839/; classtype:trojan-activity;sid:84189939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326840)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/305-tvd_p3_depto-sistemas.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326840/; classtype:trojan-activity;sid:84189940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326836)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-435.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326836/; classtype:trojan-activity;sid:84189936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326837)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/portaria_776.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326837/; classtype:trojan-activity;sid:84189937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326838)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.-21.11.2024-per-portalin-24-25.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326838/; classtype:trojan-activity;sid:84189938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326829)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplu.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326829/; classtype:trojan-activity;sid:84189929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326830)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscinas-17-elite-1.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326830/; classtype:trojan-activity;sid:84189930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326831)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/19-1069x800.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326831/; classtype:trojan-activity;sid:84189931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326832)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0782.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326832/; classtype:trojan-activity;sid:84189932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326833)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-3.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326833/; classtype:trojan-activity;sid:84189933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326835)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/planilla-congresos-biobio-2014-2.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326835/; classtype:trojan-activity;sid:84189935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326825)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61m8dbyxupl._ac_uf894252c1000_ql80_.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326825/; classtype:trojan-activity;sid:84189925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326826)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_10n_var.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326826/; classtype:trojan-activity;sid:84189926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326827)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326827/; classtype:trojan-activity;sid:84189927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326828)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326828/; classtype:trojan-activity;sid:84189928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326821)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21271c2a1aa8c33fd15e548d984f7749.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326821/; classtype:trojan-activity;sid:84189921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326822)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asrs_geal_-1.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326822/; classtype:trojan-activity;sid:84189922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326823)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plants-vs-zombies-coloring-pages-all-plants.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326823/; classtype:trojan-activity;sid:84189923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326824)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/american-drill_1_11zon.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326824/; classtype:trojan-activity;sid:84189924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326817)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/festival-mujeres-diciembre-2019.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326817/; classtype:trojan-activity;sid:84189917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9723.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326818/; classtype:trojan-activity;sid:84189918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326819)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1024096_pld_1200x.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326819/; classtype:trojan-activity;sid:84189919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/122943-fv_800x800_crop_center.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326820/; classtype:trojan-activity;sid:84189920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326813)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mayara-de-souza-1-0ftd8f.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326813/; classtype:trojan-activity;sid:84189913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326814)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/467347982_2258361181198508_8326145236437679927_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326814/; classtype:trojan-activity;sid:84189914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326815)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-30-4000has-sector-entre-guerrero-y-santa-monica-4000has-9.jpeg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326815/; classtype:trojan-activity;sid:84189915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326816)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_0251-1170x780.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326816/; classtype:trojan-activity;sid:84189916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326808)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-tanpa-judul-88.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326808/; classtype:trojan-activity;sid:84189908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326809)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sluzbeni_list_25_2024.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326809/; classtype:trojan-activity;sid:84189909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326810)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-tundra-15.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326810/; classtype:trojan-activity;sid:84189910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326811)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/436797841_342763655470474_7459351430371016868_n-1.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326811/; classtype:trojan-activity;sid:84189911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326812)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/71006-lego-the-simpsons-house-inside-light-my-bricks_1000x.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326812/; classtype:trojan-activity;sid:84189912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326805)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/g3_10_vantage_quarter_sidewall_blue.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326805/; classtype:trojan-activity;sid:84189905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326806)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-1-derecho-de-preferencia-2024_signed.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326806/; classtype:trojan-activity;sid:84189906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326807)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/206.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326807/; classtype:trojan-activity;sid:84189907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326801)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniqueandnarrowfocusofchurchapproved7_11_22v4-1.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326801/; classtype:trojan-activity;sid:84189901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326802)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9.-w2000-zw2000-vietnamese.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326802/; classtype:trojan-activity;sid:84189902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326803)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lightning-mcqueen-coloring-pages-printable.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326803/; classtype:trojan-activity;sid:84189903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326804)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-004.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326804/; classtype:trojan-activity;sid:84189904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326799)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/feestfolder-2022-2023.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326799/; classtype:trojan-activity;sid:84189899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326800)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ws.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326800/; classtype:trojan-activity;sid:84189900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rd4328255b0255d.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326792/; classtype:trojan-activity;sid:84189892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326793)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/salida-de-vehiculos-y-pasajeros-mes-de-octubre-de-2024.xlsx.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326793/; classtype:trojan-activity;sid:84189893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326794)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imagen-de-whatsapp-2024-10-06-a-las-17.56.09_5e15ae10.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326794/; classtype:trojan-activity;sid:84189894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326795)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sheffield-color-chart-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326795/; classtype:trojan-activity;sid:84189895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326796)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1680417742_e9pro-510x311-1.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326796/; classtype:trojan-activity;sid:84189896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326797)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_parasut.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326797/; classtype:trojan-activity;sid:84189897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326789)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-412-2022-declarar-la-capacidad-de-leonardo-rodolfo-chura-munoz-y-karen-dallana-flor-cuna-para-contraer-matrimonio-civil-en-la-mdc.pdf.lnk"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326789/; classtype:trojan-activity;sid:84189889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326790)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politica_de_tratamiento_de_datos_personales.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326790/; classtype:trojan-activity;sid:84189890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326791)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-harlow-rd-greening-glade-rear-view.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326791/; classtype:trojan-activity;sid:84189891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8038.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326786/; classtype:trojan-activity;sid:84189886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oferta_combucha_lemoniada.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326787/; classtype:trojan-activity;sid:84189887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-25-at-16.51.11_8f88f55a.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326788/; classtype:trojan-activity;sid:84189888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tricor_flowmeter_large.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326780/; classtype:trojan-activity;sid:84189880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zma-60-cpr-anderson-testosterone-booster.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326781/; classtype:trojan-activity;sid:84189881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-submission-.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:200; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326782/; classtype:trojan-activity;sid:84189882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/512111384756.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326783/; classtype:trojan-activity;sid:84189883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7.png.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326784/; classtype:trojan-activity;sid:84189884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/exam-pr-a-level-samples-scaled.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326785/; classtype:trojan-activity;sid:84189885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resize-2.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326778/; classtype:trojan-activity;sid:84189878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/it_courseoutcome.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326779/; classtype:trojan-activity;sid:84189879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/06.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326774/; classtype:trojan-activity;sid:84189874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b0ee002e-544b-f8a9-ab23-62fc951411d4.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326775/; classtype:trojan-activity;sid:84189875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/planillas-ventanilla-unica-concejo.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326776/; classtype:trojan-activity;sid:84189876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/18-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326777/; classtype:trojan-activity;sid:84189877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326768)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ginger-oil-2442030708-tds.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326768/; classtype:trojan-activity;sid:84189868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cordyceps-plus-funghi-energia-e-salute-2-1.png.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326769/; classtype:trojan-activity;sid:84189869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gaf-pg01_gestion_documental.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326770/; classtype:trojan-activity;sid:84189870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01795-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326771/; classtype:trojan-activity;sid:84189871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pt-canamas-riarasa-sejahtera.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326772/; classtype:trojan-activity;sid:84189872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-ylico-10.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326761/; classtype:trojan-activity;sid:84189861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink_smart_contract_tutorial_2024_5_3_7.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326762/; classtype:trojan-activity;sid:84189862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bci07.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326763/; classtype:trojan-activity;sid:84189863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cimara.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326764/; classtype:trojan-activity;sid:84189864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/declaracion-de-renta-2017.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326765/; classtype:trojan-activity;sid:84189865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-taxation-guide-20241-6-2.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326766/; classtype:trojan-activity;sid:84189866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-de-gestion-documental-terminal-de-transporte.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326767/; classtype:trojan-activity;sid:84189867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58295_24.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326757/; classtype:trojan-activity;sid:84189857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchquerysuami.masjidnurulashri.comcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:248; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326758/; classtype:trojan-activity;sid:84189858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-11.jpeg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326759/; classtype:trojan-activity;sid:84189859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cronograma_comissaosaude.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326760/; classtype:trojan-activity;sid:84189860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326756)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51_iced-choc-3_4-02_retouch.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326756/; classtype:trojan-activity;sid:84189856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ley-y-reglamento-transito.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326753/; classtype:trojan-activity;sid:84189853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nzlztpgs.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326754/; classtype:trojan-activity;sid:84189854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-supply-format-electric-wall-mount-fireplace-5.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326745/; classtype:trojan-activity;sid:84189845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bilans-za-2019-rok.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326746/; classtype:trojan-activity;sid:84189846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eri-junio-2023.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326747/; classtype:trojan-activity;sid:84189847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59906_11.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326748/; classtype:trojan-activity;sid:84189848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sprawozdanie2013.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326749/; classtype:trojan-activity;sid:84189849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326750)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/soos-si-noul-mandat.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326750/; classtype:trojan-activity;sid:84189850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/118080350_10157984111423743_1571234710108984943_o.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326751/; classtype:trojan-activity;sid:84189851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-tbs-2a-1.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326752/; classtype:trojan-activity;sid:84189852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326739)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-outnva-rossignol-rsgl-top-hombre-outdoor-beige-8.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326739/; classtype:trojan-activity;sid:84189839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326740)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-api-documentation-2024-4-6-8.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326740/; classtype:trojan-activity;sid:84189840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326741)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/installation-manual-7012b-7019b.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326741/; classtype:trojan-activity;sid:84189841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/colorker-tangram-5.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326742/; classtype:trojan-activity;sid:84189842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-date-27.09.2024.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326743/; classtype:trojan-activity;sid:84189843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hey-dudes-at-home-image-2-072522-1658765482-1658765482.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326744/; classtype:trojan-activity;sid:84189844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_21.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326737/; classtype:trojan-activity;sid:84189837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326738)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59775.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326738/; classtype:trojan-activity;sid:84189838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kit-installation-graines.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326730/; classtype:trojan-activity;sid:84189830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326731)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tum-hotel-staff-attendance-form-12.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326731/; classtype:trojan-activity;sid:84189831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326732)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_7i_bar.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326732/; classtype:trojan-activity;sid:84189832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pl.pdf.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326733/; classtype:trojan-activity;sid:84189833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4197-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326734/; classtype:trojan-activity;sid:84189834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:212; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326735/; classtype:trojan-activity;sid:84189835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piet.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326736/; classtype:trojan-activity;sid:84189836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-03-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326722/; classtype:trojan-activity;sid:84189822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326723)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1113981994651.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326723/; classtype:trojan-activity;sid:84189823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp9267.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326724/; classtype:trojan-activity;sid:84189824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sof-mn02-plan-institucional-de-emergencia-terminal-sur.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326725/; classtype:trojan-activity;sid:84189825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326726)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6363.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326726/; classtype:trojan-activity;sid:84189826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stabilization.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326727/; classtype:trojan-activity;sid:84189827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/suami.masjidnurulashri.com.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326728/; classtype:trojan-activity;sid:84189828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326729/; classtype:trojan-activity;sid:84189829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-4-8-150x150.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326718/; classtype:trojan-activity;sid:84189818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resoluci252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525b3n-admisibilidad-par-explora-2025-2026-1.pdf.lnk"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326719/; classtype:trojan-activity;sid:84189819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/luminosita252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252580_contrasto-2.jpg.lnk"; http_uri; depth:249; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326720/; classtype:trojan-activity;sid:84189820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana_wallet_setup_guide_2024213.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326721/; classtype:trojan-activity;sid:84189821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-jaket-konveksi-varsitybuat-varsity.jpg.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326715/; classtype:trojan-activity;sid:84189815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-01-de-2021.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326716/; classtype:trojan-activity;sid:84189816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326717)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1697.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326717/; classtype:trojan-activity;sid:84189817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brochure-visio-consulting-.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326714/; classtype:trojan-activity;sid:84189814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326703)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barrera-antiparking-3-scaled.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326703/; classtype:trojan-activity;sid:84189803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326704)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326704/; classtype:trojan-activity;sid:84189804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326705)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d.el_.ed_new_faculty.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326705/; classtype:trojan-activity;sid:84189805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326706)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200311_163328.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326706/; classtype:trojan-activity;sid:84189806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/princess-peach-coloring-pages-free.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326707/; classtype:trojan-activity;sid:84189807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326708)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rekom-disnaker-12-agustus-2021.jpeg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326708/; classtype:trojan-activity;sid:84189808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326710)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monero-staking-guide-20242.5.3.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326710/; classtype:trojan-activity;sid:84189810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326711)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525255bsoftwarenameandversion252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525255d.pdf.lnk"; http_uri; depth:253; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326711/; classtype:trojan-activity;sid:84189811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326712)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arch_xl_specs.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326712/; classtype:trojan-activity;sid:84189812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326713)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image6.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326713/; classtype:trojan-activity;sid:84189813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326699)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57658_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326699/; classtype:trojan-activity;sid:84189799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326700)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nagata-drill_2_11zon-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326700/; classtype:trojan-activity;sid:84189800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326701)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp3991.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326701/; classtype:trojan-activity;sid:84189801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326702)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57786_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326702/; classtype:trojan-activity;sid:84189802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandeep-x-ankita.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326693/; classtype:trojan-activity;sid:84189793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326695)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informaci25252525252525252525252525252525252525c32525252525252525252525252525252525252593n-proceso-de-admisi25252525252525252525252525252525252525c32525252525252525252525252525252525252593n-cupo-explora-unesco-2025-1.pdf.lnk"; http_uri; depth:235; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326695/; classtype:trojan-activity;sid:84189795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326696)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/z4122776638916_b8536697d28cd62030d991d9162f14f4-1-741x1024.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326696/; classtype:trojan-activity;sid:84189796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326697)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13-decret-2004-687-se-ore.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326697/; classtype:trojan-activity;sid:84189797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326688)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20241114-wa0056.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326688/; classtype:trojan-activity;sid:84189788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326689)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_9b_var-1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326689/; classtype:trojan-activity;sid:84189789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326690)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/382986880_892028609314167_6647221943001756651_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326690/; classtype:trojan-activity;sid:84189790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326691)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/173047379583261ad5a407e5b43c6c16e02ded5235.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326691/; classtype:trojan-activity;sid:84189791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326686)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326686/; classtype:trojan-activity;sid:84189786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326687)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290a_290b-instrukcja-obslugi-i-montazu-user-manual.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326687/; classtype:trojan-activity;sid:84189787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326681)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-sac-de-pansage-grooming-bag-v0-acvbiiypiuub1.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326681/; classtype:trojan-activity;sid:84189781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326682)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pexels-max-rahubovskiy-7018821.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326682/; classtype:trojan-activity;sid:84189782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326683)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kurtulusvakfi_tesis.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326683/; classtype:trojan-activity;sid:84189783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326676)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-lumina-4.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326676/; classtype:trojan-activity;sid:84189776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326677)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_baby-terry.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326677/; classtype:trojan-activity;sid:84189777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326678)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cinco-rios-header07.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326678/; classtype:trojan-activity;sid:84189778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326679)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/regulamin-bocznicy-chrusciel.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326679/; classtype:trojan-activity;sid:84189779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326680)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-pipe-2024.docx.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326680/; classtype:trojan-activity;sid:84189780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326674)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bg_3-3-2.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326674/; classtype:trojan-activity;sid:84189774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.-18.11.2024-per-portalin-24-25.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326675/; classtype:trojan-activity;sid:84189775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3_ws2-apple-watch-tray-sensors-zw1051-52-merchandising-guide-thai.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326665/; classtype:trojan-activity;sid:84189765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326666)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/o249526i111465-1468.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326666/; classtype:trojan-activity;sid:84189766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326667)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/persian-singers-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326667/; classtype:trojan-activity;sid:84189767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326668)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nikhil-x-pakhi-8-min.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326668/; classtype:trojan-activity;sid:84189768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326669)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pre-and-post-admission-counselling-activity_10_11zon.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326669/; classtype:trojan-activity;sid:84189769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326670)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/calendario-rfeta-22-23-202210216658.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326670/; classtype:trojan-activity;sid:84189770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326671)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gp-header05.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326671/; classtype:trojan-activity;sid:84189771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326672)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326672/; classtype:trojan-activity;sid:84189772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326673)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rezultate-finale-concurs-recrutare-inspector-i-principal-compartimentul-secretariat-si-informarea-cetateanului.pdf.lnk"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326673/; classtype:trojan-activity;sid:84189773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326661)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12.-zips-4-port-alarm-unit-indonesia.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326661/; classtype:trojan-activity;sid:84189761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-07-06-at-13.00.11-2.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326662/; classtype:trojan-activity;sid:84189762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guida-al-cosmos-staking-20241.4.0.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326663/; classtype:trojan-activity;sid:84189763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/electricite-3.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326664/; classtype:trojan-activity;sid:84189764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oxford_3_11zon.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326658/; classtype:trojan-activity;sid:84189758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-9-rancho-el-pozo-zaragoza-coahuila-3.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326659/; classtype:trojan-activity;sid:84189759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6692.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326660/; classtype:trojan-activity;sid:84189760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/46837467.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326653/; classtype:trojan-activity;sid:84189753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/detail-rail-skirt-hardware-01.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326654/; classtype:trojan-activity;sid:84189754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/himanshu-x-yogita-7-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326656/; classtype:trojan-activity;sid:84189756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-1.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326657/; classtype:trojan-activity;sid:84189757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejemplo-declaracion-jurada-de-observancia-de-condiciones-de-seguridad.pdf.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326647/; classtype:trojan-activity;sid:84189747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/18-041_modelo-1024x630.png.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326648/; classtype:trojan-activity;sid:84189748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59814_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326649/; classtype:trojan-activity;sid:84189749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primary-section-annual-function-1.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326651/; classtype:trojan-activity;sid:84189751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-4.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326652/; classtype:trojan-activity;sid:84189752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-e-z-up-rain-gutter.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326646/; classtype:trojan-activity;sid:84189746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sige-pag-web_columna-extraible-300-y-600-greenline-sige.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326643/; classtype:trojan-activity;sid:84189743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tavuk-durum-scaled.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326644/; classtype:trojan-activity;sid:84189744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/201-tvd_p2_depto-financiero.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326645/; classtype:trojan-activity;sid:84189745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tu-parque-acceso-2.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326642/; classtype:trojan-activity;sid:84189742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-scaled.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326636/; classtype:trojan-activity;sid:84189736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/newsflash-16th-27th-september-2024-1.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326637/; classtype:trojan-activity;sid:84189737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iss3.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326638/; classtype:trojan-activity;sid:84189738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-485.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326639/; classtype:trojan-activity;sid:84189739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/grs-certificato.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326640/; classtype:trojan-activity;sid:84189740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pemkot-bandung-terima-1146-sertifikat-hak-pakai-dari-bpn-1-2.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326641/; classtype:trojan-activity;sid:84189741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/30-06-20language-quiz.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326629/; classtype:trojan-activity;sid:84189729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cmcp530a.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326630/; classtype:trojan-activity;sid:84189730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/erata-la-anuntul-nr.-41472-30.05.2023.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326631/; classtype:trojan-activity;sid:84189731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-ejecucion-presupuestal-a-marzo-2020-formato-pdf.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326632/; classtype:trojan-activity;sid:84189732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-41.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326633/; classtype:trojan-activity;sid:84189733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/veo.pdf.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326634/; classtype:trojan-activity;sid:84189734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spinach-cheese.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326635/; classtype:trojan-activity;sid:84189735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1730990563c1ab3616d8d938a891e9021a71e1ffdc.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326628/; classtype:trojan-activity;sid:84189728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink_security_best_practices_20245.1.3.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326623/; classtype:trojan-activity;sid:84189723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-governance-proposal-2024-5-9-9.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326624/; classtype:trojan-activity;sid:84189724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/transitions-2020-ed-5-10-24-vol-173-mx-03-7-scaled.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326625/; classtype:trojan-activity;sid:84189725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0734-2.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326626/; classtype:trojan-activity;sid:84189726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1700.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326627/; classtype:trojan-activity;sid:84189727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/387757241_2276521035874385_839903181122754179_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326617/; classtype:trojan-activity;sid:84189717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-make-erections-last-longer-when-using-cialis.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326618/; classtype:trojan-activity;sid:84189718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326619/; classtype:trojan-activity;sid:84189719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pro-roller-bag-brochure.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326620/; classtype:trojan-activity;sid:84189720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koy1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326621/; classtype:trojan-activity;sid:84189721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sherry-brookes-armada-avenue-8.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326613/; classtype:trojan-activity;sid:84189713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-3.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326614/; classtype:trojan-activity;sid:84189714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dismissal-order.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326615/; classtype:trojan-activity;sid:84189715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190927_130611-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326607/; classtype:trojan-activity;sid:84189707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coem-reverso-3.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326608/; classtype:trojan-activity;sid:84189708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tagreuters.com2023binary_lynxmpej420y3-filedimage-e1683225010388-84cfq1.jpeg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326609/; classtype:trojan-activity;sid:84189709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60080_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326610/; classtype:trojan-activity;sid:84189710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bcaa-8-1-1_luxury_nutrition-removebg-preview.png.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326611/; classtype:trojan-activity;sid:84189711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmd-ltb-4a-1.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326606/; classtype:trojan-activity;sid:84189706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6_april-2015.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326605/; classtype:trojan-activity;sid:84189705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moldes-fofolete-feltro.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326603/; classtype:trojan-activity;sid:84189703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1709.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326604/; classtype:trojan-activity;sid:84189704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/funci252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525b3nfiscal-2.png.lnk"; http_uri; depth:265; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326595/; classtype:trojan-activity;sid:84189695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f.1-cerere-pentru-emiterea-certificatului-de-urbanism.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326596/; classtype:trojan-activity;sid:84189696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cj-gls.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326597/; classtype:trojan-activity;sid:84189697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_kelly_dog_bracelet_bleu_saphir_swift_ghw-1__38327.1655288465.jpg.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326598/; classtype:trojan-activity;sid:84189698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/104283410_10157811135333743_5895274330152942750_o.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326599/; classtype:trojan-activity;sid:84189699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/male.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326600/; classtype:trojan-activity;sid:84189700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-pptal-junio-2020.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326601/; classtype:trojan-activity;sid:84189701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/heavy-petal.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326587/; classtype:trojan-activity;sid:84189687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1002635.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326588/; classtype:trojan-activity;sid:84189688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/verb-curl-shampoo-12oz-rve-ver-ccus12-228x228-1.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326589/; classtype:trojan-activity;sid:84189689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/custom-ar-old-glory-cerakote-2.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326590/; classtype:trojan-activity;sid:84189690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kann-ich-l-arginin-und-viagra-zusammen-einnehmen.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326591/; classtype:trojan-activity;sid:84189691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lavandula-angustifolia-oil-2442060301-tds.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326592/; classtype:trojan-activity;sid:84189692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-festival-de-teatro-2017.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326593/; classtype:trojan-activity;sid:84189693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.37.23-1-1024x1024.jpeg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326574/; classtype:trojan-activity;sid:84189674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-whitepaper-2024-3-6-4.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326575/; classtype:trojan-activity;sid:84189675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viaggio_antarctica-patagonia-argentina-classica_05.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326576/; classtype:trojan-activity;sid:84189676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10plan-de-servicio-al-ciudadano.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326577/; classtype:trojan-activity;sid:84189677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/crianzas-susy-shock.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326578/; classtype:trojan-activity;sid:84189678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majocchi-politica-ambientale-1.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326579/; classtype:trojan-activity;sid:84189679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bcfb76bc-f916-4069-918f-d6a989865df0-e1704398422646.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326580/; classtype:trojan-activity;sid:84189680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp5981.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326581/; classtype:trojan-activity;sid:84189681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/07-1.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326582/; classtype:trojan-activity;sid:84189682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-cambios-en-la-situacion-financiera-2015.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326583/; classtype:trojan-activity;sid:84189683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdcmx-puebla5.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326584/; classtype:trojan-activity;sid:84189684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msl3323810_4.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326585/; classtype:trojan-activity;sid:84189685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sac-a-main-hermes-garden-party-en-toile-bleu-26810941-5_2.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326586/; classtype:trojan-activity;sid:84189686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-dev.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326565/; classtype:trojan-activity;sid:84189665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-copia.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326566/; classtype:trojan-activity;sid:84189666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-sandpiper-2017-kitchen-48.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326567/; classtype:trojan-activity;sid:84189667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-41.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326568/; classtype:trojan-activity;sid:84189668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/item3-1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326569/; classtype:trojan-activity;sid:84189669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fus-mm.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326570/; classtype:trojan-activity;sid:84189670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-rompibuat-rompi-safety.jpg.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326571/; classtype:trojan-activity;sid:84189671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pub-rev-aus.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326572/; classtype:trojan-activity;sid:84189672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_cuentos_interculturales.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326573/; classtype:trojan-activity;sid:84189673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57832_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326552/; classtype:trojan-activity;sid:84189652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/itapua-13.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326553/; classtype:trojan-activity;sid:84189653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultadonorteciencia.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326554/; classtype:trojan-activity;sid:84189654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/directory-form.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326555/; classtype:trojan-activity;sid:84189655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oficio-4296-2023-gms-mp-andahuyalas-apurimac-1.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326556/; classtype:trojan-activity;sid:84189656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mora1.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326557/; classtype:trojan-activity;sid:84189657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-93.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326558/; classtype:trojan-activity;sid:84189658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-governance-proposal-2024-3-9-1.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326559/; classtype:trojan-activity;sid:84189659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200803_133124.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326560/; classtype:trojan-activity;sid:84189660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eco_foto-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326561/; classtype:trojan-activity;sid:84189661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-6-1200x800.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326562/; classtype:trojan-activity;sid:84189662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-r.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:246; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326563/; classtype:trojan-activity;sid:84189663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aloevera-scrub-70-off-700x700-1.png.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326564/; classtype:trojan-activity;sid:84189664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326533)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/63392_0.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326533/; classtype:trojan-activity;sid:84189633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/affirmed-cyber-next-gen-data-diode.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326534/; classtype:trojan-activity;sid:84189634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bdf9e5b0951da34977bb260ed577e447.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326535/; classtype:trojan-activity;sid:84189635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326537)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dise25252525252525252525252525252525252525c325252525252525252525252525252525252525b1o-sin-t25252525252525252525252525252525252525c325252525252525252525252525252525252525adtulo-5.png.lnk"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326537/; classtype:trojan-activity;sid:84189637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190615_093407_1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326539/; classtype:trojan-activity;sid:84189639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/trsuqfz3y0q-hhw89s.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326540/; classtype:trojan-activity;sid:84189640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vans-skate-old-skool-schuhe-black-gum-20210309160722-1.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326541/; classtype:trojan-activity;sid:84189641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1dwm_900.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326542/; classtype:trojan-activity;sid:84189642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7749-2250-x-1500-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326543/; classtype:trojan-activity;sid:84189643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326544)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-jaket-konveksi-bomber-shopee-buat-bomber.jpg.lnk"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326544/; classtype:trojan-activity;sid:84189644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326545)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-kemeja-konveksi-pdl-buat-pdl.jpg.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326545/; classtype:trojan-activity;sid:84189645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/100-solicitud-certificado-propiedad-por-extravio-de-chapa.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326546/; classtype:trojan-activity;sid:84189646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mixed-berry-angled-768x768.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326547/; classtype:trojan-activity;sid:84189647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/planilha-das-vagas-14-11.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326548/; classtype:trojan-activity;sid:84189648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rttc-college-1-6.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326549/; classtype:trojan-activity;sid:84189649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryanytile.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326550/; classtype:trojan-activity;sid:84189650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lazar-licenoski_ribi-1940_maslo-na-lesonit_48x72.png.png.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326551/; classtype:trojan-activity;sid:84189651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6362.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326521/; classtype:trojan-activity;sid:84189621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4_ws2-w2000-apple-watch-flex-tray-sensors-merchandising-guide-thai.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326522/; classtype:trojan-activity;sid:84189622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.30.10.2024-per-portalin-24-25.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326523/; classtype:trojan-activity;sid:84189623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pembinaan-ypa.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326524/; classtype:trojan-activity;sid:84189624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326525)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/konveksi-seragam-wearpack-by-ores-konveksi.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326525/; classtype:trojan-activity;sid:84189625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide-de-mise-en-jeu-de-monero-20241.7.2.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326526/; classtype:trojan-activity;sid:84189626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-3.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326527/; classtype:trojan-activity;sid:84189627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7427078_orig.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326528/; classtype:trojan-activity;sid:84189628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/building-stability-certificate.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326529/; classtype:trojan-activity;sid:84189629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326530)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20181112_125340.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326530/; classtype:trojan-activity;sid:84189630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/114579818020.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326531/; classtype:trojan-activity;sid:84189631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326532)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/events-for-rnb-pop-singers-3.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326532/; classtype:trojan-activity;sid:84189632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landscapes-10.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326509/; classtype:trojan-activity;sid:84189609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.a.english.learningoutcomes.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326510/; classtype:trojan-activity;sid:84189610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tabla-de-retencion-documental-concejo.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326511/; classtype:trojan-activity;sid:84189611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326512/; classtype:trojan-activity;sid:84189612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pazrk-hals.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326513/; classtype:trojan-activity;sid:84189613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326514)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20160420_132854-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326514/; classtype:trojan-activity;sid:84189614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2023-garbage-bin-specs-and-prices-march-30-2023.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326515/; classtype:trojan-activity;sid:84189615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17316792269cb56802be26953e6d42d4f11619ca5f.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326516/; classtype:trojan-activity;sid:84189616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1455-wr.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326517/; classtype:trojan-activity;sid:84189617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/346474759_6323333931081920_6088765324664994123_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326518/; classtype:trojan-activity;sid:84189618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presentcard-1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326519/; classtype:trojan-activity;sid:84189619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15.-requisitos-para-tramite-de-supervivencia-de-adulto-mayor.docx.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326520/; classtype:trojan-activity;sid:84189620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326503)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/woocommerce-placeholder-700x700.png.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326503/; classtype:trojan-activity;sid:84189603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arabika-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326504/; classtype:trojan-activity;sid:84189604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326505)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jss_powerpro_j19_platinum_brushedgray_iso.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326505/; classtype:trojan-activity;sid:84189605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lily_asiatic-white.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326506/; classtype:trojan-activity;sid:84189606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326507)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1661-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326507/; classtype:trojan-activity;sid:84189607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2c3cfe0e-a9f7-4065-a514-5d71e9600e0d.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326508/; classtype:trojan-activity;sid:84189608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326493)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-pipe-atacama.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326493/; classtype:trojan-activity;sid:84189593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326494)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/06_origin-soho-bkk_swimming-pool_final-1.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326494/; classtype:trojan-activity;sid:84189594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326495)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano_tokenomics_report_2024_4.9.5.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326495/; classtype:trojan-activity;sid:84189595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326496)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/celex-02006r1907-20150925-ro-txt.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326496/; classtype:trojan-activity;sid:84189596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326497)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58049_35.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326497/; classtype:trojan-activity;sid:84189597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326498)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_12b_var.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326498/; classtype:trojan-activity;sid:84189598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326499)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_herbag__backpack_vintag_1617259194_c8c1a3c4_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326499/; classtype:trojan-activity;sid:84189599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326500)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/public-relations-needs-empirical-public-relations.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326500/; classtype:trojan-activity;sid:84189600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326501)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-62-radicado-5132102024-nombre-peticionario-luis-hernando-pelaez-gonzalez.pdf.lnk"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326501/; classtype:trojan-activity;sid:84189601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326502)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ev-1c-escrito-ingenieria-y-tecnologia-crecyt-2019_20-05-19.docx.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326502/; classtype:trojan-activity;sid:84189602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326477)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2913981994673.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326477/; classtype:trojan-activity;sid:84189577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326478)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto3-1-scaled-e1666447832455.jpeg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326478/; classtype:trojan-activity;sid:84189578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326479)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3m-2097-tds.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326479/; classtype:trojan-activity;sid:84189579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326480)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/05-1.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326480/; classtype:trojan-activity;sid:84189580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326481)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/conflict-of-interest-management-policy-2012.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326481/; classtype:trojan-activity;sid:84189581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326482)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-03-06-at-22.54.54.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326482/; classtype:trojan-activity;sid:84189582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326483)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xvi-concurso-arte-y-ciencia-2.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326483/; classtype:trojan-activity;sid:84189583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326484)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/about1.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326484/; classtype:trojan-activity;sid:84189584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326485)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3287-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326485/; classtype:trojan-activity;sid:84189585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326486)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/loctite-lb-771-tds.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326486/; classtype:trojan-activity;sid:84189586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326487)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/picture3-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326487/; classtype:trojan-activity;sid:84189587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326488)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdcmx-puebla6.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326488/; classtype:trojan-activity;sid:84189588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/itapua-02-rotated.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326489/; classtype:trojan-activity;sid:84189589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326490)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc00961.arw_.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326490/; classtype:trojan-activity;sid:84189590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326491)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sprawozdanie2010.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326491/; classtype:trojan-activity;sid:84189591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326492)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326492/; classtype:trojan-activity;sid:84189592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326470)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p09.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326470/; classtype:trojan-activity;sid:84189570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326471)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b1000-1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326471/; classtype:trojan-activity;sid:84189571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326472)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aakanksha-x-vivek-2-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326472/; classtype:trojan-activity;sid:84189572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326473)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kaos-kerah-o-neck_7_11zon.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326473/; classtype:trojan-activity;sid:84189573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326474)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/copia-de-copia-de-hebe-2-vdeadl.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326474/; classtype:trojan-activity;sid:84189574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326475)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dpdf-1-4mpfpo.jpeg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326475/; classtype:trojan-activity;sid:84189575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326476)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vibration-systems-from-9-n-to-400-n.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326476/; classtype:trojan-activity;sid:84189576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326465)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eagle-fr-authorization-letter.png.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326465/; classtype:trojan-activity;sid:84189565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326466)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17174297357ad965f814b14d363e8bed567eb49fef.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326466/; classtype:trojan-activity;sid:84189566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326467)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pewter-gray.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326467/; classtype:trojan-activity;sid:84189567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326468)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58897_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326468/; classtype:trojan-activity;sid:84189568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326469)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-eureka-2024.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326469/; classtype:trojan-activity;sid:84189569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326457)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ad8163c6-7595-dfbe-e34c-df9bc4c4f20a.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326457/; classtype:trojan-activity;sid:84189557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326458)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfin-top-20-stockholders-as-of-december-31-2020.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326458/; classtype:trojan-activity;sid:84189558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326459)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112645370034.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326459/; classtype:trojan-activity;sid:84189559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326460)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/04-4.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326460/; classtype:trojan-activity;sid:84189560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326461)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/studio.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326461/; classtype:trojan-activity;sid:84189561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326462)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preguntas-frecuentes-cupo-explora-unesco-admisio252525252525252525252525252525cc25252525252525252525252525252581n-2025.pdf.lnk"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326462/; classtype:trojan-activity;sid:84189562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326463)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gts-po03-politica-de-uso-de-elementos-de-proteccion-epp-v1.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326463/; classtype:trojan-activity;sid:84189563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326464)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hhhh_191.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326464/; classtype:trojan-activity;sid:84189564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326448)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/red-two.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326448/; classtype:trojan-activity;sid:84189548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326449)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1198.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326449/; classtype:trojan-activity;sid:84189549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326450)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c5bd74d6-f7cb-e418-7c89-0c76c0d443c3.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326450/; classtype:trojan-activity;sid:84189550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326451)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/andaina2.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326451/; classtype:trojan-activity;sid:84189551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326452)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ccv-calvin17-rossignol-rsgl-tercera-capa-parka-mujer-negra3.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326452/; classtype:trojan-activity;sid:84189552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326453)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryadministration-executive.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:250; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326453/; classtype:trojan-activity;sid:84189553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326454)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tower-hamlets-communty-project-img-8-408x544-1.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326454/; classtype:trojan-activity;sid:84189554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326455)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20190917-wa0010.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326455/; classtype:trojan-activity;sid:84189555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326456)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ficha_tecnica.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326456/; classtype:trojan-activity;sid:84189556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326433)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/post-2e0aeff06dbd23672e43c4028ee3366463ee40c65dc7e5fad8238f92.webp.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326433/; classtype:trojan-activity;sid:84189533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326434)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politica-de-sostenibilidad-diagramada_v3.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326434/; classtype:trojan-activity;sid:84189534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326435)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/posecheckin-2.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326435/; classtype:trojan-activity;sid:84189535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326436)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viagra-vs-cialis-cual-es-mejor.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326436/; classtype:trojan-activity;sid:84189536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326437)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baby-yoda-coloring-sheet-10.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326437/; classtype:trojan-activity;sid:84189537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326438)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14c42b2ef25a17b1923b12e5ea8de7aa.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326438/; classtype:trojan-activity;sid:84189538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326439)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0727-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326439/; classtype:trojan-activity;sid:84189539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326440)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultado-integral_2017.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326440/; classtype:trojan-activity;sid:84189540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adobestock-516039642.jpeg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326441/; classtype:trojan-activity;sid:84189541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326442)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ckkurumsal01b.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326442/; classtype:trojan-activity;sid:84189542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326443)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/avo-smash-halloumi-retouched-1-3.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326443/; classtype:trojan-activity;sid:84189543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326444)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kelly-twist-bracelet-small-model--011078cc18-worn-3-0-0-800-800_g.jpg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326444/; classtype:trojan-activity;sid:84189544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326445)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-undf-fachada-campus-norte-2-1-nabsul.jpeg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326445/; classtype:trojan-activity;sid:84189545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326446)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/itapua-12.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326446/; classtype:trojan-activity;sid:84189546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326447)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-267-aprueba-el-texto-unico-de-procedimientos-administrativos-tupa-2019-de-la-municipalidad-distrital-de-cayma.pdf.lnk"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326447/; classtype:trojan-activity;sid:84189547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326430)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-community-guidelines-2024364.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326430/; classtype:trojan-activity;sid:84189530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326431)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chaveiro-unicornio-em-feltro.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326431/; classtype:trojan-activity;sid:84189531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326432)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baby-yoda-coloring-sheet-6.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326432/; classtype:trojan-activity;sid:84189532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326422)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-eliminatorias-trofeo-ciutat-de-lleida.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326422/; classtype:trojan-activity;sid:84189522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326423)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/service-ac-bekasi-timur.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326423/; classtype:trojan-activity;sid:84189523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326424)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59980_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326424/; classtype:trojan-activity;sid:84189524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326425)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-defi-protocol-documentation-2024-5-4-7.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326425/; classtype:trojan-activity;sid:84189525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326426)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bf_update2021_web-1.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326426/; classtype:trojan-activity;sid:84189526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326427)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-de.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326427/; classtype:trojan-activity;sid:84189527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326428/; classtype:trojan-activity;sid:84189528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326429)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bvc-2022.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326429/; classtype:trojan-activity;sid:84189529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326413)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1658362860.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326413/; classtype:trojan-activity;sid:84189513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326414)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-integral-diciembre_2016.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326414/; classtype:trojan-activity;sid:84189514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326415)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59375_32.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326415/; classtype:trojan-activity;sid:84189515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326416)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/facebook-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326416/; classtype:trojan-activity;sid:84189516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326417)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-9.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326417/; classtype:trojan-activity;sid:84189517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326418)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/yxuu44wr6au_436084-wgby0z.jpeg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326418/; classtype:trojan-activity;sid:84189518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326419)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3016901.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326419/; classtype:trojan-activity;sid:84189519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326420)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52287153_6429.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326420/; classtype:trojan-activity;sid:84189520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/www.pharmaself24.it_-1.mp4.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326421/; classtype:trojan-activity;sid:84189521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326404)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ransflex-500-b.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326404/; classtype:trojan-activity;sid:84189504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326405)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estados2005.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326405/; classtype:trojan-activity;sid:84189505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326406)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0881.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326406/; classtype:trojan-activity;sid:84189506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326407)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-market-analysis-report-2024-4.9.4.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326407/; classtype:trojan-activity;sid:84189507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326408)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112111384756.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326408/; classtype:trojan-activity;sid:84189508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326409)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d_nq_np_761829-mlv46977257919_082021-o.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326409/; classtype:trojan-activity;sid:84189509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326410)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-bag-30-ostrich_birkin-bags-for-men_paris-m-str-s23-0906-768x1152.webp.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326410/; classtype:trojan-activity;sid:84189510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326411)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23511207_1592237370842553_2377414800672575084_o.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326411/; classtype:trojan-activity;sid:84189511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326412)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-8.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326412/; classtype:trojan-activity;sid:84189512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326395)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-ecosystem-report-2024-4.8.8.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326395/; classtype:trojan-activity;sid:84189495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326396)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f180c537-de26-437a-94da-8c88526aaf5a-1500x1500.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326396/; classtype:trojan-activity;sid:84189496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326397)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryadministration-executive.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326397/; classtype:trojan-activity;sid:84189497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326398)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lista-edukim-fizik.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326398/; classtype:trojan-activity;sid:84189498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326399)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_15.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326399/; classtype:trojan-activity;sid:84189499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326400)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit252525252525252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525252525252525a0-b-8.pdf.lnk"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326400/; classtype:trojan-activity;sid:84189500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326401)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-submission-e.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326401/; classtype:trojan-activity;sid:84189501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326402)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/declaratie-de-avere-alexa-anghelus-ion.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326402/; classtype:trojan-activity;sid:84189502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326403)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/71006_alt3.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326403/; classtype:trojan-activity;sid:84189503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326386)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gm-flex-fuel-order.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326386/; classtype:trojan-activity;sid:84189486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326387)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bvc-rectificare-septembrie-2023-hcl-nr.119-din-27.09.2023-1.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326387/; classtype:trojan-activity;sid:84189487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326388)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aqar-2016-17.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326388/; classtype:trojan-activity;sid:84189488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326389)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0967.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326389/; classtype:trojan-activity;sid:84189489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326390)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dokumentasi-simpus.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326390/; classtype:trojan-activity;sid:84189490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326391)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49700_14.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326391/; classtype:trojan-activity;sid:84189491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326392)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oks-4220-msds.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326392/; classtype:trojan-activity;sid:84189492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326393)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/grs_04_11.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326393/; classtype:trojan-activity;sid:84189493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326394)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-35-de-2024-1.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326394/; classtype:trojan-activity;sid:84189494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326377)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1d7972714555d89e323a9f4150845bc4.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326377/; classtype:trojan-activity;sid:84189477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326378)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/regulament-jjif-fighting-rou.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326378/; classtype:trojan-activity;sid:84189478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326379)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-energy-saving-dne811.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326379/; classtype:trojan-activity;sid:84189479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ap431e.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326380/; classtype:trojan-activity;sid:84189480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gp-header03.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326381/; classtype:trojan-activity;sid:84189481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standee-dien-thoai-3.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326383/; classtype:trojan-activity;sid:84189483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326384)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-21.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326384/; classtype:trojan-activity;sid:84189484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326385)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/justificativa-da-campanha.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326385/; classtype:trojan-activity;sid:84189485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326376)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/praktika-profesionale-2023-24.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326376/; classtype:trojan-activity;sid:84189476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326365)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/google.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326365/; classtype:trojan-activity;sid:84189465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326366)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plastic-sheeting-sunline-price-list-for-accessories.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326366/; classtype:trojan-activity;sid:84189466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326367)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1822.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326367/; classtype:trojan-activity;sid:84189467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326368)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/autumn-newsletter-2024.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326368/; classtype:trojan-activity;sid:84189468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326369)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j4a4006-1-scaled.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326369/; classtype:trojan-activity;sid:84189469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326370)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscina-fibra-romana-elite.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326370/; classtype:trojan-activity;sid:84189470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326371)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clinical-studies-polyfenols-january-29th-2019-1.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326371/; classtype:trojan-activity;sid:84189471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326372)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/louis-vuitton-pool-pillow-comfort-sandals--am5s9apc20_pm2_front252520view.jpg.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326372/; classtype:trojan-activity;sid:84189472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326373)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51ehni54drl._sy450_.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326373/; classtype:trojan-activity;sid:84189473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326374)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/400-subgerencia-juridica.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326374/; classtype:trojan-activity;sid:84189474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326375)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clase-explora-24-septiembre-2021.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326375/; classtype:trojan-activity;sid:84189475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326362)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the-mermaid-hunters-preview.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326362/; classtype:trojan-activity;sid:84189462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326363)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/melly-grey-polished.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326363/; classtype:trojan-activity;sid:84189463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326364)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryconvocatorian.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326364/; classtype:trojan-activity;sid:84189464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326352)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/513485015112.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326352/; classtype:trojan-activity;sid:84189452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326353)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sikaproductos.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326353/; classtype:trojan-activity;sid:84189453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326354)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galeri3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326354/; classtype:trojan-activity;sid:84189454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326355)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iqac_meeting_iv-2.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326355/; classtype:trojan-activity;sid:84189455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326356)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-audit-report-2024-3-4-6.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326356/; classtype:trojan-activity;sid:84189456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326357)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/captain-cook-fishing25.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326357/; classtype:trojan-activity;sid:84189457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326358)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6679.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326358/; classtype:trojan-activity;sid:84189458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326359)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fiche-technique-dalle-alveolee-best-beton.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326359/; classtype:trojan-activity;sid:84189459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326360)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-07-16-at-12.49.50-am.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326360/; classtype:trojan-activity;sid:84189460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326361)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-3.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326361/; classtype:trojan-activity;sid:84189461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326341)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boletin_agosto_2016-parexplorarmnorte.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326341/; classtype:trojan-activity;sid:84189441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326342)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-02-19-at-20.21.38-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326342/; classtype:trojan-activity;sid:84189442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20241023_144151.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326343/; classtype:trojan-activity;sid:84189443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326344)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/512259768173.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326344/; classtype:trojan-activity;sid:84189444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326345)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bearnmini.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326345/; classtype:trojan-activity;sid:84189445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326346)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/173031162255777aa34281b118565a8a9ef770a738.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326346/; classtype:trojan-activity;sid:84189446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326347)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cmg-color-chart.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326347/; classtype:trojan-activity;sid:84189447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326348)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-20-at-09.13.55-4.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326348/; classtype:trojan-activity;sid:84189448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326349)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imagen-cake-maker-cooking-games-0thumb.jpeg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326349/; classtype:trojan-activity;sid:84189449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326350)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/squad_912_-_23-mj-0334_redacted_complaint_signed.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326350/; classtype:trojan-activity;sid:84189450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326351)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/remote-control-1.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326351/; classtype:trojan-activity;sid:84189451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326332)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01764.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326332/; classtype:trojan-activity;sid:84189432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326333)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchquerypl.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:228; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326333/; classtype:trojan-activity;sid:84189433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326334)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3469-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326334/; classtype:trojan-activity;sid:84189434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326335)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/convenio-mapfre12.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326335/; classtype:trojan-activity;sid:84189435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326336)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1262268-scaled.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326336/; classtype:trojan-activity;sid:84189436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326337)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-268.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326337/; classtype:trojan-activity;sid:84189437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326338)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iqac11april2018.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326338/; classtype:trojan-activity;sid:84189438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326339)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unknown.jpeg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326339/; classtype:trojan-activity;sid:84189439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326340)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/os_ss_4_480x480.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326340/; classtype:trojan-activity;sid:84189440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326327)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20240122-plan-anticorrupcion-y-de-atencion-al-ciudadano-paac-2024_version_0.pdf.lnk"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326327/; classtype:trojan-activity;sid:84189427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326328)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-final-md.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326328/; classtype:trojan-activity;sid:84189428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326329)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ttsa-informe-de-empalme-3-balance-estrategico.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326329/; classtype:trojan-activity;sid:84189429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326330)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cute-my-melody-coloring-pages.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326330/; classtype:trojan-activity;sid:84189430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326331)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_jane_birkin_2_e1_f43_t_abaca_press_alamy_stock_photo_copy_70f466131e.webp.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326331/; classtype:trojan-activity;sid:84189431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326320)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17289140122f588cce2008b79a0a6fd471bbbee881.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326320/; classtype:trojan-activity;sid:84189420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326321)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17314455257545fcbe85eb23c60d673f73b0a117ea.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326321/; classtype:trojan-activity;sid:84189421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/product-20-2-min.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326322/; classtype:trojan-activity;sid:84189422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326323)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-risk-assessment-report-2024-2-8-9.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326323/; classtype:trojan-activity;sid:84189423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326324)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-255.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326324/; classtype:trojan-activity;sid:84189424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326325)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_19.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326325/; classtype:trojan-activity;sid:84189425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326326)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58457_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326326/; classtype:trojan-activity;sid:84189426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326318)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1713981994651.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326318/; classtype:trojan-activity;sid:84189418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326319)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lumee.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326319/; classtype:trojan-activity;sid:84189419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326316)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucion-43-de-2023.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326316/; classtype:trojan-activity;sid:84189416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326317)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_birkin_25_rose_sakura_s_1633458404_4d793db9.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326317/; classtype:trojan-activity;sid:84189417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326312)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto9-e1666448479397.jpeg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326312/; classtype:trojan-activity;sid:84189412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326313)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20200213-wa0051-768x1024.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326313/; classtype:trojan-activity;sid:84189413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326314)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2024-08-28-20-44-41-1.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326314/; classtype:trojan-activity;sid:84189414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326315)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/la-reserva-12.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326315/; classtype:trojan-activity;sid:84189415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326310)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52b696dc-975a-4882-bf75-392e3bfcdad8-min-837x628.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326310/; classtype:trojan-activity;sid:84189410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326311)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-41.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326311/; classtype:trojan-activity;sid:84189411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326308)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum-governance-proposal-2024-5.6.1.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326308/; classtype:trojan-activity;sid:84189408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326309)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo1.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326309/; classtype:trojan-activity;sid:84189409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-09-03-at-13.00.37-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326303/; classtype:trojan-activity;sid:84189403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-tbs-1a-da1-1.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326304/; classtype:trojan-activity;sid:84189404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326305)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171166_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326305/; classtype:trojan-activity;sid:84189405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326306)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-de-pasantias-de-investigacion-2017-hz9j.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326306/; classtype:trojan-activity;sid:84189406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326307)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1_1_11zon.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326307/; classtype:trojan-activity;sid:84189407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imag0031.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326302/; classtype:trojan-activity;sid:84189402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326294)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dc4a6838ddff776f7b941fb3243d2d8c.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326294/; classtype:trojan-activity;sid:84189394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326295)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ludo-aves-de-humedales.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326295/; classtype:trojan-activity;sid:84189395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326296)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chemistry_course_outcome.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326296/; classtype:trojan-activity;sid:84189396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326297)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0159.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326297/; classtype:trojan-activity;sid:84189397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326298)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryfl-studio-cracked.comcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326298/; classtype:trojan-activity;sid:84189398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326299)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sika.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326299/; classtype:trojan-activity;sid:84189399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326300)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guia-de-staking-de-binance-coin-20243.7.7.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326300/; classtype:trojan-activity;sid:84189400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326301)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j19_lifestyle.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326301/; classtype:trojan-activity;sid:84189401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326292)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-38.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326292/; classtype:trojan-activity;sid:84189392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326293)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/immunologia_red.k.bryniarski.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326293/; classtype:trojan-activity;sid:84189393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12.-zips-4-port-alarm-unit-vietnamese.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326288/; classtype:trojan-activity;sid:84189388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/taller4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326289/; classtype:trojan-activity;sid:84189389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326290)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mo-bo-co-chay-khong.jpeg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326290/; classtype:trojan-activity;sid:84189390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326291)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/private_keys.txt.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326291/; classtype:trojan-activity;sid:84189391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/company-portfolio.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326283/; classtype:trojan-activity;sid:84189383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/qff-armario-plegable-marco-de-acero-armarios-grandes-color-2.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326284/; classtype:trojan-activity;sid:84189384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326285)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1566-done-for-gb.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326285/; classtype:trojan-activity;sid:84189385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326286)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1560-done-for-gb.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326286/; classtype:trojan-activity;sid:84189386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326287)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j19_smokedebony_lifestyle_v2.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326287/; classtype:trojan-activity;sid:84189387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-chess-b200-1.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326281/; classtype:trojan-activity;sid:84189381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-400-gallery-14.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326282/; classtype:trojan-activity;sid:84189382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326279)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/velvet-gold-1-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326279/; classtype:trojan-activity;sid:84189379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326280)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wittenberg_thesentuer_schlosskirche.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326280/; classtype:trojan-activity;sid:84189380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326274)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-2020-12-11-extraordinaria.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326274/; classtype:trojan-activity;sid:84189374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01426-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326275/; classtype:trojan-activity;sid:84189375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326276)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/271717359_486380019517317_155556762142107651_n-1024x1009.jpg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326276/; classtype:trojan-activity;sid:84189376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326277)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a4k-back_1-700x700-1-150x150.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326277/; classtype:trojan-activity;sid:84189377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326278)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1680804304d8728fd5f71a23bb9e72a9a8d7a467db.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326278/; classtype:trojan-activity;sid:84189378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326269)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srishti-x-abhinav-2-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326269/; classtype:trojan-activity;sid:84189369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326270)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/30537-servicii-catering-1.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326270/; classtype:trojan-activity;sid:84189370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326271)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/himanshu-x-yogita-2-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326271/; classtype:trojan-activity;sid:84189371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326272)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326272/; classtype:trojan-activity;sid:84189372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326273)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mapainstructivoprogr.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326273/; classtype:trojan-activity;sid:84189373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326267)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-17-at-10.20.47_de437446.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326267/; classtype:trojan-activity;sid:84189367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326268)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2020-ed-1-02-24-vol-169-mx-interactive.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326268/; classtype:trojan-activity;sid:84189368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326261)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/registration-certificate-converted.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326261/; classtype:trojan-activity;sid:84189361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326263)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-de-posgrado-docencia-2023.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326263/; classtype:trojan-activity;sid:84189363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326264)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7829-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326264/; classtype:trojan-activity;sid:84189364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326265)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/417890790_975069361010091_7455913294678301226_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326265/; classtype:trojan-activity;sid:84189365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326266)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/konkani-programme-specific-outcomes.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326266/; classtype:trojan-activity;sid:84189366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326259)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51357_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326259/; classtype:trojan-activity;sid:84189359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326260)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marco.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326260/; classtype:trojan-activity;sid:84189360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326254)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16746508765a4498a82b6cda1af6a197c97ec26cc6.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326254/; classtype:trojan-activity;sid:84189354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326255)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/colectie-poze-1.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326255/; classtype:trojan-activity;sid:84189355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326256)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc03123-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326256/; classtype:trojan-activity;sid:84189356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326257)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/animal-cuts-42-packs-universal-nutrition.png.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326257/; classtype:trojan-activity;sid:84189357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326258)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-aprobado-para-2017.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326258/; classtype:trojan-activity;sid:84189358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326249)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/https25253a25252f25252fi.etsystatic.com25252f809101925252fr25252fil25252fe1d01725252f235797782525252fil_fullxfull.2357977825_qyuu.jpg.lnk"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326249/; classtype:trojan-activity;sid:84189349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326250)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-eliberare-adeverinta-de-rol.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326250/; classtype:trojan-activity;sid:84189350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326251)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9774226_orig.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326251/; classtype:trojan-activity;sid:84189351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326252)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modern-pool-house-gallery-img-03.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326252/; classtype:trojan-activity;sid:84189352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326253)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5_zips-single-port-alarm-unit-merchandising-guide-1.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326253/; classtype:trojan-activity;sid:84189353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326246)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sprawozdanie2017.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326246/; classtype:trojan-activity;sid:84189346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326247)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/declaratie-consimtamant-imputernicit-directia-pentru-agricultura-judeteana-iasi.pdf.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326247/; classtype:trojan-activity;sid:84189347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326248)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bannery_vizualni_identity_igloonet2.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326248/; classtype:trojan-activity;sid:84189348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326244)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2021_06_easo_syria_situation_returnees_from_abroad.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326244/; classtype:trojan-activity;sid:84189344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326242)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55769_16.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326242/; classtype:trojan-activity;sid:84189342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326243)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/007-calendario-y-campeonatos-de-la-planificacion-deportiva-oficial-2024.pdf.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326243/; classtype:trojan-activity;sid:84189343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326235)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-ico-ido-ieo-guide-20241-1-5.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326235/; classtype:trojan-activity;sid:84189335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326236)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-15-533x800.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326236/; classtype:trojan-activity;sid:84189336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326237)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59421_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326237/; classtype:trojan-activity;sid:84189337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326238)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/copia-de-planilha-das-vagas-18-111.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326238/; classtype:trojan-activity;sid:84189338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326239)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-143-aprobar-el-texto-unico-de-precedimientos-administrativos-tupa-de-la-municipalidad-de-cayma.pdf.lnk"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326239/; classtype:trojan-activity;sid:84189339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326240)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/steve-light-messenger-bag--074774ck37-worn-9-0-0-800-800_g.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326240/; classtype:trojan-activity;sid:84189340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326241)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lista_de_seleccionados_1.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326241/; classtype:trojan-activity;sid:84189341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326234)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-translogo-192x192.png.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326234/; classtype:trojan-activity;sid:84189334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326229)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sfsa_2015_final_0.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326229/; classtype:trojan-activity;sid:84189329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326230)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17-1440x1080.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326230/; classtype:trojan-activity;sid:84189330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326231)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-24.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326231/; classtype:trojan-activity;sid:84189331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326232)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-2024-11-25-142155.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326232/; classtype:trojan-activity;sid:84189332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326233)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0104-705x705-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326233/; classtype:trojan-activity;sid:84189333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326225)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/semana-nacional-da-conciliacao-e-execucao-trabalhista-2021.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326225/; classtype:trojan-activity;sid:84189325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326226)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bebezinhos-de-feltro-cantinho-da-thiana.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326226/; classtype:trojan-activity;sid:84189326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326227)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/portada.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326227/; classtype:trojan-activity;sid:84189327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326228)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/luxuryvault-birkin-30cm-hermes-birkin-30cm-rouge-grenat-togo-leather-with-gold-hardware-37315533865116_800x.jpg.lnk"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326228/; classtype:trojan-activity;sid:84189328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326223)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/angler21.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326223/; classtype:trojan-activity;sid:84189323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326224)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/animal-test-universal-nutrition.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326224/; classtype:trojan-activity;sid:84189324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326222)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/karta_katalogowa_int-ksg-ssw-bsb.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326222/; classtype:trojan-activity;sid:84189322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326220)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/metro-turkiye_35-yas-alti-3-sef-yarismasi2.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326220/; classtype:trojan-activity;sid:84189320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326221)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chemistry.course.outcome.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326221/; classtype:trojan-activity;sid:84189321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326218)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/514061271026.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326218/; classtype:trojan-activity;sid:84189318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326219)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sajt1.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326219/; classtype:trojan-activity;sid:84189319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326215)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requirements-su.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:260; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326215/; classtype:trojan-activity;sid:84189315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326216)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sprawozdanie2009.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326216/; classtype:trojan-activity;sid:84189316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326217)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arch_standard_specs.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326217/; classtype:trojan-activity;sid:84189317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326209)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tuition-fees-1.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326209/; classtype:trojan-activity;sid:84189309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326210)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-04-at-12.52.36.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326210/; classtype:trojan-activity;sid:84189310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326211)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ppto-2023.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326211/; classtype:trojan-activity;sid:84189311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326212)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-campamento-par-explora-antofagasta-2020.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326212/; classtype:trojan-activity;sid:84189312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326213)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04365-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326213/; classtype:trojan-activity;sid:84189313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326214)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/outdoor.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326214/; classtype:trojan-activity;sid:84189314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326206)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscina-8-elite.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326206/; classtype:trojan-activity;sid:84189306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326207)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ocean_hepalex_60_kapsul_web.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326207/; classtype:trojan-activity;sid:84189307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326208)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lgrh3.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326208/; classtype:trojan-activity;sid:84189308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326202)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-ylico-11.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326202/; classtype:trojan-activity;sid:84189302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326204)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpk-louis-rossignol-rsgl-tercera-capa-hombre-parka-azul-4.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326204/; classtype:trojan-activity;sid:84189304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326205)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-25-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326205/; classtype:trojan-activity;sid:84189305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326195)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_10.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326195/; classtype:trojan-activity;sid:84189295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326196)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-5.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326196/; classtype:trojan-activity;sid:84189296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326197)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dji_0149-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326197/; classtype:trojan-activity;sid:84189297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryecp-dic-2023-1.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326198/; classtype:trojan-activity;sid:84189298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326199)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/middle-sections-much-anticipated-annual-event-noir-et-blanc-7.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326199/; classtype:trojan-activity;sid:84189299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326200)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandeep-x-ankita-11-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326200/; classtype:trojan-activity;sid:84189300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326201)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pemberitahuan-jam-kerja-asn-selama-bulan-puasa.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326201/; classtype:trojan-activity;sid:84189301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326192)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20201031_115526.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326192/; classtype:trojan-activity;sid:84189292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326193)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/713866373372.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326193/; classtype:trojan-activity;sid:84189293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326194)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326194/; classtype:trojan-activity;sid:84189294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326184)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-2016v2-distanciespapers-aire-lliure-i-sala11535.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326184/; classtype:trojan-activity;sid:84189284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326185)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/48_d7d093-cfbl2j.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326185/; classtype:trojan-activity;sid:84189285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326186)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/passpass-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326186/; classtype:trojan-activity;sid:84189286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326187)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_0432-1170x780.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326187/; classtype:trojan-activity;sid:84189287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326188)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a33b3dad205b875b861fb826bb35c97e--nike-jacket-nike-air-jordans.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326188/; classtype:trojan-activity;sid:84189288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326182)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171443_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326182/; classtype:trojan-activity;sid:84189282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326183)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/113619844865.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326183/; classtype:trojan-activity;sid:84189283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326178)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/visit-to-house-of-commons-img-5-1-408x544-2.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326178/; classtype:trojan-activity;sid:84189278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326179)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo5.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326179/; classtype:trojan-activity;sid:84189279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326180)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20191223-wa0016.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326180/; classtype:trojan-activity;sid:84189280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326181)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/first-impression-headshots-443.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326181/; classtype:trojan-activity;sid:84189281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326173)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gp-header01.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326173/; classtype:trojan-activity;sid:84189273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326174)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/113341156456.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326174/; classtype:trojan-activity;sid:84189274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326175)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-tv-and-stand-1.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326175/; classtype:trojan-activity;sid:84189275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326176)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58106-1024x768.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326176/; classtype:trojan-activity;sid:84189276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326177)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/07072022-certificado-aprobacio252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252581n-tarifas-2.pdf.lnk"; http_uri; depth:244; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326177/; classtype:trojan-activity;sid:84189277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326166)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-dena-julianti.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326166/; classtype:trojan-activity;sid:84189266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326167)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/75291721_1244224205762352_3007786711448027136_o_1244224202429019.jpg.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326167/; classtype:trojan-activity;sid:84189267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326168)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eco_foto.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326168/; classtype:trojan-activity;sid:84189268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326169)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro2011.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326169/; classtype:trojan-activity;sid:84189269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326170)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/amul-chocolate.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326170/; classtype:trojan-activity;sid:84189270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326171)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2021_brandnew_hermes_mini_evel_1619920008_daea9a28_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326171/; classtype:trojan-activity;sid:84189271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326172)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_2597-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326172/; classtype:trojan-activity;sid:84189272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326162)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mmm.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326162/; classtype:trojan-activity;sid:84189262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326163)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ugc-2f-and-12b.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326163/; classtype:trojan-activity;sid:84189263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326164)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10840_alt1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326164/; classtype:trojan-activity;sid:84189264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326165)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tarte_tatin.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326165/; classtype:trojan-activity;sid:84189265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326157)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-nft-guide-2024-4-2-6.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326157/; classtype:trojan-activity;sid:84189257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326158)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/95b87486-04ce-420f-9f4c-f0f92376ed25.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326158/; classtype:trojan-activity;sid:84189258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326159)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/equipos-ganadores-congreso-regional-explora-rmn-2022.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326159/; classtype:trojan-activity;sid:84189259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326160)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1699.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326160/; classtype:trojan-activity;sid:84189260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326161)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_japan-drill.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326161/; classtype:trojan-activity;sid:84189261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326152)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-28-de-2024-.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326152/; classtype:trojan-activity;sid:84189252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326153)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/samsung-galaxy-a25-black.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326153/; classtype:trojan-activity;sid:84189253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326154)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/36-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326154/; classtype:trojan-activity;sid:84189254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326155)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-mining-setup-guide-2024-5-7-2.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326155/; classtype:trojan-activity;sid:84189255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326156)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20231130_091813-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326156/; classtype:trojan-activity;sid:84189256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326146)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_7974.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326146/; classtype:trojan-activity;sid:84189246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326147)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-con-corte-a-30-de-junio-de-2022-ttb-en-formato-pdf.pdf.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326147/; classtype:trojan-activity;sid:84189247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326148)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-kemeja-koveksi-baju.jpg.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326148/; classtype:trojan-activity;sid:84189248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326149)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estados-financieros-2007.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326149/; classtype:trojan-activity;sid:84189249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326150)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/long-lasting-perfumes-285451-1581396008331-main.700x0c.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326150/; classtype:trojan-activity;sid:84189250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326151)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/efe-diciembre-2022.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326151/; classtype:trojan-activity;sid:84189251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326145)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/maravillas-escondidas-ii-2022.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326145/; classtype:trojan-activity;sid:84189245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326138)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/revaluation_notice_bcom_sem_vi.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326138/; classtype:trojan-activity;sid:84189238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326139)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aditi-x-harsh-2-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326139/; classtype:trojan-activity;sid:84189239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326140)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/320903-58998.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326140/; classtype:trojan-activity;sid:84189240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326141)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5451-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326141/; classtype:trojan-activity;sid:84189241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326142)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-whitepaper-2024-3-0-0.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326142/; classtype:trojan-activity;sid:84189242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326143)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/castor2020.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326143/; classtype:trojan-activity;sid:84189243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326144)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/draft-hr-generals-policies.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326144/; classtype:trojan-activity;sid:84189244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326132)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lycra03.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326132/; classtype:trojan-activity;sid:84189232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326133)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/decim.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326133/; classtype:trojan-activity;sid:84189233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326134)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e10.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326134/; classtype:trojan-activity;sid:84189234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326135)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bwk-tbs-601-a-1.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326135/; classtype:trojan-activity;sid:84189235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326136)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/grizzlies.gif.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326136/; classtype:trojan-activity;sid:84189236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326137)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-1440x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326137/; classtype:trojan-activity;sid:84189237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326128)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3944fileminimizer.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326128/; classtype:trojan-activity;sid:84189228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326129)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/slide-3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326129/; classtype:trojan-activity;sid:84189229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326130)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-2.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326130/; classtype:trojan-activity;sid:84189230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326131)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/room-img1-725x544.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326131/; classtype:trojan-activity;sid:84189231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326123)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-oxford15-rossignol-rsgl-top-camisa-hombre-blanca-3.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326123/; classtype:trojan-activity;sid:84189223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326124)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/celeste-3742495554.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326124/; classtype:trojan-activity;sid:84189224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326125)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tgt73.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326125/; classtype:trojan-activity;sid:84189225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326126)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preguntas_frecuentes_xix_concurso_de_proyectos_de_dyv.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326126/; classtype:trojan-activity;sid:84189226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326127)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/340.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326127/; classtype:trojan-activity;sid:84189227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326115)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/planacciondelplanestrategico2019-1.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326115/; classtype:trojan-activity;sid:84189215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326116)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-3.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326116/; classtype:trojan-activity;sid:84189216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326117)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/40.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326117/; classtype:trojan-activity;sid:84189217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326118)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.pdf.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326118/; classtype:trojan-activity;sid:84189218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326119)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-rtd.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326119/; classtype:trojan-activity;sid:84189219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326120)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3_ws2-apple-watch-tray-sensors-zw1051-52-merchandising-guide-english.pdf.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326120/; classtype:trojan-activity;sid:84189220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326121)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brochureniddespoirfev2023.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326121/; classtype:trojan-activity;sid:84189221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326122)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/situacion-financiera-31-de-diciembre-2017.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326122/; classtype:trojan-activity;sid:84189222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326109)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.a.economics_syllabus.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326109/; classtype:trojan-activity;sid:84189209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326110)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b11fd2ce320a511d5cfbfbc40e07e463.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326110/; classtype:trojan-activity;sid:84189210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326111)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326111/; classtype:trojan-activity;sid:84189211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326112)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eri-mar-2024.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326112/; classtype:trojan-activity;sid:84189212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326113)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barrera-antiparking-2-scaled.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326113/; classtype:trojan-activity;sid:84189213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326114)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171031_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326114/; classtype:trojan-activity;sid:84189214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326105)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-sudirman-pekalongan.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326105/; classtype:trojan-activity;sid:84189205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326106)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58994_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326106/; classtype:trojan-activity;sid:84189206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326107)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-lab-2.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326107/; classtype:trojan-activity;sid:84189207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326108)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guia-de-staking-do-dogecoin-2024-5-6-0.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326108/; classtype:trojan-activity;sid:84189208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326099)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b2-1024x493.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326099/; classtype:trojan-activity;sid:84189199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326100)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pagina_nota3_27_11_24_oald.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326100/; classtype:trojan-activity;sid:84189200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326101)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ciudadania_ciencia-y-tecnologia.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326101/; classtype:trojan-activity;sid:84189201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326102)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_ojodepez_2022.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326102/; classtype:trojan-activity;sid:84189202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326103)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jht-j245-porcelain-oh.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326103/; classtype:trojan-activity;sid:84189203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326104)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/panti-asuhan-nurul-yasmin.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326104/; classtype:trojan-activity;sid:84189204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326095)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primary-section-annual-function-6.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326095/; classtype:trojan-activity;sid:84189195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326096)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lacoste-tc_1_11zon.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326096/; classtype:trojan-activity;sid:84189196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326097)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-02-de-2021-derecho-de-preferencia.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326097/; classtype:trojan-activity;sid:84189197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326098)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0342.jpeg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326098/; classtype:trojan-activity;sid:84189198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326087)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo-14.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326087/; classtype:trojan-activity;sid:84189187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326088)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9722-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326088/; classtype:trojan-activity;sid:84189188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326089)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326089/; classtype:trojan-activity;sid:84189189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326090)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-concurso-de-fotografia-par-explora-rm-norte.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326090/; classtype:trojan-activity;sid:84189190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326091)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/388c835b75ac64006b942ef0500580bc2.png.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326091/; classtype:trojan-activity;sid:84189191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326092)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bando_totana.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326092/; classtype:trojan-activity;sid:84189192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326094)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/backlit-panel-light_elp3659565_36w-a-product_datasheet.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326094/; classtype:trojan-activity;sid:84189194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326083)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/time-table-b.a..pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326083/; classtype:trojan-activity;sid:84189183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326084)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rundown-ppl-2024-2.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326084/; classtype:trojan-activity;sid:84189184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326085)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wb20-srb-tra-03_sep_v3_prilog-1.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326085/; classtype:trojan-activity;sid:84189185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326086)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unknown-4.jpeg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326086/; classtype:trojan-activity;sid:84189186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326080)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/09.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326080/; classtype:trojan-activity;sid:84189180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326081)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55876_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326081/; classtype:trojan-activity;sid:84189181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326082)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9bdi-scmfvy-xcx1an.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326082/; classtype:trojan-activity;sid:84189182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326073)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baby-yoda-coloring-sheet-4.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326073/; classtype:trojan-activity;sid:84189173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326074)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dc90eee6c730582024e54d5924925d0f.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326074/; classtype:trojan-activity;sid:84189174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326075)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standard-electric-furnace-fo200.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326075/; classtype:trojan-activity;sid:84189175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326076)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/64666191_1123583471159760_7700433121103052800_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326076/; classtype:trojan-activity;sid:84189176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326078)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thumbnail_screenshot_20231017_140259.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326078/; classtype:trojan-activity;sid:84189178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326079)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f2krf_qfcqw-scaled.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326079/; classtype:trojan-activity;sid:84189179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326068)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2cdi6km3ro4_97a577-3oow6n.jpeg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326068/; classtype:trojan-activity;sid:84189168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326069)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21-1-1200x800.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326069/; classtype:trojan-activity;sid:84189169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326070)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.sports-and-cultural-activities_2_11zon.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326070/; classtype:trojan-activity;sid:84189170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326071)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cat_wonderspace.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326071/; classtype:trojan-activity;sid:84189171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326072)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/verb-purple-shampoo-32oz-rve-ver-cps32_2-500x500-1.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326072/; classtype:trojan-activity;sid:84189172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326064)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59165_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326064/; classtype:trojan-activity;sid:84189164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326065)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52067_13.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326065/; classtype:trojan-activity;sid:84189165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326066)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2022-sumpi-hanthotna.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326066/; classtype:trojan-activity;sid:84189166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326067)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dec222020_02b4203.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326067/; classtype:trojan-activity;sid:84189167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326058)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-final-licencias-2019-2020.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326058/; classtype:trojan-activity;sid:84189158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326059)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-sidewall-standard-15-punch-red.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326059/; classtype:trojan-activity;sid:84189159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326060)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/meatzaldeberri_303.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326060/; classtype:trojan-activity;sid:84189160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326061)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/183803412_3768944536549622_4467216226576900980_n-e1621254790271.jpg.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326061/; classtype:trojan-activity;sid:84189161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326062)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/verificacion-de-cumplimiento-requisitos-convocatoria-n-002-2023-dl-728.pdf.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326062/; classtype:trojan-activity;sid:84189162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326063)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pennellino-paint-like-klimt-01.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326063/; classtype:trojan-activity;sid:84189163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326050)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comparabilidad-internacional-epscyt-dege-octubre16_publicar_oficial.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326050/; classtype:trojan-activity;sid:84189150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326051)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-5.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326051/; classtype:trojan-activity;sid:84189151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326052)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/justica-prisao-preventiva-foragido-feminicidio-2n9iek.jpeg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326052/; classtype:trojan-activity;sid:84189152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326053)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-t2525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525adtulo-1-2.jpg.lnk"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326053/; classtype:trojan-activity;sid:84189153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326054)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/greivance_redressal_policy.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326054/; classtype:trojan-activity;sid:84189154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo21-12-22_55608pm.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326055/; classtype:trojan-activity;sid:84189155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326056)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dhafer-yousef-jazzistanbul.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326056/; classtype:trojan-activity;sid:84189156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326057)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modelo-de-formulario-de-desistimiento.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326057/; classtype:trojan-activity;sid:84189157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326045)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chico-uai-258x328.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326045/; classtype:trojan-activity;sid:84189145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326046)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/organigrama-cerere.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326046/; classtype:trojan-activity;sid:84189146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326047)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerylearn.skillnation.aicrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326047/; classtype:trojan-activity;sid:84189147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326048)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diadora_4_11zon-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326048/; classtype:trojan-activity;sid:84189148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326049)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-002.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326049/; classtype:trojan-activity;sid:84189149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326043)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jordan-jumpman-2021-pf-basketball-shoe-x3gqbm.png.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326043/; classtype:trojan-activity;sid:84189143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326044)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo3.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326044/; classtype:trojan-activity;sid:84189144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326038)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rti-manual-1-2021.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326038/; classtype:trojan-activity;sid:84189138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326039)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-2019-08-22-at-5.41.25-pm.png.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326039/; classtype:trojan-activity;sid:84189139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326040)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-educational-material-2024-4-4-8.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326040/; classtype:trojan-activity;sid:84189140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326041)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lumeeeee-uai-258x204.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326041/; classtype:trojan-activity;sid:84189141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326032)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/neo-zapper-4.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326032/; classtype:trojan-activity;sid:84189132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326033)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clo-jp.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326033/; classtype:trojan-activity;sid:84189133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326034)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cata25252525252525252525252525252525cc2525252525252525252525252525252581logo-cti-slep-puerto-cordillera.pdf.lnk"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326034/; classtype:trojan-activity;sid:84189134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326035)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-ctci.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326035/; classtype:trojan-activity;sid:84189135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326036)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estatuts-club-pardinyes.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326036/; classtype:trojan-activity;sid:84189136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326037)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cf3.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326037/; classtype:trojan-activity;sid:84189137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326028)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-outnva-rossignol-rsgl-top-hombre-outdoor-beige-5.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326028/; classtype:trojan-activity;sid:84189128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326029)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/19.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326029/; classtype:trojan-activity;sid:84189129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326030)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gymhome.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326030/; classtype:trojan-activity;sid:84189130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326031)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lago-paranoacc81-sofre-com-proliferaccca7acc83o-de-plantas-aquacc81ticas-procc81ximo-acc80-estaccca7acc83o-de-tratamento-da-caesb-metropoles-1-4kxueo.jpeg.lnk"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326031/; classtype:trojan-activity;sid:84189131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326021)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/362920_887401_whatsapp_image_2019_06_15_at_17.37.13__4_.jpeg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326021/; classtype:trojan-activity;sid:84189121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326022)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-congresos-regionales-2014-rm-21.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326022/; classtype:trojan-activity;sid:84189122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326023)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/album-explora-2019_web.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326023/; classtype:trojan-activity;sid:84189123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326024)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p10.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326024/; classtype:trojan-activity;sid:84189124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326025)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326025/; classtype:trojan-activity;sid:84189125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326026)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chiavette-usb.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326026/; classtype:trojan-activity;sid:84189126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326027)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formulario_cienciassociales.docx.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326027/; classtype:trojan-activity;sid:84189127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326019)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polo-small-efdeco.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326019/; classtype:trojan-activity;sid:84189119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326014)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-364-2024-regula-la-publicidad-de-los-locales-en-las-vias-publicas-y-otros.pdf.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326014/; classtype:trojan-activity;sid:84189114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326015)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gaap-ofteno-pf.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326015/; classtype:trojan-activity;sid:84189115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326016)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-mesa-de-trabajo-1-192x192.png.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326016/; classtype:trojan-activity;sid:84189116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326017)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rodrigo-2.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326017/; classtype:trojan-activity;sid:84189117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326018)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326018/; classtype:trojan-activity;sid:84189118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326005)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mask-group-7.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326005/; classtype:trojan-activity;sid:84189105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326006)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-label-layer-system-04.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326006/; classtype:trojan-activity;sid:84189106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326007)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nota-la-segunda-1.jpeg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326007/; classtype:trojan-activity;sid:84189107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326008)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/daniele.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326008/; classtype:trojan-activity;sid:84189108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326009)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-pasantias_cientificas_escolares-par_explora_rm_norte.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326009/; classtype:trojan-activity;sid:84189109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326010)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/protocolo-julgamento-perspectiva-genero.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326010/; classtype:trojan-activity;sid:84189110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326011)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-rtd.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326011/; classtype:trojan-activity;sid:84189111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326012)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-sub.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:192; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326012/; classtype:trojan-activity;sid:84189112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326013)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iqac_13th_dec_2018.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326013/; classtype:trojan-activity;sid:84189113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326002)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59021_28.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326002/; classtype:trojan-activity;sid:84189102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326003)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/palazzo-storico-gravina-2.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326003/; classtype:trojan-activity;sid:84189103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326004)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img6.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326004/; classtype:trojan-activity;sid:84189104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326000)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8plan-antitramites.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326000/; classtype:trojan-activity;sid:84189100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3326001)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11-po.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3326001/; classtype:trojan-activity;sid:84189101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325993)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-nft-guide-2024333.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325993/; classtype:trojan-activity;sid:84189093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325994)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro2002.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325994/; classtype:trojan-activity;sid:84189094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325995)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7078504_1729693699991.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325995/; classtype:trojan-activity;sid:84189095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325996)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/301-tvd_p1_depto-financiero-admin.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325996/; classtype:trojan-activity;sid:84189096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325997)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mint-extra-long-curling-wand-1-sei-min-mvk21100-228x228-1.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325997/; classtype:trojan-activity;sid:84189097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325998)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d_nq_np_662559-mco44286093084_122020-o.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325998/; classtype:trojan-activity;sid:84189098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325984)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ikmskpd-triwulan-1-1.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325984/; classtype:trojan-activity;sid:84189084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325985)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink_smart_contract_tutorial_2024_2.9.0.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325985/; classtype:trojan-activity;sid:84189085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325986)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-9-plano-rancho-el-pozo-.jpeg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325986/; classtype:trojan-activity;sid:84189086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325987)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rof-casa-de-cultura.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325987/; classtype:trojan-activity;sid:84189087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325988)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s7__c9hcncj42f8m_og.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325988/; classtype:trojan-activity;sid:84189088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325989)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-08-derecho-de-preferencia2017.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325989/; classtype:trojan-activity;sid:84189089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325990)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-de-gestion-2018.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325990/; classtype:trojan-activity;sid:84189090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325991)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/precision-01.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325991/; classtype:trojan-activity;sid:84189091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325992)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3944a4db-387a-4afa-8da9-1c960b9b08e4.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325992/; classtype:trojan-activity;sid:84189092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325981)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325981/; classtype:trojan-activity;sid:84189081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325982)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tether-mining-setup-guide-2024-2.9.6.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325982/; classtype:trojan-activity;sid:84189082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325983)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nikhil-x-pakhi-1-1-scaled.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325983/; classtype:trojan-activity;sid:84189083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325980)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/band-apple-watch-hermes-single-tour-45mm--077059cj93-worn-10-0-0-800-800_g.jpg.lnk"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325980/; classtype:trojan-activity;sid:84189080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325978)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325978/; classtype:trojan-activity;sid:84189078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325979)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5eeccc19-02ff-6634-e901-103ba965b929.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325979/; classtype:trojan-activity;sid:84189079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325969)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/91db6bgyt5l._ac_uy395_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325969/; classtype:trojan-activity;sid:84189069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alt-krei-fw.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325970/; classtype:trojan-activity;sid:84189070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325971)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ad9f5715-2c14-37b6-6a56-08ab262f3795.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325971/; classtype:trojan-activity;sid:84189071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325972)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-aprobado-2019.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325972/; classtype:trojan-activity;sid:84189072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325973)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fda-business-management-cecos-university-new-college-durham.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325973/; classtype:trojan-activity;sid:84189073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325974)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/revaluation_notice_for_ba_sem_vi.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325974/; classtype:trojan-activity;sid:84189074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325975)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-my-melody.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325975/; classtype:trojan-activity;sid:84189075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325976)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tocsilvas-9-scaled.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325976/; classtype:trojan-activity;sid:84189076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325977)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/directorio-de-empresas-transportadoras.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325977/; classtype:trojan-activity;sid:84189077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325967)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo-tourism.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325967/; classtype:trojan-activity;sid:84189067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325968)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-mining-setup-guide-2024-5.7.2.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325968/; classtype:trojan-activity;sid:84189068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325962)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54149619504_ecfbd4e4d8_o-lamlk8.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325962/; classtype:trojan-activity;sid:84189062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325963)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-17.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325963/; classtype:trojan-activity;sid:84189063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325964)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plan-anticorrupcion-y-atencion-al-ciudadano-2018.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325964/; classtype:trojan-activity;sid:84189064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325966)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sluzbeni_list_10_2024.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325966/; classtype:trojan-activity;sid:84189066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325957)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambios-en-el-patrimonio-2012.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325957/; classtype:trojan-activity;sid:84189057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325958)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tabela-me-vendet-vakante-per-lp.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325958/; classtype:trojan-activity;sid:84189058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325959)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-09-22-at-20.24.27-4-1024x768.jpeg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325959/; classtype:trojan-activity;sid:84189059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325961)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20230624-wa0015.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325961/; classtype:trojan-activity;sid:84189061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325949)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b496886e22c59e_documento_dedb48a.pd_.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325949/; classtype:trojan-activity;sid:84189049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325950)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/016_origin-soho-bkk_duo-view_final-2.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325950/; classtype:trojan-activity;sid:84189050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325951)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/figuras-saint-seiya-vintage.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325951/; classtype:trojan-activity;sid:84189051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325952)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sprawozdanie2008.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325952/; classtype:trojan-activity;sid:84189052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325953)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20240229_150549-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325953/; classtype:trojan-activity;sid:84189053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325954)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-kemeja-konveksi-wearpack-ruc-freeport.jpg.lnk"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325954/; classtype:trojan-activity;sid:84189054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325955)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/505.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325955/; classtype:trojan-activity;sid:84189055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325956)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/documento-cupo-explora_mv.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325956/; classtype:trojan-activity;sid:84189056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325944)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-040.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325944/; classtype:trojan-activity;sid:84189044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04992.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325945/; classtype:trojan-activity;sid:84189045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325946)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lateral-raise-2-600x497.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325946/; classtype:trojan-activity;sid:84189046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325947)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tether-tokenomics-report-20243.0.1.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325947/; classtype:trojan-activity;sid:84189047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325948)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-loi2017-020_codelec.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325948/; classtype:trojan-activity;sid:84189048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325943)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-victoria-bag-in-blue-abyss-taurillon-clemence-leather.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325943/; classtype:trojan-activity;sid:84189043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325942)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/120-oficina-auditoria-interna.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325942/; classtype:trojan-activity;sid:84189042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325937)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/185-65-r15-tl-88h-multi-action-pt565-3614.png.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325937/; classtype:trojan-activity;sid:84189037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325938)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/des-pr03-procedimiento_declaracion-de-conflicto-de-intereses-v1-final.pdf.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325938/; classtype:trojan-activity;sid:84189038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325939)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-ecosystem-report-2024-3-9-2.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325939/; classtype:trojan-activity;sid:84189039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325940)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/044.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325940/; classtype:trojan-activity;sid:84189040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325941)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fsl100-datasheet.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325941/; classtype:trojan-activity;sid:84189041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325930)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/powerpro_lifestyle.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325930/; classtype:trojan-activity;sid:84189030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325931)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0087-1-533x800.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325931/; classtype:trojan-activity;sid:84189031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325932)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp8984.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325932/; classtype:trojan-activity;sid:84189032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325933)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdc-profile-1.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325933/; classtype:trojan-activity;sid:84189033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325934)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1231.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325934/; classtype:trojan-activity;sid:84189034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325935)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa-in-vendita-n.-2-5.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325935/; classtype:trojan-activity;sid:84189035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325936)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/railskirt-10-punch-red.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325936/; classtype:trojan-activity;sid:84189036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325927)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/qlep6905-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325927/; classtype:trojan-activity;sid:84189027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325928)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_10.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325928/; classtype:trojan-activity;sid:84189028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325929)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/itapua-06-rotated.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325929/; classtype:trojan-activity;sid:84189029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325922)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informacje-o-projekcie-2.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325922/; classtype:trojan-activity;sid:84189022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325923)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-shl-1-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325923/; classtype:trojan-activity;sid:84189023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325924)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/296150276_5320422801407275_1648030313063045004_n-e1662819072352.jpg.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325924/; classtype:trojan-activity;sid:84189024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325925)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-495-2023-declarar-la-nulidad-de-oficio-del-acto-administrativo-contenido-en-la-resolucion-de-alcaldia-no738-2022-mdc.pdf.lnk"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325925/; classtype:trojan-activity;sid:84189025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325926)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aphmau-coloring-page.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325926/; classtype:trojan-activity;sid:84189026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325917)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55979_10.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325917/; classtype:trojan-activity;sid:84189017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325918)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solicitud-declaracion-jurada-licencia-de-funcionamiento.pdf.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325918/; classtype:trojan-activity;sid:84189018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325919)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-long-does-the-viagra-pill-last.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325919/; classtype:trojan-activity;sid:84189019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325920)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bmc.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325920/; classtype:trojan-activity;sid:84189020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325921)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sat7.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325921/; classtype:trojan-activity;sid:84189021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325910)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59021_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325910/; classtype:trojan-activity;sid:84189010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325911)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/start-1-croissant-ripieno-65g-feelingok.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325911/; classtype:trojan-activity;sid:84189011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325912)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-5.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325912/; classtype:trojan-activity;sid:84189012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325913)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/copia-de-lucas_00020.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325913/; classtype:trojan-activity;sid:84189013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325914)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/revista-podium-ed19-site.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325914/; classtype:trojan-activity;sid:84189014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325915)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/staff-parties-img-1-725x544-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325915/; classtype:trojan-activity;sid:84189015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325916)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/trpharm_logo-e1694416715671-696x169-1.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325916/; classtype:trojan-activity;sid:84189016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325906)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58097_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325906/; classtype:trojan-activity;sid:84189006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325907)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/instrukcja-montazu-7011b-7012b.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325907/; classtype:trojan-activity;sid:84189007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325908)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/176439546_3904529772933517_5938837480865292339_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325908/; classtype:trojan-activity;sid:84189008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325909)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flujo-de-efectivo-2015.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325909/; classtype:trojan-activity;sid:84189009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325905)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01432-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325905/; classtype:trojan-activity;sid:84189005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325900)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pogoda-po-francusku.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325900/; classtype:trojan-activity;sid:84189000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325901)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bif-2.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325901/; classtype:trojan-activity;sid:84189001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325902)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/personalizzazione25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252520strutture.pdf.lnk"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325902/; classtype:trojan-activity;sid:84189002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325903)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/discurs-biro.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325903/; classtype:trojan-activity;sid:84189003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325904)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/de2b0f8b-c80a-4e79-86d2-6988a4fd7896-min-837x628.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325904/; classtype:trojan-activity;sid:84189004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325893)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/yamamoto-nutrition-protesamine2525252525252525252525252525252525c22525252525252525252525252525252525ae-mcu-202525252525252525252525252525252525c22525252525252525252525252525252525ae-100-compresse.jpeg.lnk"; http_uri; depth:215; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325893/; classtype:trojan-activity;sid:84188993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325894)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana_wallet_setup_guide_20242.1.3.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325894/; classtype:trojan-activity;sid:84188994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325896)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-tundra-18.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325896/; classtype:trojan-activity;sid:84188996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325897)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eaf8063a-2787-4c9a-aa0e-50f3ab6dd682.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325897/; classtype:trojan-activity;sid:84188997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325898)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vue-brochure.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325898/; classtype:trojan-activity;sid:84188998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325888)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e-books-library-himal.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325888/; classtype:trojan-activity;sid:84188988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325889)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bej-07742-technical_note-kaiti.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325889/; classtype:trojan-activity;sid:84188989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/404-tvd-depto-tecnico.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325890/; classtype:trojan-activity;sid:84188990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325891)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.sc_.-botany-course-structure.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325891/; classtype:trojan-activity;sid:84188991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325892)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ham-cheese-croissant-angled.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325892/; classtype:trojan-activity;sid:84188992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325884)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lycra0443.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325884/; classtype:trojan-activity;sid:84188984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325885)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-api-documentation-20244.8.6.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325885/; classtype:trojan-activity;sid:84188985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325886)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_proof.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325886/; classtype:trojan-activity;sid:84188986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325887)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logoredondo-qbbjmxh2wp1fcymild77ghh0jl1ca5bybj2dpliov0.png.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325887/; classtype:trojan-activity;sid:84188987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325878)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bcaa-drink-mix-250gr-self.png.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325878/; classtype:trojan-activity;sid:84188978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325879)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/454-sf-american-elm-min-min-scaled.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325879/; classtype:trojan-activity;sid:84188979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325880)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325880/; classtype:trojan-activity;sid:84188980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325881)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60121_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325881/; classtype:trojan-activity;sid:84188981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325882)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-1620x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325882/; classtype:trojan-activity;sid:84188982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325883)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phili-chippy-snacks-50g.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325883/; classtype:trojan-activity;sid:84188983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325869)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/30.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325869/; classtype:trojan-activity;sid:84188969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325870)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-herramientas-ficha-tecnica-tijera-corte-curvo-ag-4920-ss.pdf.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325870/; classtype:trojan-activity;sid:84188970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325871)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-fap-decomore-burkolattal-10.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325871/; classtype:trojan-activity;sid:84188971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325872)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/people-having-lunch.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325872/; classtype:trojan-activity;sid:84188972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325873)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/i12-recupere.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325873/; classtype:trojan-activity;sid:84188973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325874)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tony_joe_jazzistanbul.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325874/; classtype:trojan-activity;sid:84188974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325875)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politica-per-la-parita-di-genere-di-magistra-rev-1-del-01-febbraio-2024.pdf.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325875/; classtype:trojan-activity;sid:84188975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325876)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/301-14.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325876/; classtype:trojan-activity;sid:84188976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325877)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/913866373372.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325877/; classtype:trojan-activity;sid:84188977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325864)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1729785977f22c4246f57417585d81733ea915a59b.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325864/; classtype:trojan-activity;sid:84188964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325865)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultados-integral-septiembre-2023.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325865/; classtype:trojan-activity;sid:84188965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325866)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17309905630ac1f98c035e2969b41649f7d9900428.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325866/; classtype:trojan-activity;sid:84188966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325867)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-wwe.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325867/; classtype:trojan-activity;sid:84188967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325868)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mec.pdf.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325868/; classtype:trojan-activity;sid:84188968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325861)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/camscanner-01-25-2024-16.20_1.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325861/; classtype:trojan-activity;sid:84188961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325862)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento-congreso-2017.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325862/; classtype:trojan-activity;sid:84188962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325863)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-educational-material-2024-1-9-2.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325863/; classtype:trojan-activity;sid:84188963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325850)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/camara.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325850/; classtype:trojan-activity;sid:84188950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325851)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roller_shades_sunscreen3-scaled.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325851/; classtype:trojan-activity;sid:84188951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325852)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/app-icon.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325852/; classtype:trojan-activity;sid:84188952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325853)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spile-m25252525252525c325252525252525b8bler.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325853/; classtype:trojan-activity;sid:84188953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325854)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kiemly-tam-104-edit-1000.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325854/; classtype:trojan-activity;sid:84188954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325855)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_e3802.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325855/; classtype:trojan-activity;sid:84188955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325856)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pragya-coils-brochure_high-res.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325856/; classtype:trojan-activity;sid:84188956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325857)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-49.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325857/; classtype:trojan-activity;sid:84188957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325858)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/international-women-day-img-9-408x544-1.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325858/; classtype:trojan-activity;sid:84188958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325859)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/239374018_106313941765099_88412676475343211_n.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325859/; classtype:trojan-activity;sid:84188959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325860)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/revised-time-table-b.com_.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325860/; classtype:trojan-activity;sid:84188960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325846)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6710.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325846/; classtype:trojan-activity;sid:84188946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325847)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-mining-setup-guide-20243.0.9.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325847/; classtype:trojan-activity;sid:84188947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-2019-terminal-de-transporte-s.a._1.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325848/; classtype:trojan-activity;sid:84188948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325849)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mario-kart-color-pages.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325849/; classtype:trojan-activity;sid:84188949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325839)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/recovery-cicle_net-integratori.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325839/; classtype:trojan-activity;sid:84188939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325840)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/orthopedic.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325840/; classtype:trojan-activity;sid:84188940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325841)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325841/; classtype:trojan-activity;sid:84188941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325842)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wwe-coloring-pages.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325842/; classtype:trojan-activity;sid:84188942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325843)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/model-statut.docx.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325843/; classtype:trojan-activity;sid:84188943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325844)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/designer-1.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325844/; classtype:trojan-activity;sid:84188944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325845)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/digital.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325845/; classtype:trojan-activity;sid:84188945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325835)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ai-logo-yatay.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325835/; classtype:trojan-activity;sid:84188935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325836)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.-reglamento-interno-escolar-instituto-san-sebastian-de-yumbel-educacion-parvularia-2020.pdf.lnk"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325836/; classtype:trojan-activity;sid:84188936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325837)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-18-at-14.16.31-zj5zwx.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325837/; classtype:trojan-activity;sid:84188937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325838)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ader-seg-2.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325838/; classtype:trojan-activity;sid:84188938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325833)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/etykieta02.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325833/; classtype:trojan-activity;sid:84188933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325834)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/89606739_3236048269952615_5445406606997229609_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325834/; classtype:trojan-activity;sid:84188934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325832)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-tanpa-judul-93.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325832/; classtype:trojan-activity;sid:84188932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325825)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-de-privacidad.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325825/; classtype:trojan-activity;sid:84188925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325826)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20160728-wa0017.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325826/; classtype:trojan-activity;sid:84188926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325827)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59450_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325827/; classtype:trojan-activity;sid:84188927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325828)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boosting25252525252525252525252525252525252525252525252525252525252525252520negotiation25252525252525252525252525252525252525252525252525252525252525252520skills_slides.pdf.lnk"; http_uri; depth:187; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325828/; classtype:trojan-activity;sid:84188928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325829)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/watercolor-e1474907927857.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325829/; classtype:trojan-activity;sid:84188929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325830)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60130_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325830/; classtype:trojan-activity;sid:84188930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-api-documentation-2024-3-5-8.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325820/; classtype:trojan-activity;sid:84188920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325821)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-litomedica-favicon-192x192.png.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325821/; classtype:trojan-activity;sid:84188921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325822)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guiacnestudiantes.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325822/; classtype:trojan-activity;sid:84188922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325823)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/triptico.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325823/; classtype:trojan-activity;sid:84188923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325824)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dri-fit-academy-mens-knit-soccer-track-pants-qklvhp.png.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325824/; classtype:trojan-activity;sid:84188924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325810)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-energy-saving-dne670v.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325810/; classtype:trojan-activity;sid:84188910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325811)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/equipos-participantes-feria-provinvial-virtual-choapa-2020.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325811/; classtype:trojan-activity;sid:84188911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325812)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunglasses-case-gigi-studios-granate.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325812/; classtype:trojan-activity;sid:84188912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325813)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cars-coloring-pages-lightning-mcqueen.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325813/; classtype:trojan-activity;sid:84188913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325814)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oh02.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325814/; classtype:trojan-activity;sid:84188914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325815)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190927_130615-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325815/; classtype:trojan-activity;sid:84188915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325816)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_17.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325816/; classtype:trojan-activity;sid:84188916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325817)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/laufen_palomba_-15.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325817/; classtype:trojan-activity;sid:84188917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-de-token25252525252525252525252525c325252525252525252525252525b3mica-tether-2024-1.4.2.pdf.lnk"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325818/; classtype:trojan-activity;sid:84188918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325819)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tether-legal-contract-2024-1-3-8.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325819/; classtype:trojan-activity;sid:84188919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325808)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/menulog-muffin-break-nip_compressed.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325808/; classtype:trojan-activity;sid:84188908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325809)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a4k-side-2-700x700-1-150x150-1.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325809/; classtype:trojan-activity;sid:84188909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325800)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain-roadmap-2024-1-4-0.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325800/; classtype:trojan-activity;sid:84188900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325801)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60130_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325801/; classtype:trojan-activity;sid:84188901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325802)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/elyakim-isi.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325802/; classtype:trojan-activity;sid:84188902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325803)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/484-sf-canyon-monument-oak-min-min-scaled.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325803/; classtype:trojan-activity;sid:84188903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325804)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1817.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325804/; classtype:trojan-activity;sid:84188904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325805)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3870-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325805/; classtype:trojan-activity;sid:84188905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325806)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14658_a7790e261eb4f0c7-pkyaqc.jpeg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325806/; classtype:trojan-activity;sid:84188906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325807)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4dbe2960-2f77-467a-b627-ab3e00a227cf.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325807/; classtype:trojan-activity;sid:84188907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325796)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/produk-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325796/; classtype:trojan-activity;sid:84188896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325797)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-3-scaled.jpeg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325797/; classtype:trojan-activity;sid:84188897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325798)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stt-favicon-2-300x300.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325798/; classtype:trojan-activity;sid:84188898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325799)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9019-vase-et-raisins.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325799/; classtype:trojan-activity;sid:84188899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325795)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chupachupssparklingsourstrawberry.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325795/; classtype:trojan-activity;sid:84188895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325793)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2024-alpine-catalog-1.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325793/; classtype:trojan-activity;sid:84188893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325794)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/codebonneconduite_nidespoir_versionfinale.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325794/; classtype:trojan-activity;sid:84188894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325789)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-34.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325789/; classtype:trojan-activity;sid:84188889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325790)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brown-minimalist-lifestyle-daily-vlog-youtube-thumbnail-2-sbkwem.jpeg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325790/; classtype:trojan-activity;sid:84188890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325791)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-favicon_kambio-32x32.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325791/; classtype:trojan-activity;sid:84188891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0661.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325792/; classtype:trojan-activity;sid:84188892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cecos-autumn-newsletter-1.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325782/; classtype:trojan-activity;sid:84188882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-mining-setup-guide-2024-3.3.5.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325783/; classtype:trojan-activity;sid:84188883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1558-done-for-gb-1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325784/; classtype:trojan-activity;sid:84188884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bobcat-m-series-installation.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325785/; classtype:trojan-activity;sid:84188885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stea-5000rsf-4501birchst.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325786/; classtype:trojan-activity;sid:84188886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_16.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325787/; classtype:trojan-activity;sid:84188887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m500303_0004001_p.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325788/; classtype:trojan-activity;sid:84188888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto8-scaled-e1666448379695.jpeg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325776/; classtype:trojan-activity;sid:84188876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aprueba_bases_xix_concurso_proy_explora.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325777/; classtype:trojan-activity;sid:84188877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solicitud-homologacion-world-archery-20221115.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325778/; classtype:trojan-activity;sid:84188878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8.-protocolo-salidas-pedagogicas-y-giras-de-estudio.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325779/; classtype:trojan-activity;sid:84188879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59021_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325780/; classtype:trojan-activity;sid:84188880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/512345574623.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325781/; classtype:trojan-activity;sid:84188881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325768)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/herramientas_gdm-gubia-curvaizquierda.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325768/; classtype:trojan-activity;sid:84188868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/346462952_1226825787961899_697342018036019326_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325769/; classtype:trojan-activity;sid:84188869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325770/; classtype:trojan-activity;sid:84188870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0426.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325771/; classtype:trojan-activity;sid:84188871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/btn-sat-2-320-rh.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325772/; classtype:trojan-activity;sid:84188872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325773)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jr-309a01.original.jpegquality-30.format-webp.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325773/; classtype:trojan-activity;sid:84188873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20170203-wa0002.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325774/; classtype:trojan-activity;sid:84188874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resoluci2525252525252525252525252525c32525252525252525252525252525b3n-admisibilidad-par-explora-2025-2026-1.pdf.lnk"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325775/; classtype:trojan-activity;sid:84188875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-37-radicado-2846642024-nombre-peticionario-nelson-campo-escobar.pdf.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325764/; classtype:trojan-activity;sid:84188864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/racis-dengan-cetekan_7_11zon.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325765/; classtype:trojan-activity;sid:84188865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kambio-eyewear-sunglasses-gigi-studios-gilda-butterfly-brow-6774-0-front.jpg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325766/; classtype:trojan-activity;sid:84188866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/completo_final.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325767/; classtype:trojan-activity;sid:84188867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gts-pr09-rendicion-de-cuentas-en-el-sg-sst.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325760/; classtype:trojan-activity;sid:84188860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02169-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325761/; classtype:trojan-activity;sid:84188861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/terrain-google-maqp-rainbow-bay-scaled.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325762/; classtype:trojan-activity;sid:84188862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hampitno-sampitno-1-layout.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325763/; classtype:trojan-activity;sid:84188863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-7.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325759/; classtype:trojan-activity;sid:84188859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/best-practices-2019.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325754/; classtype:trojan-activity;sid:84188854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325755)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-ordinaria-asamblea-general-de-compromisarios-2019_10_04.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325755/; classtype:trojan-activity;sid:84188855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-59-radicado-4734122024-nombre-peticionario-edilberto-munoz-rendon-2.pdf.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325757/; classtype:trojan-activity;sid:84188857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide-de-la-mesure-de-la-terre-chauvin-arnoux.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325758/; classtype:trojan-activity;sid:84188858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325750)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-consensus-mechanism-details-2024-5-3-2.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325750/; classtype:trojan-activity;sid:84188850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-32.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325751/; classtype:trojan-activity;sid:84188851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5496.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325752/; classtype:trojan-activity;sid:84188852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171153_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325753/; classtype:trojan-activity;sid:84188853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requ.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:180; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325747/; classtype:trojan-activity;sid:84188847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/catalyst.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325748/; classtype:trojan-activity;sid:84188848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8262-1200x900.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325749/; classtype:trojan-activity;sid:84188849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325741)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lich-doc-kinh-thanh_page_1.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325741/; classtype:trojan-activity;sid:84188841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-analisis-mercado-chainlink-2024-1-2-3.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325742/; classtype:trojan-activity;sid:84188842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/03-4.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325743/; classtype:trojan-activity;sid:84188843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro-resumen-congreso-regional-escolar-araucania-2019.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325744/; classtype:trojan-activity;sid:84188844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tri-p1s-1.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325745/; classtype:trojan-activity;sid:84188845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20171111_100408.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325746/; classtype:trojan-activity;sid:84188846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/713-sf-burnt-flowery-teak-min-min-scaled.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325733/; classtype:trojan-activity;sid:84188833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02551.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325734/; classtype:trojan-activity;sid:84188834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ziola-w-ciazy.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325735/; classtype:trojan-activity;sid:84188835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ikea-armarios.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325736/; classtype:trojan-activity;sid:84188836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170996_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325737/; classtype:trojan-activity;sid:84188837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325738)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-no-83062021.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325738/; classtype:trojan-activity;sid:84188838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325739)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20210105_155733-min-1024x722.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325739/; classtype:trojan-activity;sid:84188839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59375_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325724/; classtype:trojan-activity;sid:84188824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bio03.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325725/; classtype:trojan-activity;sid:84188825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325726)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flujo-de-efectivo-2011.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325726/; classtype:trojan-activity;sid:84188826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brown-minimalist-lifestyle-daily-vlog-youtube-thumbnail-15-ribpgf.jpeg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325727/; classtype:trojan-activity;sid:84188827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/after-ink-50-100-web-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325728/; classtype:trojan-activity;sid:84188828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/it_program_specific_outcome.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325729/; classtype:trojan-activity;sid:84188829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4511-2-scaled.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325730/; classtype:trojan-activity;sid:84188830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325731)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/free-coloring-pages-lightning-mcqueen.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325731/; classtype:trojan-activity;sid:84188831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325732)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/prologis-logo.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325732/; classtype:trojan-activity;sid:84188832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pic-163-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325721/; classtype:trojan-activity;sid:84188821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragambuat-jaket.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325722/; classtype:trojan-activity;sid:84188822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/laufen_palomba_-2.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325718/; classtype:trojan-activity;sid:84188818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imag0030.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325719/; classtype:trojan-activity;sid:84188819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/btn-tbs-600-1.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325720/; classtype:trojan-activity;sid:84188820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/behavior-coaching-for-cooperation-and-collaboration.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325715/; classtype:trojan-activity;sid:84188815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/events-for-rnb-pop-singers-1.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325716/; classtype:trojan-activity;sid:84188816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325717)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02139-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325717/; classtype:trojan-activity;sid:84188817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325711)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/060.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325711/; classtype:trojan-activity;sid:84188811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325712)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-nft-guide-2024-4.2.6.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325712/; classtype:trojan-activity;sid:84188812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325713)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/436826417_342763678803805_2681376286144394706_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325713/; classtype:trojan-activity;sid:84188813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5487.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325714/; classtype:trojan-activity;sid:84188814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325709)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gold-medal.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325709/; classtype:trojan-activity;sid:84188809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325710)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60019_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325710/; classtype:trojan-activity;sid:84188810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325704)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/frame-garotinho-autista-emocionado-ukch9e.jpeg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325704/; classtype:trojan-activity;sid:84188804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325705)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presentacion_xingmedical-2022.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325705/; classtype:trojan-activity;sid:84188805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325706)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sentinel-unmannedtechbrochure.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325706/; classtype:trojan-activity;sid:84188806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capa_1-abxqmk.jpeg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325707/; classtype:trojan-activity;sid:84188807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325708)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hipster-handsome-blonde-man-guy-stylish-summer-clothes-street.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325708/; classtype:trojan-activity;sid:84188808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325695)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5492-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325695/; classtype:trojan-activity;sid:84188795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325696)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/272.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325696/; classtype:trojan-activity;sid:84188796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325697)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a50761.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325697/; classtype:trojan-activity;sid:84188797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325698)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/18d01468-1d60-411a-af81-e00dffc2541f.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325698/; classtype:trojan-activity;sid:84188798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325699)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shaking-water-bath-incubator-bt300.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325699/; classtype:trojan-activity;sid:84188799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325700)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-venti-boost-22.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325700/; classtype:trojan-activity;sid:84188800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325701)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vibration-systems-from-1000-n-to-2700-n2525252525252525252525252525252525252525252525252525252525252525252525252525252525252c-4-kn-to-8-kn-25252525252525252525252525252525252525252525252525252525252525252525252525252525252526-11-kn-to-15-kn.pdf.lnk"; http_uri; depth:259; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325701/; classtype:trojan-activity;sid:84188801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325702)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-presupuestal-a-sep-2023.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325702/; classtype:trojan-activity;sid:84188802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325703)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/184_hermes_constance_24_epsom_black_11__34_d4_0.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325703/; classtype:trojan-activity;sid:84188803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325684)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-526201534-1499281199.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325684/; classtype:trojan-activity;sid:84188784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325685)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-educational-material-20245.6.2.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325685/; classtype:trojan-activity;sid:84188785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325686)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polityka-oraz-procedury-ochrony-dzieci-przed-krzywdzeniem-krajmed-cm.pdf.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325686/; classtype:trojan-activity;sid:84188786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325687)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6701.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325687/; classtype:trojan-activity;sid:84188787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325688)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-08-09-at-16.28.37-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325688/; classtype:trojan-activity;sid:84188788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325689)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/71myfunyt3l._ac_sx425_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325689/; classtype:trojan-activity;sid:84188789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325690)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iprccc-dec-14-pr-2018.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325690/; classtype:trojan-activity;sid:84188790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325691)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/her500908_2_enlarged.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325691/; classtype:trojan-activity;sid:84188791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325692)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aerial-view-of-factory-trucks-parked-near-the-warehouse-at-daytime.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325692/; classtype:trojan-activity;sid:84188792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-whitepaper-20245.8.1.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325693/; classtype:trojan-activity;sid:84188793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325694)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-develop.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325694/; classtype:trojan-activity;sid:84188794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325681)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_11n_var.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325681/; classtype:trojan-activity;sid:84188781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325682)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/83493_0.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325682/; classtype:trojan-activity;sid:84188782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325679)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-51-3739_pdmc_2018.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325679/; classtype:trojan-activity;sid:84188779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325680)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2017-10-09_19-25-43-2.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325680/; classtype:trojan-activity;sid:84188780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3dining.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325675/; classtype:trojan-activity;sid:84188775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325676)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/itapua-01.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325676/; classtype:trojan-activity;sid:84188776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325677)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17289140292914ecbc6c84f4d51b178199e6ee3291.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325677/; classtype:trojan-activity;sid:84188777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325678)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-295-mdc-2021-facultar-al-alcalde-de-realizar-la-reglamentacion-y-normas-complementarias-que-permitan-el-mejor-cumplimiento-de-la-presente-ordenanza.pdf.lnk"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325678/; classtype:trojan-activity;sid:84188778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325670)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/g_g-toner-box.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325670/; classtype:trojan-activity;sid:84188770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325671)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mnf-ni-pawimawh-te-by-tawnluia.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325671/; classtype:trojan-activity;sid:84188771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325672)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vans-skate-old-skool-blackwhite-shoes-for-skateboarding.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325672/; classtype:trojan-activity;sid:84188772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325674)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6_zips-4-port-alarm-unit-merchandising-guide-vietnamese.pdf.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325674/; classtype:trojan-activity;sid:84188774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-administrativas-convocatoria-cas-n001-2024-mdc-2.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325665/; classtype:trojan-activity;sid:84188765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325666)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47b30541-4952-4d1e-8515-ba12460d01f4.40cb669c0bcdbcb5262c31e5f5711f3b.jpg.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325666/; classtype:trojan-activity;sid:84188766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325667)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01808-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325667/; classtype:trojan-activity;sid:84188767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325668)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-13-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325668/; classtype:trojan-activity;sid:84188768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325669)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lilo-and-stitch-characters-coloring-pages.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325669/; classtype:trojan-activity;sid:84188769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hte_media_kit.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325663/; classtype:trojan-activity;sid:84188763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandeep-x-ankita-9-scaled.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325664/; classtype:trojan-activity;sid:84188764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fascicule_energie_2023.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325658/; classtype:trojan-activity;sid:84188758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-ano-2014.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325659/; classtype:trojan-activity;sid:84188759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/directorio-codisec-2024.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325660/; classtype:trojan-activity;sid:84188760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325661)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/legalitas5.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325661/; classtype:trojan-activity;sid:84188761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-require.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:252; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325662/; classtype:trojan-activity;sid:84188762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requir.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:251; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325650/; classtype:trojan-activity;sid:84188750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gp-header07.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325651/; classtype:trojan-activity;sid:84188751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo2.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325652/; classtype:trojan-activity;sid:84188752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kvkk-aydinlatma-metni.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325653/; classtype:trojan-activity;sid:84188753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anujin-youtube-thumbnail-224x126_x1.5.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325654/; classtype:trojan-activity;sid:84188754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-1620x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325655/; classtype:trojan-activity;sid:84188755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-8_2016.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325656/; classtype:trojan-activity;sid:84188756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lusbk1900809_1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325657/; classtype:trojan-activity;sid:84188757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-3.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325644/; classtype:trojan-activity;sid:84188744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/decret-basculement-compteurs-prepayes-cat-administration.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325645/; classtype:trojan-activity;sid:84188745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-atribuire-locuinta-sociala.docx.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325646/; classtype:trojan-activity;sid:84188746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-14-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325647/; classtype:trojan-activity;sid:84188747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2017-09-07_23-23-16.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325648/; classtype:trojan-activity;sid:84188748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-picotin-size-1024x621.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325649/; classtype:trojan-activity;sid:84188749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jht-j275-platinum-charcoal.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325638/; classtype:trojan-activity;sid:84188738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/igk-jet-lag-dry-shampoo-2oz-rig-igk-fjlds02-500x500-1.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325639/; classtype:trojan-activity;sid:84188739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56221_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325640/; classtype:trojan-activity;sid:84188740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdc1f3d0-f831-460d-a76b-b0cb404341c4.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325641/; classtype:trojan-activity;sid:84188741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-security-best-practices-2024-2.0.0.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325642/; classtype:trojan-activity;sid:84188742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-2018_10_19-ordinaria.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325636/; classtype:trojan-activity;sid:84188736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/indoor.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325637/; classtype:trojan-activity;sid:84188737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3e557cc5-17a1-44bd-9f8a-bad0c556fb07.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325632/; classtype:trojan-activity;sid:84188732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_kelly_dog_extreme_1625932895_ae563a69.jpg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325633/; classtype:trojan-activity;sid:84188733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-022.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325634/; classtype:trojan-activity;sid:84188734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200630_160506.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325635/; classtype:trojan-activity;sid:84188735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/addition-roof-aiding-windows-gutters-pavers-garage-door-img4.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325629/; classtype:trojan-activity;sid:84188729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/regulament.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325630/; classtype:trojan-activity;sid:84188730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/340-direccion-de-infraestructura.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325631/; classtype:trojan-activity;sid:84188731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/19-1620x1080.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325626/; classtype:trojan-activity;sid:84188726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2018-10-19-reglamento-del-comite-tecnico-de-jueces-arbitros-firmado.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325627/; classtype:trojan-activity;sid:84188727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rozana-naves-reitora-unb-scaled-ezmjty.jpeg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325628/; classtype:trojan-activity;sid:84188728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap-market-analysis-report-20243.3.1.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325621/; classtype:trojan-activity;sid:84188721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4913981994717.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325622/; classtype:trojan-activity;sid:84188722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-02-02-at-12.35.39-pm-4.jpeg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325623/; classtype:trojan-activity;sid:84188723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m.a-course-structure-w.e.f-2022-23.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325624/; classtype:trojan-activity;sid:84188724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-3-derecho-de-preferencia2017.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325625/; classtype:trojan-activity;sid:84188725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325616)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc00806.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325616/; classtype:trojan-activity;sid:84188716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3023a.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325617/; classtype:trojan-activity;sid:84188717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_scott-puma.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325618/; classtype:trojan-activity;sid:84188718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2d4071f9d7f0f539c0b5993c5d0d4791--boyfriend-jeans-style-your-boyfriend.jpg.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325619/; classtype:trojan-activity;sid:84188719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anunt-anl-solutionarea-contestatiilor-privind-punctajul-obtinut-pentru-stabilirea-accesului-la-locuintele-constituite-din-fondurile-anl.pdf.lnk"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325620/; classtype:trojan-activity;sid:84188720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunglasses-gast-loot-black-pearl-lt04-square-black-violet-by-kambio-eyewear-front.jpg.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325612/; classtype:trojan-activity;sid:84188712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpk-jansen-rossignol-rsgl-tercera-capa-mujer-negro-2.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325613/; classtype:trojan-activity;sid:84188713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mapa_oficial.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325614/; classtype:trojan-activity;sid:84188714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deadpool-9.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325615/; classtype:trojan-activity;sid:84188715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.42.19-1024x1024.jpeg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325602/; classtype:trojan-activity;sid:84188702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informacion-alergenos-manjares_05-1030x728.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325603/; classtype:trojan-activity;sid:84188703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/my-melody-coloring-pages-pdf.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325604/; classtype:trojan-activity;sid:84188704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunline-price-list-for-accessories-2016.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325605/; classtype:trojan-activity;sid:84188705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60174_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325606/; classtype:trojan-activity;sid:84188706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myj2525252525252525252525252525252525252525252525252525252525c4252525252525252525252525252525252525252525252525252525252585ca-majormaker-superior-7012b-1.png.lnk"; http_uri; depth:180; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325608/; classtype:trojan-activity;sid:84188708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-8.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325609/; classtype:trojan-activity;sid:84188709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpc-cooldry-rossignol-rsgl-primera-capa-mujer-4.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325610/; classtype:trojan-activity;sid:84188710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4327-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325611/; classtype:trojan-activity;sid:84188711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/160142_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325597/; classtype:trojan-activity;sid:84188697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-30-4000has-sector-entre-guerrero-y-santa-monica-4000has-11.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325598/; classtype:trojan-activity;sid:84188698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325599/; classtype:trojan-activity;sid:84188699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/doutor-pastagem-09.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325600/; classtype:trojan-activity;sid:84188700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shutterstock_1718471944-750x500.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325601/; classtype:trojan-activity;sid:84188701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-governance-proposal-2024-3-8-8.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325594/; classtype:trojan-activity;sid:84188694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos_ecosystem_report_20245.5.0.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325595/; classtype:trojan-activity;sid:84188695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-often-do-guys-get-boners.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325596/; classtype:trojan-activity;sid:84188696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryanyfile.pngcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325591/; classtype:trojan-activity;sid:84188691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/666_resized_detail_800_0_0_1_1.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325592/; classtype:trojan-activity;sid:84188692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1313981994651.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325593/; classtype:trojan-activity;sid:84188693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/professional-accountnt-on-accounting-and-taxation-10.png.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325588/; classtype:trojan-activity;sid:84188688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gac-rang-mieng-1-1.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325589/; classtype:trojan-activity;sid:84188689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01075.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325590/; classtype:trojan-activity;sid:84188690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sherry-brookes-armada-avenue-1.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325583/; classtype:trojan-activity;sid:84188683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5048-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325584/; classtype:trojan-activity;sid:84188684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21414879_1527668687299422_847697341546606223_o.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325585/; classtype:trojan-activity;sid:84188685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/low-temperature-baths-blg200.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325586/; classtype:trojan-activity;sid:84188686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aphmau-meemeows-coloring-pages.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325587/; classtype:trojan-activity;sid:84188687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guia-consorcios-masterclass.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325578/; classtype:trojan-activity;sid:84188678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2023_-explora_ilustrado-web_mv_compressed.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325579/; classtype:trojan-activity;sid:84188679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3924.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325580/; classtype:trojan-activity;sid:84188680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tcc-carta-compromiso-basica-2018.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325581/; classtype:trojan-activity;sid:84188681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cake-and-pastries-online-shopping-3.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325582/; classtype:trojan-activity;sid:84188682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325576/; classtype:trojan-activity;sid:84188676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-5.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325577/; classtype:trojan-activity;sid:84188677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-require.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325565/; classtype:trojan-activity;sid:84188665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47479_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325566/; classtype:trojan-activity;sid:84188666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-23.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325567/; classtype:trojan-activity;sid:84188667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/live-05-28abril2021-3.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325568/; classtype:trojan-activity;sid:84188668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325569/; classtype:trojan-activity;sid:84188669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-audit-report-2024-2-7-4.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325570/; classtype:trojan-activity;sid:84188670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sissy-that-walk-camiseta-negra-con-glitter-morado-neo25252525252525252525252525252525252525252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252525252525252525252525252525252525252581n-1.jpg.lnk"; http_uri; depth:239; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325571/; classtype:trojan-activity;sid:84188671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kaos-lengan-panjang_2_11zon.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325572/; classtype:trojan-activity;sid:84188672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4329-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325573/; classtype:trojan-activity;sid:84188673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-terminal-de-trasnporte-marzo-2024.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325574/; classtype:trojan-activity;sid:84188674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58928_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325575/; classtype:trojan-activity;sid:84188675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20200213-wa0056-768x1024.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325559/; classtype:trojan-activity;sid:84188659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/48103_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325560/; classtype:trojan-activity;sid:84188660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60019_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325562/; classtype:trojan-activity;sid:84188662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dammusi.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325563/; classtype:trojan-activity;sid:84188663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estadosfinancieros2008.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325564/; classtype:trojan-activity;sid:84188664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diagnostic-lab-case-gallery-6.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325552/; classtype:trojan-activity;sid:84188652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171257c-kim-jones-x-converse-chuck-70-high-black-grailify-1.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325553/; classtype:trojan-activity;sid:84188653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hindi.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325554/; classtype:trojan-activity;sid:84188654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultatscampionatdecatalunyadetirensala-temporada2016-2017.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325555/; classtype:trojan-activity;sid:84188655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capture.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325556/; classtype:trojan-activity;sid:84188656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-4.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325557/; classtype:trojan-activity;sid:84188657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oferta-cumparare-comunicare-acceptare-oferta-persoane-fizice.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325558/; classtype:trojan-activity;sid:84188658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sprawozdanie2007.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325549/; classtype:trojan-activity;sid:84188649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/normas-de-bio252525252525252525252525252525c3252525252525252525252525252525a9tica-iie-2024.pdf.lnk"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325550/; classtype:trojan-activity;sid:84188650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/frame-45-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325551/; classtype:trojan-activity;sid:84188651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-3.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325547/; classtype:trojan-activity;sid:84188647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/njoftim-per-fillimin-e-procedurave-te-konkurrimit-mesues-per-shqiperine-2024.pdf.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325548/; classtype:trojan-activity;sid:84188648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot_ecosystem_report_20241.6.6.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325543/; classtype:trojan-activity;sid:84188643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325545)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-3.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325545/; classtype:trojan-activity;sid:84188645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d25252525252525252525252525c325252525252525252525252525a9tails-du-m25252525252525252525252525c325252525252525252525252525a9canisme-de-consensus-cosmos-20245.3.2.pdf.lnk"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325546/; classtype:trojan-activity;sid:84188646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-herbag-zip-pegasus-pop-rouge-piment-buy-luxury-handbags-online.jpg.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325541/; classtype:trojan-activity;sid:84188641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jessica-gomez-105-edit-1000.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325542/; classtype:trojan-activity;sid:84188642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325537)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/436490075_840484188122554_464033911504704116_n.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325537/; classtype:trojan-activity;sid:84188637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325538)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs2024_trade_briefing_20240709crpd.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325538/; classtype:trojan-activity;sid:84188638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-etriviere-belt-shopping-bag-in-beige-canvas-and-natural-leather.jpg.lnk"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325539/; classtype:trojan-activity;sid:84188639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20210212-informe-gestion-2020.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325540/; classtype:trojan-activity;sid:84188640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325530)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/evaluacion_cs_trabajoescrito.docx.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325530/; classtype:trojan-activity;sid:84188630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dettagli-meccanismo-consenso-xrp-20244.9.9.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325531/; classtype:trojan-activity;sid:84188631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325532)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-presupuestal-a-dic-2023.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325532/; classtype:trojan-activity;sid:84188632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325533)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/91tsaocbqjs._ac_ss450_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325533/; classtype:trojan-activity;sid:84188633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-1024x338.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325534/; classtype:trojan-activity;sid:84188634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barbie-and-the-mermaid-tale-coloring-pages.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325535/; classtype:trojan-activity;sid:84188635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/silvas-37-scaled.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325522/; classtype:trojan-activity;sid:84188622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chicoo.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325523/; classtype:trojan-activity;sid:84188623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/an3.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325524/; classtype:trojan-activity;sid:84188624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325525)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/noopur-x-deep-2-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325525/; classtype:trojan-activity;sid:84188625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lego-duplo-gran-zona-de-juegos-10864-amazon-b075gqbmmv-13927850016849.jpg.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325526/; classtype:trojan-activity;sid:84188626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-taxation-guide-2024253.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325527/; classtype:trojan-activity;sid:84188627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4532_480x480.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325528/; classtype:trojan-activity;sid:84188628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eshan-x-aanchal-2-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325529/; classtype:trojan-activity;sid:84188629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-1440x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325518/; classtype:trojan-activity;sid:84188618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe_de_coyuntura_enero_2018_camacol_tolima.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325519/; classtype:trojan-activity;sid:84188619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/property-4hattom-gallery-img-4-1.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325520/; classtype:trojan-activity;sid:84188620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iqac27thapril.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325521/; classtype:trojan-activity;sid:84188621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.-25.11.2024-per-portalin-24-25.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325513/; classtype:trojan-activity;sid:84188613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325514)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58097_16.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325514/; classtype:trojan-activity;sid:84188614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-12-06-at-12.21.50-pm-1-1.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325515/; classtype:trojan-activity;sid:84188615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7506a1.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325516/; classtype:trojan-activity;sid:84188616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin-bag-prices-265459-1605866814660-square.700x0c.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325517/; classtype:trojan-activity;sid:84188617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325507)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adultos-taller-pl.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325507/; classtype:trojan-activity;sid:84188607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/contratto-di-viaggio.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325508/; classtype:trojan-activity;sid:84188608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55545_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325509/; classtype:trojan-activity;sid:84188609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171255_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325510/; classtype:trojan-activity;sid:84188610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hub-owners-manual-2018.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325511/; classtype:trojan-activity;sid:84188611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9runrun2.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325512/; classtype:trojan-activity;sid:84188612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325502)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_5822d7967207ae54005c459f0eb6c7de.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325502/; classtype:trojan-activity;sid:84188602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325503)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/https25252525252525253a25252525252525252f25252525252525252fhypebeast.com25252525252525252fimage25252525252525252f202125252525252525252f0625252525252525252fnike-first-use-air-force-1-07-sneaker-ft.jpg.lnk"; http_uri; depth:214; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325503/; classtype:trojan-activity;sid:84188603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monero-staking-guide-2024-2-5-3.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325504/; classtype:trojan-activity;sid:84188604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325505)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325505/; classtype:trojan-activity;sid:84188605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02120-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325506/; classtype:trojan-activity;sid:84188606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325500)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-lumina-1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325500/; classtype:trojan-activity;sid:84188600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325501)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-ppto-marzo-2023.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325501/; classtype:trojan-activity;sid:84188601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325495)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/200-tvd_p1_gte-obra.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325495/; classtype:trojan-activity;sid:84188595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325496)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saye-sifir-atik-brosur.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325496/; classtype:trojan-activity;sid:84188596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325497)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-02-19-at-20.21.33.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325497/; classtype:trojan-activity;sid:84188597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325498)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/513341137646.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325498/; classtype:trojan-activity;sid:84188598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325499)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-5.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325499/; classtype:trojan-activity;sid:84188599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325490)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/241279821_2073007299515243_6047488012996509279_n-1.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325490/; classtype:trojan-activity;sid:84188590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325491)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-4.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325491/; classtype:trojan-activity;sid:84188591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325492)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunglasses-gast-astro-as05-matte-gold-rectangular-shape-by-kambio-eyewear-front.png.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325492/; classtype:trojan-activity;sid:84188592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325493)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-14-at-16.22.05-5.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325493/; classtype:trojan-activity;sid:84188593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325494)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monero-market-analysis-report-20243.2.0.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325494/; classtype:trojan-activity;sid:84188594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325487)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-d.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:234; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325487/; classtype:trojan-activity;sid:84188587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325488)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jrnbalogo1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325488/; classtype:trojan-activity;sid:84188588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3091a.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325489/; classtype:trojan-activity;sid:84188589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325480)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-058.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325480/; classtype:trojan-activity;sid:84188580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325481)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/course-structure-english_1.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325481/; classtype:trojan-activity;sid:84188581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325482)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/66.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325482/; classtype:trojan-activity;sid:84188582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325483)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dedeman-olympos-health-resort.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325483/; classtype:trojan-activity;sid:84188583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325484)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-blockchain-architecture-diagram-2024-4-3-6.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325484/; classtype:trojan-activity;sid:84188584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325485)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seleccionados-congreso-regional-explora-2021.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325485/; classtype:trojan-activity;sid:84188585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325486)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-2137_1a_tirada_lliga_catalana_sala-2021-2022-1.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325486/; classtype:trojan-activity;sid:84188586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325476)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/daftar-nominatif-pantarlih-pemilu-tahun-2024-kecamatan-cihara.pdf.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325476/; classtype:trojan-activity;sid:84188576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325477)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2.-sop-rekrutmen-reviewer.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325477/; classtype:trojan-activity;sid:84188577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325478)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anytile.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325478/; classtype:trojan-activity;sid:84188578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325479)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin-bag-prices-265459-1605866814557-main.700x0c.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325479/; classtype:trojan-activity;sid:84188579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325468)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-6.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325468/; classtype:trojan-activity;sid:84188568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325469)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200731_151608.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325469/; classtype:trojan-activity;sid:84188569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325470)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requ.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325470/; classtype:trojan-activity;sid:84188570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325471)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit252525252525252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525252525252525a0-a-12.pdf.lnk"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325471/; classtype:trojan-activity;sid:84188571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325472)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin_community_guidelines_2024_1.7.4.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325472/; classtype:trojan-activity;sid:84188572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325473)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49700_10.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325473/; classtype:trojan-activity;sid:84188573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325474)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1701.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325474/; classtype:trojan-activity;sid:84188574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325475)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.com_.programme.outcome.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325475/; classtype:trojan-activity;sid:84188575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325462)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-del-procesos-de-seleccion-cas-n02-2024-mdc-2.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325462/; classtype:trojan-activity;sid:84188562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325463)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/512560676625.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325463/; classtype:trojan-activity;sid:84188563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325464)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_birkin_25_rose_shocking_matte_alligator_palladium_hardware_2_840x_2_master.jpg.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325464/; classtype:trojan-activity;sid:84188564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325465)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7078498_1729693660381.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325465/; classtype:trojan-activity;sid:84188565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325466)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b1b32c_5c45f62374dd4ede89a379e7f9a1f575.jpg_srz_p_907_680_85_22_0.50_1.20_0.jpg.lnk"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325466/; classtype:trojan-activity;sid:84188566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325467)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain_blockchain_architecture_diagram_2024_5.5.7.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325467/; classtype:trojan-activity;sid:84188567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325458)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sige-pag-web_giratorio-inf.-plus-2-sige.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325458/; classtype:trojan-activity;sid:84188558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325459)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/an1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325459/; classtype:trojan-activity;sid:84188559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325460)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1015__6411.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325460/; classtype:trojan-activity;sid:84188560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325461)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscinas-17-elite.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325461/; classtype:trojan-activity;sid:84188561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325457)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uye-onami.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325457/; classtype:trojan-activity;sid:84188557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325451)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mood-20.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325451/; classtype:trojan-activity;sid:84188551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325452)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-11-21-at-10.48.18-4.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325452/; classtype:trojan-activity;sid:84188552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325453)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-29-radicado-2578712024-nombre-peticionario-maria-angelica-gonzalez.pdf.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325453/; classtype:trojan-activity;sid:84188553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325454)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-02-derecho-de-preferencia2016.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325454/; classtype:trojan-activity;sid:84188554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325455)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1680804303d280ce3a5fce44c70ca395f58873748f.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325455/; classtype:trojan-activity;sid:84188555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325456)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/overmadrass-trekk.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325456/; classtype:trojan-activity;sid:84188556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325445)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60130_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325445/; classtype:trojan-activity;sid:84188545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325446)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-zonacion-intermareal-estudiante.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325446/; classtype:trojan-activity;sid:84188546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325447)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kenra-platinum-whipped-taffy-2oz-rke-kep-lwt02-228x228-1.jpg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325447/; classtype:trojan-activity;sid:84188547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325448)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56235_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325448/; classtype:trojan-activity;sid:84188548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325449)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/buying-birkin-and-kelly-from-the-hermes-store-vs-the-secondary-market-masthead.jpg.lnk"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325449/; classtype:trojan-activity;sid:84188549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325450)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/single.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325450/; classtype:trojan-activity;sid:84188550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325440)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:192; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325440/; classtype:trojan-activity;sid:84188540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6_zips-4-port-alarm-unit-merchandising-guide.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325441/; classtype:trojan-activity;sid:84188541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325442)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_13.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325442/; classtype:trojan-activity;sid:84188542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325443)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/18-046-2-1024x768.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325443/; classtype:trojan-activity;sid:84188543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325444)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gus6951-scaled.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325444/; classtype:trojan-activity;sid:84188544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325435)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58119_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325435/; classtype:trojan-activity;sid:84188535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325436)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-barbie-mermaid.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325436/; classtype:trojan-activity;sid:84188536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325437)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rendzo-network_corporate-profile_5_alt-1.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325437/; classtype:trojan-activity;sid:84188537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325438)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-76.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325438/; classtype:trojan-activity;sid:84188538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325430)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-90.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325430/; classtype:trojan-activity;sid:84188530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325431)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hl.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325431/; classtype:trojan-activity;sid:84188531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325432)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325432/; classtype:trojan-activity;sid:84188532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325433)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/435716158_958194219642692_1216810903444086109_n-min-740x628.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325433/; classtype:trojan-activity;sid:84188533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325434)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/billionaire-dubai-image-01.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325434/; classtype:trojan-activity;sid:84188534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325422)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-images-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325422/; classtype:trojan-activity;sid:84188522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325423)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1505911219.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325423/; classtype:trojan-activity;sid:84188523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325424)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp7145.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325424/; classtype:trojan-activity;sid:84188524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325425)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/my-melody-color-pages.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325425/; classtype:trojan-activity;sid:84188525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325426)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estatuto_amatra.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325426/; classtype:trojan-activity;sid:84188526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325427)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_4549-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325427/; classtype:trojan-activity;sid:84188527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-titulo-7.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325428/; classtype:trojan-activity;sid:84188528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325429)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nike-air-force-1-da8302-100-2.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325429/; classtype:trojan-activity;sid:84188529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325420)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ckkurumsal02b.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325420/; classtype:trojan-activity;sid:84188520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20200306-cond-assic-tripy-360.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325421/; classtype:trojan-activity;sid:84188521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325416)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msc.programme.outcomes_1.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325416/; classtype:trojan-activity;sid:84188516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325417)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-debates-2020.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325417/; classtype:trojan-activity;sid:84188517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325418)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/editalremocaotrt.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325418/; classtype:trojan-activity;sid:84188518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325419)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plu.pdf.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325419/; classtype:trojan-activity;sid:84188519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325415)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/71natyc6sal._ac_sy355_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325415/; classtype:trojan-activity;sid:84188515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325410)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap-trading-strategy-2024-4.5.7.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325410/; classtype:trojan-activity;sid:84188510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325411)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170387993622890e3eb64d36b813de79010c6b057d.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325411/; classtype:trojan-activity;sid:84188511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325412)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-devel.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325412/; classtype:trojan-activity;sid:84188512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325413)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/173153139294b2588a92d7e5c64250efad92c0e91a.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325413/; classtype:trojan-activity;sid:84188513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325414)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/matlab-file-exchange.svg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325414/; classtype:trojan-activity;sid:84188514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325406)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethylene-cracker-feed-saturator-case-study_rev.-0.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325406/; classtype:trojan-activity;sid:84188506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325407)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requi.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:250; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325407/; classtype:trojan-activity;sid:84188507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325408)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vacuum-drying-oven-dp410.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325408/; classtype:trojan-activity;sid:84188508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325409)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8441bb0ef4fe9b40350a2434767321a4.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325409/; classtype:trojan-activity;sid:84188509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325402)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57832_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325402/; classtype:trojan-activity;sid:84188502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325403)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kartka3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325403/; classtype:trojan-activity;sid:84188503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325404)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59165_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325404/; classtype:trojan-activity;sid:84188504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325405)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/middle-sections-much-anticipated-annual-event-noir-et-blanc-5.jpeg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325405/; classtype:trojan-activity;sid:84188505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325396)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/220.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325396/; classtype:trojan-activity;sid:84188496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325397)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gjc-mn02-supervision-e-interventoria.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325397/; classtype:trojan-activity;sid:84188497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325398)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/71x4ykcwbul._sx522_.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325398/; classtype:trojan-activity;sid:84188498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325399)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-wonderspace-2.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325399/; classtype:trojan-activity;sid:84188499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325400)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myjaca-majormaker-luxurious-1013bq-scaled.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325400/; classtype:trojan-activity;sid:84188500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325388)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hybrid-rossignol-rsgl-segunda-capa-mujer-negro-1.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325388/; classtype:trojan-activity;sid:84188488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325389)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6339741cv11d.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325389/; classtype:trojan-activity;sid:84188489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325390)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-roadmap-20245.8.4.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325390/; classtype:trojan-activity;sid:84188490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325391)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/membershio-form.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325391/; classtype:trojan-activity;sid:84188491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325392)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alee-a-youtube-thumbnail-224x126_x1.5.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325392/; classtype:trojan-activity;sid:84188492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325393)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.42.19-3-1024x1024.jpeg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325393/; classtype:trojan-activity;sid:84188493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325394)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lab_shaker-1024x338.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325394/; classtype:trojan-activity;sid:84188494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325395)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estatuto_aprovadoemage.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325395/; classtype:trojan-activity;sid:84188495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325380/; classtype:trojan-activity;sid:84188480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/listado-de-agentes-participantes-para-el-presupuesto-participativo-2023.pdf.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325381/; classtype:trojan-activity;sid:84188481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325382)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-2024-03-22-at-11.11.342525252525252525252525e22525252525252525252525802525252525252525252525afam.png.lnk"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325382/; classtype:trojan-activity;sid:84188482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-87-scaled.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325383/; classtype:trojan-activity;sid:84188483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325384)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ofk-beograd.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325384/; classtype:trojan-activity;sid:84188484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325385)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9781419763199_int15_wide-6c1abc2318a14b63e7da2d261ae8676c3e9703ec-s1400-c100.jpg.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325385/; classtype:trojan-activity;sid:84188485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325387)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-wonderspace-7.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325387/; classtype:trojan-activity;sid:84188487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325376)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vanilla-beans.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325376/; classtype:trojan-activity;sid:84188476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325377)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-concurso-de-dibujo-2022.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325377/; classtype:trojan-activity;sid:84188477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325378)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bof-scaled.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325378/; classtype:trojan-activity;sid:84188478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325379)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/minuta-sedintei-ordinare-din-data-de-21-decembrie-2015.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325379/; classtype:trojan-activity;sid:84188479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325375)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vintage-air-jordan-vii-bordeaux-windbreaker-570x450.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325375/; classtype:trojan-activity;sid:84188475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325370)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-taller-ciencias-sociales-2021.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325370/; classtype:trojan-activity;sid:84188470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325371)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2022-strategia-podatkowavbartex.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325371/; classtype:trojan-activity;sid:84188471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325372)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20230622_153609-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325372/; classtype:trojan-activity;sid:84188472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325373)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2022-11-27-at-2.59.55-pm.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325373/; classtype:trojan-activity;sid:84188473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325374)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agromet.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325374/; classtype:trojan-activity;sid:84188474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325364)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spile-m252525252525c3252525252525b8bler.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325364/; classtype:trojan-activity;sid:84188464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325365)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/19.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325365/; classtype:trojan-activity;sid:84188465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325366)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa-05-pousada-piedade-mata-atlantica-ronco-do-bugio.png.png.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325366/; classtype:trojan-activity;sid:84188466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325367)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-tanpa-judul-15.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325367/; classtype:trojan-activity;sid:84188467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325368)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin25252525252525252520audit25252525252525252520report252525252525252525202024252525252525252525205.1.2.pdf.lnk"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325368/; classtype:trojan-activity;sid:84188468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325369)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cwreport2018-19.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325369/; classtype:trojan-activity;sid:84188469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325363)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requirements-.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:258; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325363/; classtype:trojan-activity;sid:84188463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325361)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apple-park-headquarters-aerial-2018-4.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325361/; classtype:trojan-activity;sid:84188461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325362)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56973_47.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325362/; classtype:trojan-activity;sid:84188462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325356)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-270.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325356/; classtype:trojan-activity;sid:84188456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325357)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_double-knitt.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325357/; classtype:trojan-activity;sid:84188457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325358)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/criminalistica.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325358/; classtype:trojan-activity;sid:84188458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325359)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marketingmango-10.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325359/; classtype:trojan-activity;sid:84188459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325360)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/122860991_1838875536251254_8823272773610730265_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325360/; classtype:trojan-activity;sid:84188460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325346)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/denajee-aloe-protein-shampoo-400-ml-front.png.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325346/; classtype:trojan-activity;sid:84188446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325347)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-87-e1603175775529.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325347/; classtype:trojan-activity;sid:84188447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325348)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0659.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325348/; classtype:trojan-activity;sid:84188448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325349)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cong-trinh-nha-pho-998-duong-3-thang-2-20.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325349/; classtype:trojan-activity;sid:84188449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325350)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57786_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325350/; classtype:trojan-activity;sid:84188450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325351)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ideas-originales-para-personalizar-el-armario-ivar-ae8b74c8f747fdbb4284fff29c60912e.jpg.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325351/; classtype:trojan-activity;sid:84188451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325352)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urban.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325352/; classtype:trojan-activity;sid:84188452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325353)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bando_alguazas.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325353/; classtype:trojan-activity;sid:84188453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325354)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pic-146-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325354/; classtype:trojan-activity;sid:84188454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325355)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sistema-integrado-de-conservacion-de-archivos.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325355/; classtype:trojan-activity;sid:84188455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325337)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1826-done-for-gb.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325337/; classtype:trojan-activity;sid:84188437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325338)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-07-30-11-39-16.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325338/; classtype:trojan-activity;sid:84188438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325339)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/r1s2qkk26ji_e8544d-myznhc.jpeg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325339/; classtype:trojan-activity;sid:84188439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325340)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rbrlllogo111.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325340/; classtype:trojan-activity;sid:84188440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325341)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/grandparents-day.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325341/; classtype:trojan-activity;sid:84188441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325342)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/et4-theme.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325342/; classtype:trojan-activity;sid:84188442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit2525252525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525252525a0-a-9.pdf.lnk"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325343/; classtype:trojan-activity;sid:84188443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325344)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum-trading-strategy-20244.3.0.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325344/; classtype:trojan-activity;sid:84188444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325345)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_6a61c6caddc3fb05befe2bbacfd9faa5.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325345/; classtype:trojan-activity;sid:84188445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325332)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6669.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325332/; classtype:trojan-activity;sid:84188432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325333)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jairo-rocha-aldeia-ext-piscina-r02resultado-me252525252525252525252525252525252525252525252525252525252525252525252525252525252525cc25252525252525252525252525252525252525252525252525252525252525252525252525252525252581dio.jpeg.lnk"; http_uri; depth:241; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325333/; classtype:trojan-activity;sid:84188433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325334)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/02.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325334/; classtype:trojan-activity;sid:84188434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325335)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-20-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325335/; classtype:trojan-activity;sid:84188435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325336)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/podpory.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325336/; classtype:trojan-activity;sid:84188436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325324)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dji_0129-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325324/; classtype:trojan-activity;sid:84188424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325325)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1st-qtr-2020-sslhualngo.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325325/; classtype:trojan-activity;sid:84188425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325326)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pexels-photo-708764.jpeg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325326/; classtype:trojan-activity;sid:84188426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325327)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/713341156456.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325327/; classtype:trojan-activity;sid:84188427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325328)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galang.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325328/; classtype:trojan-activity;sid:84188428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325329)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6000143241.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325329/; classtype:trojan-activity;sid:84188429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325330)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c3e19b1d9535a56055aebfc8d3b4e93c.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325330/; classtype:trojan-activity;sid:84188430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325331)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1450-wr.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325331/; classtype:trojan-activity;sid:84188431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/344703980_794194095782727_8508291941797585231_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325322/; classtype:trojan-activity;sid:84188422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325323)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.42.18-1024x1024.jpeg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325323/; classtype:trojan-activity;sid:84188423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325318)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/res-42-2015-planta-personal-terminal.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325318/; classtype:trojan-activity;sid:84188418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325319)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/captain-cook-fishing22.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325319/; classtype:trojan-activity;sid:84188419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325320)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/balooooo.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325320/; classtype:trojan-activity;sid:84188420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325321)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/academic-calendar-1.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325321/; classtype:trojan-activity;sid:84188421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325312)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/basesanl_2019.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325312/; classtype:trojan-activity;sid:84188412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325313)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/200.-renovacion-licencia-sociedades.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325313/; classtype:trojan-activity;sid:84188413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325314)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bk2.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325314/; classtype:trojan-activity;sid:84188414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325315)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rendicion-de-cuentas_guia-metodologica_encuentro-ferial-3.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325315/; classtype:trojan-activity;sid:84188415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325316)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vinicius-gritzbach-d65qhn.png.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325316/; classtype:trojan-activity;sid:84188416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325307)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20241129_171131.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325307/; classtype:trojan-activity;sid:84188407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325308)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nikhil-x-pakhi-7-scaled.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325308/; classtype:trojan-activity;sid:84188408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325309)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-10.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325309/; classtype:trojan-activity;sid:84188409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325310)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2113-1.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325310/; classtype:trojan-activity;sid:84188410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325311)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/80a29b76-6189-41eb-b465-3db65e97ab67-min-471x628.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325311/; classtype:trojan-activity;sid:84188411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325301)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-23-at-08.56.22-oiktrk.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325301/; classtype:trojan-activity;sid:84188401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/esg-delivery-insights_final-4.11.2022.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325302/; classtype:trojan-activity;sid:84188402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_diadora.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325303/; classtype:trojan-activity;sid:84188403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-titulo-3.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325304/; classtype:trojan-activity;sid:84188404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325305)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-risk-assessment-report-2024-1-6-3.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325305/; classtype:trojan-activity;sid:84188405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325306)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lightning-mcqueen-color-pages.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325306/; classtype:trojan-activity;sid:84188406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325297)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clinical-study-05.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325297/; classtype:trojan-activity;sid:84188397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325298)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gas_foto.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325298/; classtype:trojan-activity;sid:84188398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325299)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primary-section-annual-function.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325299/; classtype:trojan-activity;sid:84188399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325300)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/poi-2024-ra-no.-214-2024.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325300/; classtype:trojan-activity;sid:84188400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325290)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tagreuters.com2024binary_lynxmpek8o0mf-filedimage-gewk52.jpeg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325290/; classtype:trojan-activity;sid:84188390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325291)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/optimized-explicamais-jn.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325291/; classtype:trojan-activity;sid:84188391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325292)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.5.6502.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325292/; classtype:trojan-activity;sid:84188392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325293)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20180831_192814.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325293/; classtype:trojan-activity;sid:84188393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325294)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_11n_bar.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325294/; classtype:trojan-activity;sid:84188394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325295)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/google-a-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325295/; classtype:trojan-activity;sid:84188395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325296)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-2015.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325296/; classtype:trojan-activity;sid:84188396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325285)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/copy_of_mygemma_blog_featured_image-4.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325285/; classtype:trojan-activity;sid:84188385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325286)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/top-20-mfin.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325286/; classtype:trojan-activity;sid:84188386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325287)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryanytile.pngcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325287/; classtype:trojan-activity;sid:84188387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rezultate-interviu-transfer-la-cerere-sef-serviciu-in-cadru-serviciului-politia-locala.pdf.lnk"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325288/; classtype:trojan-activity;sid:84188388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10-museo-de-algas-marinas-estudiante.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325289/; classtype:trojan-activity;sid:84188389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325280)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/yemale.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325280/; classtype:trojan-activity;sid:84188380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/projectshipment-ale2.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325281/; classtype:trojan-activity;sid:84188381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-13.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325282/; classtype:trojan-activity;sid:84188382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rex-87.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325283/; classtype:trojan-activity;sid:84188383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6762.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325284/; classtype:trojan-activity;sid:84188384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325277)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6645.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325277/; classtype:trojan-activity;sid:84188377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325278)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bio01.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325278/; classtype:trojan-activity;sid:84188378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325279)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9630-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325279/; classtype:trojan-activity;sid:84188379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325270)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/starmaxx-225-35-rf19-tl-88y-reinf-ultrasport-st760-2253519-5148.png.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325270/; classtype:trojan-activity;sid:84188370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325271)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fb402dda-ccbf-9d22-5c86-120e3b8fc301.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325271/; classtype:trojan-activity;sid:84188371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325272)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mau-goc-cua-nhom-xingfa-quang-dong.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325272/; classtype:trojan-activity;sid:84188372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325273)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/john-andrews-bulletin-2023-marzo-abril.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325273/; classtype:trojan-activity;sid:84188373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325274)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/typ4-c3.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325274/; classtype:trojan-activity;sid:84188374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lec-3-408x544-2-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325275/; classtype:trojan-activity;sid:84188375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325276)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57658_32.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325276/; classtype:trojan-activity;sid:84188376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325265)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerypl.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325265/; classtype:trojan-activity;sid:84188365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325266)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325266/; classtype:trojan-activity;sid:84188366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325267)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/idp_2022-32_carmel_college_goa..pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325267/; classtype:trojan-activity;sid:84188367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325268)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/helloman.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325268/; classtype:trojan-activity;sid:84188368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325269)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ddr2-ddr3-ram-memory-sodimm.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325269/; classtype:trojan-activity;sid:84188369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325262)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_hac_a_dos_pm_backpack_mens_bag_master.jpg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325262/; classtype:trojan-activity;sid:84188362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325263)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambios-situacion-financiera-2012.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325263/; classtype:trojan-activity;sid:84188363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325254)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-441.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325254/; classtype:trojan-activity;sid:84188354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325255)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lab-socrates.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325255/; classtype:trojan-activity;sid:84188355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325256)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duplex-icarai-3.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325256/; classtype:trojan-activity;sid:84188356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325257)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/planilha-das-vagas-19-11.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325257/; classtype:trojan-activity;sid:84188357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325258)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-remo-bankstel-2-en-2.5-zits-1.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325258/; classtype:trojan-activity;sid:84188358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325259)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-7-2017.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325259/; classtype:trojan-activity;sid:84188359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325260)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-2.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325260/; classtype:trojan-activity;sid:84188360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325261)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/25-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325261/; classtype:trojan-activity;sid:84188361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325250)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325250/; classtype:trojan-activity;sid:84188350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325252)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tomat-konori-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325252/; classtype:trojan-activity;sid:84188352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325253)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscina-7-elite.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325253/; classtype:trojan-activity;sid:84188353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325246)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ourqhrte2im-scaled.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325246/; classtype:trojan-activity;sid:84188346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325247)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6741.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325247/; classtype:trojan-activity;sid:84188347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325248)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/29.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325248/; classtype:trojan-activity;sid:84188348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325249)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-58-13.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325249/; classtype:trojan-activity;sid:84188349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325240)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3a54205b81df2d1e6e4add8a360f0b73.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325240/; classtype:trojan-activity;sid:84188340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325241)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/legalitas12.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325241/; classtype:trojan-activity;sid:84188341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325242)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pengumuman-pendaftaran-pps.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325242/; classtype:trojan-activity;sid:84188342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325243)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54456_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325243/; classtype:trojan-activity;sid:84188343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325244)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mars-fire-experience.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325244/; classtype:trojan-activity;sid:84188344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325245)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sne-tache-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325245/; classtype:trojan-activity;sid:84188345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325235)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/karta-katalogowa-bcs-dvr0401-0801-1601qea-ii1.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325235/; classtype:trojan-activity;sid:84188335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325236)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anunt-selectie-transfer.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325236/; classtype:trojan-activity;sid:84188336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325237)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coffe_mug.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325237/; classtype:trojan-activity;sid:84188337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325238)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/algorand-blockchain-architecture-diagram-20243.8.9.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325238/; classtype:trojan-activity;sid:84188338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325239)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/inserir-um-titulo-17-zk2pgx.jpeg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325239/; classtype:trojan-activity;sid:84188339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325229)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-trading-strategy-2024-2.3.7.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325229/; classtype:trojan-activity;sid:84188329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325230)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/statut-partageons-jardins.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325230/; classtype:trojan-activity;sid:84188330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325231)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-1.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325231/; classtype:trojan-activity;sid:84188331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325232)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srbija1.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325232/; classtype:trojan-activity;sid:84188332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325233)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-hard-does-viagra-make-you.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325233/; classtype:trojan-activity;sid:84188333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325234)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325234/; classtype:trojan-activity;sid:84188334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325226)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325226/; classtype:trojan-activity;sid:84188326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325227)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/metiod-2-e1732622715702.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325227/; classtype:trojan-activity;sid:84188327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325228)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2022_05_solicitudes_campeonatos.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325228/; classtype:trojan-activity;sid:84188328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325219)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1450257883_hgi_ankara.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325219/; classtype:trojan-activity;sid:84188319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325220)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f971654e455de8fe80c200b0cb0436bc.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325220/; classtype:trojan-activity;sid:84188320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325221)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capa_1-1-am8tod.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325221/; classtype:trojan-activity;sid:84188321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325222)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58295_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325222/; classtype:trojan-activity;sid:84188322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325223)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-bks-noer-ali-3.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325223/; classtype:trojan-activity;sid:84188323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325224)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-35.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325224/; classtype:trojan-activity;sid:84188324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325225)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23-edit-scaled.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325225/; classtype:trojan-activity;sid:84188325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325212)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deska-sedesowa-z-funkcja-bidetu-majormaker-rubine-270b-1.jpg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325212/; classtype:trojan-activity;sid:84188312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325213)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/queen-mary-university-trip-img-14-725x544-1.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325213/; classtype:trojan-activity;sid:84188313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325214)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8998_resize-683x1024.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325214/; classtype:trojan-activity;sid:84188314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325215)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/download_1689514444775_1689514450307.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325215/; classtype:trojan-activity;sid:84188315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325216)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-victoria-handbag-in-grey-togo-leather.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325216/; classtype:trojan-activity;sid:84188316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325217)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20200213-wa0058-768x1024.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325217/; classtype:trojan-activity;sid:84188317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325218)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731445510d77da8d319f0f8f48209a2bbba623879.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325218/; classtype:trojan-activity;sid:84188318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325208)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-dining-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325208/; classtype:trojan-activity;sid:84188308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325209)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/silk-in-compact-wallet--084537ckaa-above-wm-4-0-0-320-320_g.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325209/; classtype:trojan-activity;sid:84188309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325210)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lego_el_senor_de_los_anillos-2082689.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325210/; classtype:trojan-activity;sid:84188310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325211)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9.-protocolo-situaciones-relacionadas-a-drogas-y-alcohol-en-el-establecimiento.pdf.lnk"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325211/; classtype:trojan-activity;sid:84188311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325202)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fb_img_1610216394061.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325202/; classtype:trojan-activity;sid:84188302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325203)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/08_june_prospectus_2024_25-ba.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325203/; classtype:trojan-activity;sid:84188303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325204)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6656.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325204/; classtype:trojan-activity;sid:84188304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325205)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m500303_0004069_p.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325205/; classtype:trojan-activity;sid:84188305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325206)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mansardarea-ilegala.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325206/; classtype:trojan-activity;sid:84188306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325207)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7d-hard-to-reach-areas.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325207/; classtype:trojan-activity;sid:84188307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325199)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cat2525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525a1logo-experiencias.pdf.lnk"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325199/; classtype:trojan-activity;sid:84188299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325200)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro-resumen-clubes-cientificos-2023.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325200/; classtype:trojan-activity;sid:84188300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325201)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/icons8-whatsapp-48.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325201/; classtype:trojan-activity;sid:84188301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325195)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0003.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325195/; classtype:trojan-activity;sid:84188295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325196)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foreign-buyers-guide_book_v-chinese.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325196/; classtype:trojan-activity;sid:84188296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325197)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-ejecutado-2014-en-formato-pdf.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325197/; classtype:trojan-activity;sid:84188297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zestawienie-nr-02.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325198/; classtype:trojan-activity;sid:84188298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325188)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a01_771-142-hdr.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325188/; classtype:trojan-activity;sid:84188288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325189)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1714485421a3ac0ab1a0168c5658e0f7b73e446525.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325189/; classtype:trojan-activity;sid:84188289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325190)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-2024-03-22-at-11.11.3425252525252525e2252525252525258025252525252525afam.png.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325190/; classtype:trojan-activity;sid:84188290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325191)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8071.jpeg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325191/; classtype:trojan-activity;sid:84188291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325192)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7765-4500-x-3000-2250-x-1500.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325192/; classtype:trojan-activity;sid:84188292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325193)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain-steuerberatungshandbuch-2024-4-6-5.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325193/; classtype:trojan-activity;sid:84188293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325194)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-get-the-most-out-of-cialis.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325194/; classtype:trojan-activity;sid:84188294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325186)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/perfiles-cargo-2019.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325186/; classtype:trojan-activity;sid:84188286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325187)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-747.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325187/; classtype:trojan-activity;sid:84188287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325182)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-20-at-09.13.56-4.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325182/; classtype:trojan-activity;sid:84188282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325183)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a7c57fbe-7451-47d5-9a8d-3617ab47fab3.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325183/; classtype:trojan-activity;sid:84188283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325184)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the-super-feeler-explained.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325184/; classtype:trojan-activity;sid:84188284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325185)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin25252520audit25252520report252525202024252525205.1.2.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325185/; classtype:trojan-activity;sid:84188285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325173)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo-13.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325173/; classtype:trojan-activity;sid:84188273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325174)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/himanshu-x-yogita-1-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325174/; classtype:trojan-activity;sid:84188274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325175)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-governance-vorschlag-2024-4-0-3.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325175/; classtype:trojan-activity;sid:84188275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325176)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9344b772-99fc-8dd3-882c-415d4bd844b1.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325176/; classtype:trojan-activity;sid:84188276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325177)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ef-0020-scaled.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325177/; classtype:trojan-activity;sid:84188277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325178)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-054.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325178/; classtype:trojan-activity;sid:84188278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325180)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2024-08-01_10-48-09-1030x773.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325180/; classtype:trojan-activity;sid:84188280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325181)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/consejos-articulo.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325181/; classtype:trojan-activity;sid:84188281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325168)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2021-0512-tom-clemons-added-to-advisory-board.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325168/; classtype:trojan-activity;sid:84188268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325169)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cableiq-report_page_1-781x1024.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325169/; classtype:trojan-activity;sid:84188269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325170)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/busunge-armario-rosa-claro__0878712_pe613710_s5.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325170/; classtype:trojan-activity;sid:84188270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325171)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/charlas-disponibles-septiembre.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325171/; classtype:trojan-activity;sid:84188271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325172)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-paulo-h-carvalho-xgmcj7.jpeg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325172/; classtype:trojan-activity;sid:84188272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325163)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/glock-19-5.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325163/; classtype:trojan-activity;sid:84188263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325164)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8_w2000-merchandising-guide-thai-translation.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325164/; classtype:trojan-activity;sid:84188264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325165)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-security-best-practices-2024523.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325165/; classtype:trojan-activity;sid:84188265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325166)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a17i5175.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325166/; classtype:trojan-activity;sid:84188266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325167)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_kelly_clochette_bracele_1617532814_a578c043_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325167/; classtype:trojan-activity;sid:84188267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325158)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plant-species-at-wadi-al-kuf-2014.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325158/; classtype:trojan-activity;sid:84188258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325159)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1670384809984-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325159/; classtype:trojan-activity;sid:84188259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325160)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0008.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325160/; classtype:trojan-activity;sid:84188260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325161)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-sat-b200-1.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325161/; classtype:trojan-activity;sid:84188261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325162)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-captura-de-pantalla-2024-10-02-a-las-12.17.20252525252525252525252525252525252525e225252525252525252525252525252525252580252525252525252525252525252525252525afp.-m.-1-192x192.png.lnk"; http_uri; depth:201; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325162/; classtype:trojan-activity;sid:84188262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325155)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saku-resleting_1_11zon.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325155/; classtype:trojan-activity;sid:84188255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325156)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img20240716172401310-e1721165286535-g6fzkq.jpeg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325156/; classtype:trojan-activity;sid:84188256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325157)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17303116224f1697617d1d2bd40d53ccb7d83dfce7.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325157/; classtype:trojan-activity;sid:84188257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325148)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ir-oven-far-infrared-heating-dir631.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325148/; classtype:trojan-activity;sid:84188248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325149)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/davebrubeck_jazzistanbul.png.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325149/; classtype:trojan-activity;sid:84188249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325150)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bk3.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325150/; classtype:trojan-activity;sid:84188250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325151)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-1448-ajuts-campionat-espanya-absolut-aire-lliure.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325151/; classtype:trojan-activity;sid:84188251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325152)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landscapes-9.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325152/; classtype:trojan-activity;sid:84188252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325153)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plan-de-accion-2022-v1.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325153/; classtype:trojan-activity;sid:84188253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325154)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-hali.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325154/; classtype:trojan-activity;sid:84188254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325146)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-048.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325146/; classtype:trojan-activity;sid:84188246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325147)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325147/; classtype:trojan-activity;sid:84188247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325143)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum-security-best-practices-2024-1-3-2.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325143/; classtype:trojan-activity;sid:84188243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325144)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/inserir-um-titulo-14-9afnpi.jpeg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325144/; classtype:trojan-activity;sid:84188244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325145)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0853-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325145/; classtype:trojan-activity;sid:84188245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325134)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunglasses-etnia-barcelona-kea-bkgy-black-by-kambio-eyewear-front.jpg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325134/; classtype:trojan-activity;sid:84188234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325135)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-hole-e.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325135/; classtype:trojan-activity;sid:84188235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325136)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fl-ba01at-u-ww-1080x1920-001-450x800.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325136/; classtype:trojan-activity;sid:84188236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325137)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/251954-461x1024.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325137/; classtype:trojan-activity;sid:84188237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325138)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kim-youtube-thumbnail-224x126_x1.5.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325138/; classtype:trojan-activity;sid:84188238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325139)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2024-curriculum-vaccaro-eng-one-page.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325139/; classtype:trojan-activity;sid:84188239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325140)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-crecyt-2018.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325140/; classtype:trojan-activity;sid:84188240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325141)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60078_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325141/; classtype:trojan-activity;sid:84188241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325127)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/grandparents-day-1.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325127/; classtype:trojan-activity;sid:84188227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325128)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/up-20.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325128/; classtype:trojan-activity;sid:84188228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325129)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/electricite-1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325129/; classtype:trojan-activity;sid:84188229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325130)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58928_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325130/; classtype:trojan-activity;sid:84188230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325131)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phili-cebu-dried-mango-200g.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325131/; classtype:trojan-activity;sid:84188231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325132)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6171.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325132/; classtype:trojan-activity;sid:84188232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325133)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f0d1c7f8-84d9-d8e5-4783-1713652a6aed.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325133/; classtype:trojan-activity;sid:84188233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325123)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standee-hoi-cho-4.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325123/; classtype:trojan-activity;sid:84188223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325124)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2016-informe-de-gestion_0.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325124/; classtype:trojan-activity;sid:84188224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325125)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cua-nhom-thuy-luc-1-2.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325125/; classtype:trojan-activity;sid:84188225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325126)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phenolic-312.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325126/; classtype:trojan-activity;sid:84188226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325118)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/criterios-clasif.-cto.-europa-jun-y-cad-2016-v.5.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325118/; classtype:trojan-activity;sid:84188218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325119)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mathe.program.specific.outcomes.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325119/; classtype:trojan-activity;sid:84188219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325120)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59814_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325120/; classtype:trojan-activity;sid:84188220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325121)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-risk-assessment-report-20245.1.6.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325121/; classtype:trojan-activity;sid:84188221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325122)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190615_093103.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325122/; classtype:trojan-activity;sid:84188222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325112)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comingtotown.else.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325112/; classtype:trojan-activity;sid:84188212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325113)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmdf-aguas-claras-ftrrfw.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325113/; classtype:trojan-activity;sid:84188213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325114)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_ado_backpack_brown_00003_800x.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325114/; classtype:trojan-activity;sid:84188214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325115)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tennis-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325115/; classtype:trojan-activity;sid:84188215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325117)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-6.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325117/; classtype:trojan-activity;sid:84188217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325110)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kimberly-after.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325110/; classtype:trojan-activity;sid:84188210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325111)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a01_0671.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325111/; classtype:trojan-activity;sid:84188211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325104)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image00005-1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325104/; classtype:trojan-activity;sid:84188204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325105)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resumen-bases-congreso-regional_docentes.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325105/; classtype:trojan-activity;sid:84188205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325106)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fide-rated-bihar-state-amateur-chess-championship-1.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325106/; classtype:trojan-activity;sid:84188206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325107)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-1-1-1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325107/; classtype:trojan-activity;sid:84188207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325108)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dve-tantsovshchitsy.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325108/; classtype:trojan-activity;sid:84188208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325109)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-bld-101-1.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325109/; classtype:trojan-activity;sid:84188209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325102)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchquerywww.google.comcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:236; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325102/; classtype:trojan-activity;sid:84188202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325103)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msev3328411_1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325103/; classtype:trojan-activity;sid:84188203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325094)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5292-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325094/; classtype:trojan-activity;sid:84188194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325095)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.37.24-892x1024.jpeg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325095/; classtype:trojan-activity;sid:84188195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325096)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/84.pdf.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325096/; classtype:trojan-activity;sid:84188196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325097)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto5.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325097/; classtype:trojan-activity;sid:84188197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325098)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp1171.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325098/; classtype:trojan-activity;sid:84188198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325099)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-2.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325099/; classtype:trojan-activity;sid:84188199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325100)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-o0427353l318a-product-image-scaled.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325100/; classtype:trojan-activity;sid:84188200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325101)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325101/; classtype:trojan-activity;sid:84188201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325089)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/side-view-sad-boy-school-copy.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325089/; classtype:trojan-activity;sid:84188189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325090)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/www.ardayazilim.com.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325090/; classtype:trojan-activity;sid:84188190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325091)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/transformers-optimus-prime-coloring-pages.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325091/; classtype:trojan-activity;sid:84188191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325092)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-ico-ido-ieo-guide-2024-4-8-1.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325092/; classtype:trojan-activity;sid:84188192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325093)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/puma-ultra-sl-rimac-lightest-boot-ever-750x563.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325093/; classtype:trojan-activity;sid:84188193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325084)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ranking-nacional-aire-libre-rfeta-2020-2021.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325084/; classtype:trojan-activity;sid:84188184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325085)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diseno-sin-titulo-4.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325085/; classtype:trojan-activity;sid:84188185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325086)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sanitary-convenience-certificate-dt.31-12-2023.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325086/; classtype:trojan-activity;sid:84188186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325087)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dmz-systems-de-mexico-garantia-limitada-de-producto.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325087/; classtype:trojan-activity;sid:84188187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325088)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20191016-wa0015.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325088/; classtype:trojan-activity;sid:84188188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325081)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos2525252520staking2525252520guide252525252020241.8.8.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325081/; classtype:trojan-activity;sid:84188181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325082)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nursery.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325082/; classtype:trojan-activity;sid:84188182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325083)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3263.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325083/; classtype:trojan-activity;sid:84188183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325075)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/funci25252525252525252525252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525252525252525252525b3nfiscal-2.png.lnk"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325075/; classtype:trojan-activity;sid:84188175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325076)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/241191654_2925821337542175_7336206196264119625_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325076/; classtype:trojan-activity;sid:84188176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325077)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-dev.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325077/; classtype:trojan-activity;sid:84188177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325078)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-20-533x800.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325078/; classtype:trojan-activity;sid:84188178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325080)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clinical-study-07.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325080/; classtype:trojan-activity;sid:84188180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325072)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-6.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325072/; classtype:trojan-activity;sid:84188172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325073)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barrera-antiparking-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325073/; classtype:trojan-activity;sid:84188173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325074)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/76616209-b0f1-4168-0046-6db32efcf0e7.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325074/; classtype:trojan-activity;sid:84188174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325069)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-09-16-at-23.03.09.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325069/; classtype:trojan-activity;sid:84188169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325070)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_7n_bar.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325070/; classtype:trojan-activity;sid:84188170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325071)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/epoxi.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325071/; classtype:trojan-activity;sid:84188171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325066)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-2127-campionatcatalunyaairelliure2021.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325066/; classtype:trojan-activity;sid:84188166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325067)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01-memoria-deportiva-2019.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325067/; classtype:trojan-activity;sid:84188167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325068)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/angled-window-template-instructions-watermark_small.mp4.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325068/; classtype:trojan-activity;sid:84188168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325062)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-3.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325062/; classtype:trojan-activity;sid:84188162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325063)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/armario-para-la-ropa-de-munecas.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325063/; classtype:trojan-activity;sid:84188163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325064)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rubrica-estudiante-tecnologia_fpecyt_2019.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325064/; classtype:trojan-activity;sid:84188164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325065)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imag0033.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325065/; classtype:trojan-activity;sid:84188165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325058)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politicas-de-calidad.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325058/; classtype:trojan-activity;sid:84188158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325059)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscinas-18-elite.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325059/; classtype:trojan-activity;sid:84188159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325060)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d.el_.edsalaryacquitancenov.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325060/; classtype:trojan-activity;sid:84188160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325061)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lista-de-asesores-as-seleccionado-iie-2021-par-explora-rmso.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325061/; classtype:trojan-activity;sid:84188161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325050)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requirements-submiss.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:265; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325050/; classtype:trojan-activity;sid:84188150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325051)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-audit-report-20241.3.1.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325051/; classtype:trojan-activity;sid:84188151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325052)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/food-booth-sidewall-royal-blue.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325052/; classtype:trojan-activity;sid:84188152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325053)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arma-21-hhuxry.jpeg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325053/; classtype:trojan-activity;sid:84188153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325054)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7078500_1729693671837.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325054/; classtype:trojan-activity;sid:84188154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58049_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325055/; classtype:trojan-activity;sid:84188155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325056)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56295_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325056/; classtype:trojan-activity;sid:84188156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325057)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/course-structure-konkani.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325057/; classtype:trojan-activity;sid:84188157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325045)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16-1082.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325045/; classtype:trojan-activity;sid:84188145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325046)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/my-melody-coloring-pages.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325046/; classtype:trojan-activity;sid:84188146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325047)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standard-electric-furnace-fo410.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325047/; classtype:trojan-activity;sid:84188147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325048)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-1-derecho-preferencia.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325048/; classtype:trojan-activity;sid:84188148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325049)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primer-in-pails.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325049/; classtype:trojan-activity;sid:84188149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325038)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c189f168-c62a-778a-094e-2fbd64822c47.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325038/; classtype:trojan-activity;sid:84188138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325039)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2017-09-07_20-36-21.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325039/; classtype:trojan-activity;sid:84188139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325040)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-ejecutado-a-diciembre-de-2016-en-formato-pdf.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325040/; classtype:trojan-activity;sid:84188140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325041)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunline-spec-sheet-for-stencils.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325041/; classtype:trojan-activity;sid:84188141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325042)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afiche_debate.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325042/; classtype:trojan-activity;sid:84188142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325043)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/05-presupuesto-ingresos-gastos-2023.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325043/; classtype:trojan-activity;sid:84188143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325044)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-sept-2022.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325044/; classtype:trojan-activity;sid:84188144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325033)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/05-cuentas-anuales-2018-2019-para-junta.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325033/; classtype:trojan-activity;sid:84188133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325035)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gu252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525ada-metodol252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525b3gica-de-apoyo-a-los-estudios-en-la-enfmp-2022_compressed.pdf.lnk"; http_uri; depth:262; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325035/; classtype:trojan-activity;sid:84188135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325036)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deporte3.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325036/; classtype:trojan-activity;sid:84188136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325037)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-2_2018.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325037/; classtype:trojan-activity;sid:84188137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325029)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-107-2022-felicitar-a-la-eco-maria-viviana-castro-caceres.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325029/; classtype:trojan-activity;sid:84188129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325030)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_postulacion_tcc_regioin_de_aysein_2014.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325030/; classtype:trojan-activity;sid:84188130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325031)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/product-10-1-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325031/; classtype:trojan-activity;sid:84188131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325032)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bilancompta2019.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325032/; classtype:trojan-activity;sid:84188132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325028)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_fpecyt_limari_2018_dp.docx.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325028/; classtype:trojan-activity;sid:84188128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325026)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5503.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325026/; classtype:trojan-activity;sid:84188126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325027)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0986_1100x.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325027/; classtype:trojan-activity;sid:84188127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325021)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01535-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325021/; classtype:trojan-activity;sid:84188121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325022)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6966-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325022/; classtype:trojan-activity;sid:84188122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325023)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3603a2t.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325023/; classtype:trojan-activity;sid:84188123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325024)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cocina2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325024/; classtype:trojan-activity;sid:84188124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325025)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55769_18.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325025/; classtype:trojan-activity;sid:84188125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325018)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aerea-01-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325018/; classtype:trojan-activity;sid:84188118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325019)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-02-19-at-20.21.34-2.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325019/; classtype:trojan-activity;sid:84188119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325020)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp6644.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325020/; classtype:trojan-activity;sid:84188120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325016)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preguntas-frecuentes-cupo-explora-unesco-admisio2525252525252525252525252525252525cc252525252525252525252525252525252581n-2025.pdf.lnk"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325016/; classtype:trojan-activity;sid:84188116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325017)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-governance-proposal-2024-4-8-9.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325017/; classtype:trojan-activity;sid:84188117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325011)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-sheer-2.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325011/; classtype:trojan-activity;sid:84188111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325012)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/181a882c-9e37-1acb-02bf-4743b3d9301a.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325012/; classtype:trojan-activity;sid:84188112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325013)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01414-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325013/; classtype:trojan-activity;sid:84188113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325014)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/239417170_106374101759083_4282850658864211993_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325014/; classtype:trojan-activity;sid:84188114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325015)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/melly-grey2-1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325015/; classtype:trojan-activity;sid:84188115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325001)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-kemeja-konveksi-pdh1.jpg.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325001/; classtype:trojan-activity;sid:84188101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325002)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/513981994638.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325002/; classtype:trojan-activity;sid:84188102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325003)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-dkn912.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325003/; classtype:trojan-activity;sid:84188103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325004)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-08-2024.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325004/; classtype:trojan-activity;sid:84188104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325005)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jamaica-blue-cold-beverage-nips.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325005/; classtype:trojan-activity;sid:84188105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325006)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325006/; classtype:trojan-activity;sid:84188106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325007)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pagina_nota5_20_11_24_oald.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325007/; classtype:trojan-activity;sid:84188107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325008)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/parijs-bank-met-ottomane-3.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325008/; classtype:trojan-activity;sid:84188108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325009)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-presupuestal-corte-a-marzo-2022-ttb-en-formato-pdf.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325009/; classtype:trojan-activity;sid:84188109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325010)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kafcz3pxuze_b7a7c7-2lcdsn.jpeg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325010/; classtype:trojan-activity;sid:84188110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324994)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/noopur-x-deep-5-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324994/; classtype:trojan-activity;sid:84188094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324995)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-favicon-192x192.png.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324995/; classtype:trojan-activity;sid:84188095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324997)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1st-position-pshish-quiz.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324997/; classtype:trojan-activity;sid:84188097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324998)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/algorand-tokenomics-report-2024-3-1-6.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324998/; classtype:trojan-activity;sid:84188098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324999)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6.-manual-de-medidas-para-garantizar-higiene-y-resguardar-la-salud-ed.-parvulario.pdf.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324999/; classtype:trojan-activity;sid:84188099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3325000)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-07-06-at-13.21.40-1-1.jpeg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3325000/; classtype:trojan-activity;sid:84188100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324992)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20240131_plan-anticorrupcion-y-de-atencion-al-ciudadano-paac-2024.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324992/; classtype:trojan-activity;sid:84188092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324989)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/retro-3e2b-diaporama.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324989/; classtype:trojan-activity;sid:84188089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324990)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-ecosystem-report-20245.5.3.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324990/; classtype:trojan-activity;sid:84188090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324991)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/keen-1020484-womens-kaci-ii-leather-slup-on-shoe-black__90597.1600274929.jpg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324991/; classtype:trojan-activity;sid:84188091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324986)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/86234-cup-holder-grey-copy-1.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324986/; classtype:trojan-activity;sid:84188086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324987)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_4571-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324987/; classtype:trojan-activity;sid:84188087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324983)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3326a1.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324983/; classtype:trojan-activity;sid:84188083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324984)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/certificacion-requisitos-representante-legal-copia.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324984/; classtype:trojan-activity;sid:84188084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324985)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/non-teaching-staff.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324985/; classtype:trojan-activity;sid:84188085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324978)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/received_1832340750322455.jpeg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324978/; classtype:trojan-activity;sid:84188078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324979)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3rd-qtr-zomi-sabbath-lesson.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324979/; classtype:trojan-activity;sid:84188079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324980)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/home-page-banner-1024x367.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324980/; classtype:trojan-activity;sid:84188080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324981)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saules-01.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324981/; classtype:trojan-activity;sid:84188081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324982)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/powder-pink-charm-designer-pret-dress.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324982/; classtype:trojan-activity;sid:84188082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324975)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/64758713_10156772230953743_7645453901876953088_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324975/; classtype:trojan-activity;sid:84188075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324976)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-educational-material-20243.6.9.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324976/; classtype:trojan-activity;sid:84188076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324977)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/crownblades-catalogue.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324977/; classtype:trojan-activity;sid:84188077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324971)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324971/; classtype:trojan-activity;sid:84188071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324972)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6749.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324972/; classtype:trojan-activity;sid:84188072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324973)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gts-po02-politica-de-prevencion-de-consumo-de-alcohol-v1.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324973/; classtype:trojan-activity;sid:84188073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324974)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reaching-the-unreached.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324974/; classtype:trojan-activity;sid:84188074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324963)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rof-arbitrii-ju-jitsu-2.6.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324963/; classtype:trojan-activity;sid:84188063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324964)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/interior1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324964/; classtype:trojan-activity;sid:84188064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324965)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lakecity-hospital-brochure-9_11zon_page-0001-1.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324965/; classtype:trojan-activity;sid:84188065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324966)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ficha-tecnica-clamps-1.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324966/; classtype:trojan-activity;sid:84188066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324967)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/invitatie-intocmire-dali-anvelopare-termica-corp-b-liceul-teoretic-ion-neculce-targu-frumos.pdf.lnk"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324967/; classtype:trojan-activity;sid:84188067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324968)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/air-force-1-07-se-womens-shoes-58vkqv.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324968/; classtype:trojan-activity;sid:84188068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324969)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-ewl-241.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324969/; classtype:trojan-activity;sid:84188069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie24.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324970/; classtype:trojan-activity;sid:84188070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324958)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20180613_103832.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324958/; classtype:trojan-activity;sid:84188058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324959)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mailto2525252525252525252525252525253acv25252525252525252525252525252540aliphdeen.com.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324959/; classtype:trojan-activity;sid:84188059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324960)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20211007212742_248a4459-scaled.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324960/; classtype:trojan-activity;sid:84188060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324961)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/295867340_761872871627484_3347791581458817645_n-e1662818445832.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324961/; classtype:trojan-activity;sid:84188061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324962)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-1206082964.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324962/; classtype:trojan-activity;sid:84188062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324955)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-304-2022-aprobar-la-ordenanza-municipal-que-amplia-el-plazo-de-beneficios-de-regularizacion-de-procedimientos-de-licencia-de-habitaciones-urbanas-2022.pdf.lnk"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324955/; classtype:trojan-activity;sid:84188055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324956)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mask-group-4.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324956/; classtype:trojan-activity;sid:84188056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324957)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jumpsuit-negro-con-botas-altas.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324957/; classtype:trojan-activity;sid:84188057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324951)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-consensus-mechanism-details-2024-1-1-8.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324951/; classtype:trojan-activity;sid:84188051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324952)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/516_archivo-ppto-aprobado-2021-web-ttsa-1.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324952/; classtype:trojan-activity;sid:84188052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324953)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20211007200002_248a4400-scaled.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324953/; classtype:trojan-activity;sid:84188053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324954)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tether-defi-protocol-documentation-2024-3-5-4.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324954/; classtype:trojan-activity;sid:84188054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324948)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7502248751070_3.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324948/; classtype:trojan-activity;sid:84188048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324949)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/200-tvd_p2_subgerencia-admon.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324949/; classtype:trojan-activity;sid:84188049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324950)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acuerdo-verde.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324950/; classtype:trojan-activity;sid:84188050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324943)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6es72411ch301xb0_datasheet_en.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324943/; classtype:trojan-activity;sid:84188043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324944)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rose_apartman-2.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324944/; classtype:trojan-activity;sid:84188044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-52.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324945/; classtype:trojan-activity;sid:84188045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324946)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit2525252525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525252525a0-a-1.pdf.lnk"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324946/; classtype:trojan-activity;sid:84188046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324947)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-t2525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525adtulo-1-8.jpg.lnk"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324947/; classtype:trojan-activity;sid:84188047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324941)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-355-gallery-2.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324941/; classtype:trojan-activity;sid:84188041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324942)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-12.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324942/; classtype:trojan-activity;sid:84188042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324935)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-12.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324935/; classtype:trojan-activity;sid:84188035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324936)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/437397811_840484194789220_3064589901144116357_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324936/; classtype:trojan-activity;sid:84188036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324937)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/92a262b3-379d-b136-a06b-84ba27d01ebf.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324937/; classtype:trojan-activity;sid:84188037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324938)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a4-skdu-17-september-2021-1.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324938/; classtype:trojan-activity;sid:84188038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324939)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-ico-ido-ieo-guide-2024-2-7-5.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324939/; classtype:trojan-activity;sid:84188039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324940)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/autores-de-nuestra-propia-historia.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324940/; classtype:trojan-activity;sid:84188040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324931)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modelli-listini-tutti-i-braccialetti-2023.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324931/; classtype:trojan-activity;sid:84188031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324932)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/714-sf-dark-flowery-teak-min-min-scaled.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324932/; classtype:trojan-activity;sid:84188032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324933)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gagan-x-pooja-2-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324933/; classtype:trojan-activity;sid:84188033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324934)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap-ecosystem-bericht-2024-549.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324934/; classtype:trojan-activity;sid:84188034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324923)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-39.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324923/; classtype:trojan-activity;sid:84188023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324924)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/647_gts-mn04-manual-sgsst-v.2_0.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324924/; classtype:trojan-activity;sid:84188024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324925)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-12-06-at-12.20.08-pm-1-1.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324925/; classtype:trojan-activity;sid:84188025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324926)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hotel-reservee.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324926/; classtype:trojan-activity;sid:84188026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324927)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pavle-kuzmanovski_mrtva-priroda-1998_maslo-na-platno_65x55.png.png.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324927/; classtype:trojan-activity;sid:84188027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324928)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/termometro_sm_version3.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324928/; classtype:trojan-activity;sid:84188028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324929)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/elektroniczny-bidet-instrukcja-obs2525252525252525252525252525252525252525c5252525252525252525252525252525252525252582ugi-i-monta2525252525252525252525252525252525252525c52525252525252525252525252525252525252525bcu.pdf.lnk"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324929/; classtype:trojan-activity;sid:84188029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324930)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-aprobado-2016-publicado.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324930/; classtype:trojan-activity;sid:84188030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324917)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryanyfile.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324917/; classtype:trojan-activity;sid:84188017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324918)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/maraguinot-1.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324918/; classtype:trojan-activity;sid:84188018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324919)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11.-zips-single-port-alarm-unit-vietnamese.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324919/; classtype:trojan-activity;sid:84188019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324920)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rubrica-estudiante-csociales_fpecyt_2019.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324920/; classtype:trojan-activity;sid:84188020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324921)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00c17d9d-740b-49ad-ae6e-1790d13f287a.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324921/; classtype:trojan-activity;sid:84188021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324922)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/will-the-real-self-reliant-india-show-itself.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324922/; classtype:trojan-activity;sid:84188022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324915)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/designer.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324915/; classtype:trojan-activity;sid:84188015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324916)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1470-wr.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324916/; classtype:trojan-activity;sid:84188016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324910)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/co2-system-head-valve.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324910/; classtype:trojan-activity;sid:84188010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324911)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9fc759cc-e98c-db99-a57f-176b39e858e5.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324911/; classtype:trojan-activity;sid:84188011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324912)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57104_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324912/; classtype:trojan-activity;sid:84188012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324913)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1724188464eede6d87c40f1b86a80cfe0efe1fd5b9.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324913/; classtype:trojan-activity;sid:84188013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324914)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55499-scaled.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324914/; classtype:trojan-activity;sid:84188014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324903)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20221121_203656.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324903/; classtype:trojan-activity;sid:84188003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324904)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rezultat-proba-scrisa-promovare-in-gradul-profesional-superior.pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324904/; classtype:trojan-activity;sid:84188004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324905)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tende-per-esterno-tende-a-bracci-inserite-221.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324905/; classtype:trojan-activity;sid:84188005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324906)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-herramientas-ficha-tecnica-serrucho-podar-ramas-mediana-rs-7120.pdf.lnk"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324906/; classtype:trojan-activity;sid:84188006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324907)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ecowatch.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324907/; classtype:trojan-activity;sid:84188007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324908)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ravena-1.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324908/; classtype:trojan-activity;sid:84188008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324909)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brochure-best-beton-2022-1.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324909/; classtype:trojan-activity;sid:84188009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324902)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-sandpiper-2017-front-entrance-65.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324902/; classtype:trojan-activity;sid:84188002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324897)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1135.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324897/; classtype:trojan-activity;sid:84187997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324898)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carmen-de-apicala.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324898/; classtype:trojan-activity;sid:84187998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324899)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eshan-x-aanchal-1-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324899/; classtype:trojan-activity;sid:84187999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324900)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/syukurankelulusan-2.jpeg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324900/; classtype:trojan-activity;sid:84188000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324901)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink_legal_contract_20244.1.7.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324901/; classtype:trojan-activity;sid:84188001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324892)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-1_2018.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324892/; classtype:trojan-activity;sid:84187992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324893)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/540_resized_detail_800_0_0_1_1.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324893/; classtype:trojan-activity;sid:84187993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324894)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kuppel-gewaechshaeus-4.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324894/; classtype:trojan-activity;sid:84187994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324895)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5a33dbd32e632-433112-1200x1200.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324895/; classtype:trojan-activity;sid:84187995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324896)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscinas-9-elite.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324896/; classtype:trojan-activity;sid:84187996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324889)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/revaluation_notice_for-_students.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324889/; classtype:trojan-activity;sid:84187989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/camioneta-elctrica-feber-20200602200810.7258380015.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324890/; classtype:trojan-activity;sid:84187990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324891)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/something.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324891/; classtype:trojan-activity;sid:84187991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324885)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-semplak-bogor.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324885/; classtype:trojan-activity;sid:84187985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324886)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cypress-slate-9-3.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324886/; classtype:trojan-activity;sid:84187986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324887)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/herms_etriviere_shopping_bag_1609206008_2dfd2548_progressive.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324887/; classtype:trojan-activity;sid:84187987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324888)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/system-pyronix-centrala-matrix-832.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324888/; classtype:trojan-activity;sid:84187988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324882)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171002_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324882/; classtype:trojan-activity;sid:84187982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324883)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58049_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324883/; classtype:trojan-activity;sid:84187983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324884)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2022_04_presupuesto_ingresos_gastos_2022.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324884/; classtype:trojan-activity;sid:84187984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324878)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/514579818031.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324878/; classtype:trojan-activity;sid:84187978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324879)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01315-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324879/; classtype:trojan-activity;sid:84187979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324880)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-get-harder-erections-naturally.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324880/; classtype:trojan-activity;sid:84187980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324875)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-la-eucaristi25252525252525252525cc2525252525252525252581a.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324875/; classtype:trojan-activity;sid:84187975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324876)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-05-de-2019-2.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324876/; classtype:trojan-activity;sid:84187976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324868)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-whitepaper-2024-1-1-1.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324868/; classtype:trojan-activity;sid:84187968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324869)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum-ecosystem-report-2024-3-6-2.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324869/; classtype:trojan-activity;sid:84187969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324870)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4089.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324870/; classtype:trojan-activity;sid:84187970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324871)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-wonderspace-5-1.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324871/; classtype:trojan-activity;sid:84187971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324872)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/building-plan.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324872/; classtype:trojan-activity;sid:84187972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324873)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bursary-scheme-1314-48-si-eog-1.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324873/; classtype:trojan-activity;sid:84187973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324867)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/album_explora_2018.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324867/; classtype:trojan-activity;sid:84187967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324865)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/student-satisfaction-survey-1.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324865/; classtype:trojan-activity;sid:84187965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324866)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-03-de-2019.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324866/; classtype:trojan-activity;sid:84187966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324861)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2520.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324861/; classtype:trojan-activity;sid:84187961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324862)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-04-derecho-de-preferencia.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324862/; classtype:trojan-activity;sid:84187962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324863)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ikea-armarios-2014.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324863/; classtype:trojan-activity;sid:84187963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324864)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/music-class.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324864/; classtype:trojan-activity;sid:84187964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324860)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sundance-spas-splash-120v-paisley-glacier-sparkle-black-oh.jpeg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324860/; classtype:trojan-activity;sid:84187960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324858)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/big_villa_elia_bedroom_1.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324858/; classtype:trojan-activity;sid:84187958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324859)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312560676625.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324859/; classtype:trojan-activity;sid:84187959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324853)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zafer-gazetesi2.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324853/; classtype:trojan-activity;sid:84187953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324854)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain-tokenomics-report-20245.4.2.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324854/; classtype:trojan-activity;sid:84187954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324855)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogra-evreni-e1662818491718.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324855/; classtype:trojan-activity;sid:84187955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324856)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/louis-vuitton-paseo-flat-comfort-sandals--amgs2plk20_pm2_front252520view.jpg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324856/; classtype:trojan-activity;sid:84187956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324857)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pre-owned-hermes-birkin-35-menthe-mint-green-bag-theremoda-1.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324857/; classtype:trojan-activity;sid:84187957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324850)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-regulatory-compliance-guide-2024-1-9-0.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324850/; classtype:trojan-activity;sid:84187950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324851)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170356_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324851/; classtype:trojan-activity;sid:84187951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324852)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imagen-del-centro-de-atencion-integral-para-la-discapacidad-visual-cadivi.jpg.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324852/; classtype:trojan-activity;sid:84187952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324847)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fcrm-2022-requisitos-participacion-regional-de-raza.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324847/; classtype:trojan-activity;sid:84187947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urdher-nr12-.-dt-22.02.2023.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324848/; classtype:trojan-activity;sid:84187948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324849)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ca23c6f2e4aa00d4225c7041db41550b--boyfriendjeans-boyfriends.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324849/; classtype:trojan-activity;sid:84187949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324846)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plan-anual-de-adquisiciones-2024-en-formato-pdf.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324846/; classtype:trojan-activity;sid:84187946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324840)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-5789-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324840/; classtype:trojan-activity;sid:84187940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324841)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pds-rizoflex_300.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324841/; classtype:trojan-activity;sid:84187941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324842)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kalvin-2023.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324842/; classtype:trojan-activity;sid:84187942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324843)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1570008483_provim_shape_.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324843/; classtype:trojan-activity;sid:84187943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324844)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/transformer-coloring-pages-optimus-prime.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324844/; classtype:trojan-activity;sid:84187944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324837)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200211_130537-min-1024x718.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324837/; classtype:trojan-activity;sid:84187937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324838)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bright-women_poster.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324838/; classtype:trojan-activity;sid:84187938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324839)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_4819-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324839/; classtype:trojan-activity;sid:84187939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324834)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/statut-mm-s.a.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324834/; classtype:trojan-activity;sid:84187934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324835)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/portfolio-prop-small-file-1.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324835/; classtype:trojan-activity;sid:84187935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324836)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cute-axolotl-coloring-pages.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324836/; classtype:trojan-activity;sid:84187936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324830)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/313341156456.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324830/; classtype:trojan-activity;sid:84187930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324831)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marko-kraljevic-staresina.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324831/; classtype:trojan-activity;sid:84187931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324832)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9499-533x800.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324832/; classtype:trojan-activity;sid:84187932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324833)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novembro-azul-dpdf-servicos-homem-6btplj.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324833/; classtype:trojan-activity;sid:84187933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324822)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plants-vs-zombies-coloring-pages-to-print.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324822/; classtype:trojan-activity;sid:84187922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324823)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-blockchain-architecture-diagram-2024-3.9.6.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324823/; classtype:trojan-activity;sid:84187923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324824)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-08-at-13.18.18_ec5073e3.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324824/; classtype:trojan-activity;sid:84187924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324825)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58020-768x1024.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324825/; classtype:trojan-activity;sid:84187925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324826)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-45.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324826/; classtype:trojan-activity;sid:84187926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324827)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunline-price-list-stencil-sheets.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324827/; classtype:trojan-activity;sid:84187927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324828)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b1.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324828/; classtype:trojan-activity;sid:84187928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324829)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/large-ashler-with-texture-bullnose-5-1.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324829/; classtype:trojan-activity;sid:84187929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/your-name-2.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324818/; classtype:trojan-activity;sid:84187918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324819)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/smartnic-may-2023.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324819/; classtype:trojan-activity;sid:84187919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/topaz-coral-white.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324820/; classtype:trojan-activity;sid:84187920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324821)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20210105_155750-min-1024x697.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324821/; classtype:trojan-activity;sid:84187921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324810)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-risk-assessment-report-2024270.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324810/; classtype:trojan-activity;sid:84187910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324811)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-outnva17-rossignol-rsgl-top-mujer-blanca-6.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324811/; classtype:trojan-activity;sid:84187911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324812)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-17.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324812/; classtype:trojan-activity;sid:84187912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324813)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs2024_exhibitor_sponsor_stand-application-form_20240925.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324813/; classtype:trojan-activity;sid:84187913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324814)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerynovo-guia-de-identidade-visual-e-verbal-da-rede-lojacorr.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324814/; classtype:trojan-activity;sid:84187914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324815)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image3.jpeg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324815/; classtype:trojan-activity;sid:84187915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324817)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-developm.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:241; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324817/; classtype:trojan-activity;sid:84187917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324806)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bci.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324806/; classtype:trojan-activity;sid:84187906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324807)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0022-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324807/; classtype:trojan-activity;sid:84187907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324808)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-devel.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:238; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324808/; classtype:trojan-activity;sid:84187908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324809)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunglasses-etnia-barcelona-mission-distric-bybl-transparent-by-kambio-eyewear-side.jpg.lnk"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324809/; classtype:trojan-activity;sid:84187909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324804)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shot03_hermes_bordeaux-1_product_053-1.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324804/; classtype:trojan-activity;sid:84187904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324805)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/obhgepi_pk_542_hatvanezer_fa_egyes252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525bclet_35569977517356-1-1.pdf.lnk"; http_uri; depth:259; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324805/; classtype:trojan-activity;sid:84187905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324794)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tiger-day-press-release-1.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324794/; classtype:trojan-activity;sid:84187894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324795)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_e3804.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324795/; classtype:trojan-activity;sid:84187895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324796)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-7_2016.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324796/; classtype:trojan-activity;sid:84187896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324797)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.42.22-1024x1024.jpeg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324797/; classtype:trojan-activity;sid:84187897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324798)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/save_20221016_200922.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324798/; classtype:trojan-activity;sid:84187898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324799)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flow-tshirt-003-640x800.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324799/; classtype:trojan-activity;sid:84187899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324800)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/universal-oven-low-temperature2525252525252525252525252525252525252525252525252525252525252525252525252525252525252c-xult-series.pdf.lnk"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324800/; classtype:trojan-activity;sid:84187900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324801)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3971-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324801/; classtype:trojan-activity;sid:84187901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324802)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2201-eventos-rfeta-20221128.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324802/; classtype:trojan-activity;sid:84187902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324803)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide252525252525252525252525252525252520ateliers252525252525252525252525252525252520cuisine.pdf.lnk"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324803/; classtype:trojan-activity;sid:84187903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324790)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-terminal-de-trasnporte-septiembre-2024.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324790/; classtype:trojan-activity;sid:84187890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324791)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1a4d20d104fef34af01036933b00e9d4.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324791/; classtype:trojan-activity;sid:84187891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/essai-1-fond-bleu.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324792/; classtype:trojan-activity;sid:84187892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324793)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-33-radicado-2659722024-nombre-peticionario-edgar-granadillo.pdf.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324793/; classtype:trojan-activity;sid:84187893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sige-pag-web_columna-extraible-300-y-600-materia-sige.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324786/; classtype:trojan-activity;sid:84187886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logos-05.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324787/; classtype:trojan-activity;sid:84187887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chicago-midway-international-airport-night-aerial-southwest-2.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324788/; classtype:trojan-activity;sid:84187888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324789)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/outdoor-azul-unisex-m2.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324789/; classtype:trojan-activity;sid:84187889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/trilha-de-resultados-para-corretores-de-seguros-link-1.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324780/; classtype:trojan-activity;sid:84187880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cbtt-bctn25252525252525252525252525252525252525272023-dovitec.pdf.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324781/; classtype:trojan-activity;sid:84187881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-20-at-09.13.56-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324782/; classtype:trojan-activity;sid:84187882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/relatorio_amatra1_marco_setembro.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324783/; classtype:trojan-activity;sid:84187883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nikhil-x-pakhi-6-min.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324784/; classtype:trojan-activity;sid:84187884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-16.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324785/; classtype:trojan-activity;sid:84187885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324773)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fixedratio_20160122104708_nike_internationalist_828041_411.jpeg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324773/; classtype:trojan-activity;sid:84187873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flujo-de-efectivo-2018.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324774/; classtype:trojan-activity;sid:84187874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-consolidado-2020-terminal-de-transporte-s.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324775/; classtype:trojan-activity;sid:84187875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/350359539_290725579959978_2369539680614564076_n-min-837x628.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324776/; classtype:trojan-activity;sid:84187876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/establecimientos-seleccionados.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324777/; classtype:trojan-activity;sid:84187877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-security-best-practices-20245.4.3.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324778/; classtype:trojan-activity;sid:84187878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-community-guidelines-2024-5-7-2.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324779/; classtype:trojan-activity;sid:84187879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324768)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02580-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324768/; classtype:trojan-activity;sid:84187868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/igk-beach-club-bouncy-blowout-cream-rig-igk-lbcbb04-500x500-1.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324769/; classtype:trojan-activity;sid:84187869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-k-230620-1-01_500x.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324770/; classtype:trojan-activity;sid:84187870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/palazzo-storico-gravina.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324771/; classtype:trojan-activity;sid:84187871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/laufen_palomba_-14.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324772/; classtype:trojan-activity;sid:84187872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monero-taxation-guide-2024-1.3.9.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324765/; classtype:trojan-activity;sid:84187865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/portaria-trt-rs-cria-forum-institucional.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324766/; classtype:trojan-activity;sid:84187866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1700740481449be2dab08b6bac403a167918729e14.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324767/; classtype:trojan-activity;sid:84187867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/booby-tape-silicone-booby-tape-inserts-d-f-1-pair-ebi-boo-sbtidf_v2-228x228-1.jpg.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324762/; classtype:trojan-activity;sid:84187862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.987.567-printer-color-laser-triumph-adler-p-5031dn.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324763/; classtype:trojan-activity;sid:84187863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryiag-job-description.docxcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324764/; classtype:trojan-activity;sid:84187864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/178179289_3926760460710448_4973363839381607951_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324753/; classtype:trojan-activity;sid:84187853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requirem.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:253; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324754/; classtype:trojan-activity;sid:84187854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324755)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-maarten_vanden_abeele-7-copia.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324755/; classtype:trojan-activity;sid:84187855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324756)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sustainability-news-release_3.2.2022.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324756/; classtype:trojan-activity;sid:84187856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/himanshu-x-yogita-6.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324757/; classtype:trojan-activity;sid:84187857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-d.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324758/; classtype:trojan-activity;sid:84187858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-governance-proposal-2024-4.0.3.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324759/; classtype:trojan-activity;sid:84187859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9.-w2000-zw2000-indonesia.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324760/; classtype:trojan-activity;sid:84187860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apple-cinnamon-400x400.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324761/; classtype:trojan-activity;sid:84187861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20161122-wa0000.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324751/; classtype:trojan-activity;sid:84187851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1720-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324752/; classtype:trojan-activity;sid:84187852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.42.20-1024x1024.jpeg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324745/; classtype:trojan-activity;sid:84187845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20241121_215039_canva-797x1030.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324746/; classtype:trojan-activity;sid:84187846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/portlog_large.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324747/; classtype:trojan-activity;sid:84187847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59426_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324748/; classtype:trojan-activity;sid:84187848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-02-19-at-20.21.34.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324749/; classtype:trojan-activity;sid:84187849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324750)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duplex-icarai-9.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324750/; classtype:trojan-activity;sid:84187850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cuadro-asignacion-de-personal-cap.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324737/; classtype:trojan-activity;sid:84187837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324738)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monero-mining-setup-guide-20243.2.5.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324738/; classtype:trojan-activity;sid:84187838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324739)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/velvet-gold-sfeer-4.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324739/; classtype:trojan-activity;sid:84187839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324740)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bwk-sat-2-332-a-1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324740/; classtype:trojan-activity;sid:84187840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324741)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_11.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324741/; classtype:trojan-activity;sid:84187841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-2.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324742/; classtype:trojan-activity;sid:84187842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0405-sunscreen.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324743/; classtype:trojan-activity;sid:84187843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mengenal-pembelajaran-resolusi-konflik-dalam-pendidikan-kewarganegaraan.jpg.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324744/; classtype:trojan-activity;sid:84187844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324731)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casos-novos-com-o-assunto-covid-19-no-1o-e-2o-graus-da-jt_jan-a-mai2020.pdf.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324731/; classtype:trojan-activity;sid:84187831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324732)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/time-table-b.sc_.-semester-v.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324732/; classtype:trojan-activity;sid:84187832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0754-2.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324733/; classtype:trojan-activity;sid:84187833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/265242.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324734/; classtype:trojan-activity;sid:84187834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/penempatan-mahasiswa-ppl-vii-fakultas-tarbiyah-2024-finaly.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324735/; classtype:trojan-activity;sid:84187835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brosura_oeg_web.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324736/; classtype:trojan-activity;sid:84187836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324728/; classtype:trojan-activity;sid:84187828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-eliminatorias-xx-trofeo-ciutat-de-lleida3.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324729/; classtype:trojan-activity;sid:84187829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rescatando-el-patrimonio-de-mi-barrio.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324730/; classtype:trojan-activity;sid:84187830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-eclipse-10x15-steel-orange-white.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324725/; classtype:trojan-activity;sid:84187825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324726)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/angler22.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324726/; classtype:trojan-activity;sid:84187826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/401-tvd-depto-ciudadano.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324727/; classtype:trojan-activity;sid:84187827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324723)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-remo-bankstel-2-zits-2.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324723/; classtype:trojan-activity;sid:84187823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/densimetro-para-analise-de-combustivel-diesel.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324724/; classtype:trojan-activity;sid:84187824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dom_hol.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324716/; classtype:trojan-activity;sid:84187816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324717)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-consensus-mechanism-details-2024-4-2-2.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324717/; classtype:trojan-activity;sid:84187817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/242300158_2975915039199471_2138929197066379519_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324718/; classtype:trojan-activity;sid:84187818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dee2a44b-df88-4a31-ad4a-592102976729.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324719/; classtype:trojan-activity;sid:84187819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo1_est_club.docx.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324720/; classtype:trojan-activity;sid:84187820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4_bahasa-indonesian-penggantian-adhesive-pada-sensor-zw1921-22-utk-w2000.pdf.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324721/; classtype:trojan-activity;sid:84187821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/holiday-inspection-testing-coatings.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324722/; classtype:trojan-activity;sid:84187822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324711)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-5-1200x800.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324711/; classtype:trojan-activity;sid:84187811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324712)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2017-09-07_23-23-18.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324712/; classtype:trojan-activity;sid:84187812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324713)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_c0541ef065e14107a6e7437c6a0cc9a4.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324713/; classtype:trojan-activity;sid:84187813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave_whitepaper_2024_3_7_5.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324714/; classtype:trojan-activity;sid:84187814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requireme.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:185; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324715/; classtype:trojan-activity;sid:84187815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324710)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formato-anexo-n1-p2_informe_escrito.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324710/; classtype:trojan-activity;sid:84187810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324700)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/addition-roof-aiding-windows-gutters-pavers-garage-door-img3.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324700/; classtype:trojan-activity;sid:84187800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324701)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-submissi.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324701/; classtype:trojan-activity;sid:84187801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324702)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/310760413_790966458908755_2167157579416590464_n-1.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324702/; classtype:trojan-activity;sid:84187802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324703)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc03090.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324703/; classtype:trojan-activity;sid:84187803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324704)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anti-bribery-and-anti-corruption-policy.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324704/; classtype:trojan-activity;sid:84187804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324705)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/projectshipment-general11.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324705/; classtype:trojan-activity;sid:84187805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324706)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-1865-format-competicions-camp-.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324706/; classtype:trojan-activity;sid:84187806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ba-hons-business-management-top-up.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324707/; classtype:trojan-activity;sid:84187807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324708)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lec-5-408x544-2-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324708/; classtype:trojan-activity;sid:84187808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324709)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-18-at-22.00.17-1v9bea.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324709/; classtype:trojan-activity;sid:84187809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324692)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-03-de-2019-1.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324692/; classtype:trojan-activity;sid:84187792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/176507544_3904529769600184_4809219889049670797_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324693/; classtype:trojan-activity;sid:84187793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324694)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.-requisitos-campeonato-regional-juvenil-1-2-3.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324694/; classtype:trojan-activity;sid:84187794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324695)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain-consensus-mechanism-details-2024-v4-3-8.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324695/; classtype:trojan-activity;sid:84187795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324696)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/psma9727-800x533.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324696/; classtype:trojan-activity;sid:84187796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324697)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-445.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324697/; classtype:trojan-activity;sid:84187797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324698)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-expo-domeyko-2019.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324698/; classtype:trojan-activity;sid:84187798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324699)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchquerylearn.skillnation.aicrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:242; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324699/; classtype:trojan-activity;sid:84187799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324688)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/26.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324688/; classtype:trojan-activity;sid:84187788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324689)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vtu-362-presentacion-ejido-san-isidro-685000-.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324689/; classtype:trojan-activity;sid:84187789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324690)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_canvas-sueding.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324690/; classtype:trojan-activity;sid:84187790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324685)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes.jpeg-e1605030079341.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324685/; classtype:trojan-activity;sid:84187785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324686)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8.jpeg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324686/; classtype:trojan-activity;sid:84187786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324687)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7078506_1729693712258.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324687/; classtype:trojan-activity;sid:84187787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324681)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink_smart_contract_tutorial_20244.2.2.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324681/; classtype:trojan-activity;sid:84187781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324682)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requir.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:182; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324682/; classtype:trojan-activity;sid:84187782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324683)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/al-mansora-in-al-jabal-al-akhdar-2013.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324683/; classtype:trojan-activity;sid:84187783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324684)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/straight-talk-with-shefali.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324684/; classtype:trojan-activity;sid:84187784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324673)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kepala-sekolah-visioner.jpeg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324673/; classtype:trojan-activity;sid:84187773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324674)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/417432919_970289484821412_5168924406610775744_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324674/; classtype:trojan-activity;sid:84187774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1377-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324675/; classtype:trojan-activity;sid:84187775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324676)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/librillo-sumergete-en-feci-2022_compressed.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324676/; classtype:trojan-activity;sid:84187776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324677)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49700_15.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324677/; classtype:trojan-activity;sid:84187777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324678)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60121_18.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324678/; classtype:trojan-activity;sid:84187778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324679)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3403a.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324679/; classtype:trojan-activity;sid:84187779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324680)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/point-7_6_11zon.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324680/; classtype:trojan-activity;sid:84187780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324671)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/it_course_structure.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324671/; classtype:trojan-activity;sid:84187771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324672)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bol_sourcing_image.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324672/; classtype:trojan-activity;sid:84187772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324669)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-06-04-at-10.59.04-am.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324669/; classtype:trojan-activity;sid:84187769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324670)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-14-at-21.09.17-3.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324670/; classtype:trojan-activity;sid:84187770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_14.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324664/; classtype:trojan-activity;sid:84187764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cinco-rios-fishing02.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324665/; classtype:trojan-activity;sid:84187765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324666)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/meatzaldeberri_302.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324666/; classtype:trojan-activity;sid:84187766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324667)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clinical-study-04.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324667/; classtype:trojan-activity;sid:84187767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324668)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324668/; classtype:trojan-activity;sid:84187768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p-y-p.mp4.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324656/; classtype:trojan-activity;sid:84187756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-4.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324657/; classtype:trojan-activity;sid:84187757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a0009647-1024x768.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324658/; classtype:trojan-activity;sid:84187758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oksijen-spor-kul2525252525c32525252525bcb2525252525c32525252525bc-kapal2525252525c42525252525b1-havuz-4.jpg.lnk"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324659/; classtype:trojan-activity;sid:84187759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/poza-2.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324660/; classtype:trojan-activity;sid:84187760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324661)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4b67e4e9-1bdb-7a10-52cc-7850d05f5a12.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324661/; classtype:trojan-activity;sid:84187761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thumbnail-keo-deo-bicare-gummies-focus.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324662/; classtype:trojan-activity;sid:84187762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56221_36.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324663/; classtype:trojan-activity;sid:84187763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324650/; classtype:trojan-activity;sid:84187750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moldes-papai-noel-de-feltro-sentado-cantinho-da-thiana.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324651/; classtype:trojan-activity;sid:84187751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aditi-x-harsh-4-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324652/; classtype:trojan-activity;sid:84187752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/les-jardins-partagees-20-ans.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324653/; classtype:trojan-activity;sid:84187753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pvc-toilet-cubicle-1.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324654/; classtype:trojan-activity;sid:84187754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa02suites_venda_centro-caucaia-ce-15.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324655/; classtype:trojan-activity;sid:84187755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deadpool.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324647/; classtype:trojan-activity;sid:84187747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aphmau-meemeow-coloring-pages.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324648/; classtype:trojan-activity;sid:84187748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01.-banner-inicio.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324649/; classtype:trojan-activity;sid:84187749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirem.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324642/; classtype:trojan-activity;sid:84187742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/angler-large-well.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324643/; classtype:trojan-activity;sid:84187743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17315014813515af5d3f95ab8b00dfa8e6c81cf44a.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324644/; classtype:trojan-activity;sid:84187744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324645/; classtype:trojan-activity;sid:84187745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birk-1677595394-6951-1677595434.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324646/; classtype:trojan-activity;sid:84187746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/video-maus-tratos-cachorro-area-nobre-df-ucpzvd.jpeg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324633/; classtype:trojan-activity;sid:84187733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58097_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324634/; classtype:trojan-activity;sid:84187734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pic_12.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324635/; classtype:trojan-activity;sid:84187735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171742973559d21e134ab8af35615299d4e3f6ec78.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324636/; classtype:trojan-activity;sid:84187736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60130_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324637/; classtype:trojan-activity;sid:84187737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55979_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324638/; classtype:trojan-activity;sid:84187738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-9-requisitos-de-puestos.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324639/; classtype:trojan-activity;sid:84187739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-translogo-32x32.png.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324640/; classtype:trojan-activity;sid:84187740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/138613804_165833044967593_9006360657546621647_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324641/; classtype:trojan-activity;sid:84187741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2alt-krei-bovem.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324629/; classtype:trojan-activity;sid:84187729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-056.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324630/; classtype:trojan-activity;sid:84187730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kaos-lengan-pendek_3_11zon.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324631/; classtype:trojan-activity;sid:84187731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flecee-pe_5_11zon.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324632/; classtype:trojan-activity;sid:84187732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5d67bd053baf7.jpeg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324624/; classtype:trojan-activity;sid:84187724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jaron-roque-107-edit-1000.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324625/; classtype:trojan-activity;sid:84187725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fb-12.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324627/; classtype:trojan-activity;sid:84187727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juz-3.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324628/; classtype:trojan-activity;sid:84187728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324616)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/685.pdf.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324616/; classtype:trojan-activity;sid:84187716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/i_edital_de_corpo_docente_1.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324617/; classtype:trojan-activity;sid:84187717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fixedratio_20150827122209_nike_internationalist_631754_100.jpeg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324618/; classtype:trojan-activity;sid:84187718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-5.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324619/; classtype:trojan-activity;sid:84187719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/princess-peach-coloring-pages.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324620/; classtype:trojan-activity;sid:84187720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/110-oficina-asesora-de-comunicaciones.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324621/; classtype:trojan-activity;sid:84187721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/caesb-divulga-novo-numero-de-whatsapp-hfsuvt.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324622/; classtype:trojan-activity;sid:84187722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-3_2018.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324623/; classtype:trojan-activity;sid:84187723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myjaca-majormaker-deluxe-4020fb-4.png.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324611/; classtype:trojan-activity;sid:84187711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6858-2.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324612/; classtype:trojan-activity;sid:84187712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/does-taking-cialis-hurt-a-67-yr-old.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324613/; classtype:trojan-activity;sid:84187713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hig05.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324614/; classtype:trojan-activity;sid:84187714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bd66f001e37738db819ac2f298d3c4f7.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324615/; classtype:trojan-activity;sid:84187715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0750.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324607/; classtype:trojan-activity;sid:84187707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysunglasses-gast-astro-as05-matte-gold-rectangular-shape-by-kambio-eyewear-front.pngcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324608/; classtype:trojan-activity;sid:84187708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-94330018.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324609/; classtype:trojan-activity;sid:84187709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diagnostic-lab-certi-2.png.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324610/; classtype:trojan-activity;sid:84187710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20241126_213744_canva-766x1030.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324603/; classtype:trojan-activity;sid:84187703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/people-having-drink-at-daytime.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324604/; classtype:trojan-activity;sid:84187704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-titulo-6.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324605/; classtype:trojan-activity;sid:84187705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ff.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324606/; classtype:trojan-activity;sid:84187706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standee-dien-thoai-5.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324600/; classtype:trojan-activity;sid:84187700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dise25252525252525252525252525252525252525c325252525252525252525252525252525252525b1o-sin-t25252525252525252525252525252525252525c325252525252525252525252525252525252525adtulo-7.png.lnk"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324602/; classtype:trojan-activity;sid:84187702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/05laboratorios-sophia-1.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324593/; classtype:trojan-activity;sid:84187693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galala-tumbled-pavers.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324594/; classtype:trojan-activity;sid:84187694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/08.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324595/; classtype:trojan-activity;sid:84187695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit252525252525252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525252525252525a0-a-2.pdf.lnk"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324596/; classtype:trojan-activity;sid:84187696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clover-mini-3-2-1.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324597/; classtype:trojan-activity;sid:84187697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chemistry_program_specific_outcomes.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324598/; classtype:trojan-activity;sid:84187698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-t2525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525adtulo-1-9.jpg.lnk"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324599/; classtype:trojan-activity;sid:84187699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unknown-7.jpeg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324590/; classtype:trojan-activity;sid:84187690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-wallet-setup-guide-20243.8.1.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324591/; classtype:trojan-activity;sid:84187691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8155-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324592/; classtype:trojan-activity;sid:84187692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-03-25-at-17.15.07.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324585/; classtype:trojan-activity;sid:84187685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/209317733_2016939891788651_990906702697004435_n-1.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324586/; classtype:trojan-activity;sid:84187686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112259768173.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324587/; classtype:trojan-activity;sid:84187687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-39-radicado-2977682024-nombre-peticionario-anonimo.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324588/; classtype:trojan-activity;sid:84187688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uvex-authorization-letter.png.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324589/; classtype:trojan-activity;sid:84187689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-trading-strategy-2024-5-2-9.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324580/; classtype:trojan-activity;sid:84187680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/120148.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324582/; classtype:trojan-activity;sid:84187682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0810.jpeg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324583/; classtype:trojan-activity;sid:84187683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731445524ca2c72468323e0f957c9cebc290161d9.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324574/; classtype:trojan-activity;sid:84187674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moroccanoil-weightless-hydrating-mask-rmo-mor-twhm16-500x500-1.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324575/; classtype:trojan-activity;sid:84187675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10-po.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324576/; classtype:trojan-activity;sid:84187676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2021.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324577/; classtype:trojan-activity;sid:84187677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-03-30-at-13.26.03.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324578/; classtype:trojan-activity;sid:84187678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-zanahoria-abaco.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324579/; classtype:trojan-activity;sid:84187679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-maarten_vanden_abeele-1-copia.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324570/; classtype:trojan-activity;sid:84187670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1173.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324571/; classtype:trojan-activity;sid:84187671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie25.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324572/; classtype:trojan-activity;sid:84187672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cartaspa.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324573/; classtype:trojan-activity;sid:84187673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primary-section-annual-function-3.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324566/; classtype:trojan-activity;sid:84187666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rectificacio25252525252525252525252525252525cc2525252525252525252525252525252581n-bases-pipe-2023.pdf.lnk"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324567/; classtype:trojan-activity;sid:84187667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/revista-iie-2021-explora-rmso.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324568/; classtype:trojan-activity;sid:84187668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-roadmap-2024-3-4-6.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324569/; classtype:trojan-activity;sid:84187669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hhhh_009.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324561/; classtype:trojan-activity;sid:84187661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/miraflex-2020-ed-5-10-24-vol-173-en-esp-04-9-scaled.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324562/; classtype:trojan-activity;sid:84187662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/71g8z1is6el._ac_uy1000_.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324563/; classtype:trojan-activity;sid:84187663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/olive-fetta.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324564/; classtype:trojan-activity;sid:84187664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324565/; classtype:trojan-activity;sid:84187665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-fetyc-2017-gam-explora-rm.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324554/; classtype:trojan-activity;sid:84187654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-roadmap-2024-4-3-6.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324555/; classtype:trojan-activity;sid:84187655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-outnva-rossignol-rsgl-top-hombre-outdoor-beige-2.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324556/; classtype:trojan-activity;sid:84187656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/autorizatia-de-constructie-2022.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324557/; classtype:trojan-activity;sid:84187657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_33.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324558/; classtype:trojan-activity;sid:84187658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01544-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324559/; classtype:trojan-activity;sid:84187659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/convocatorian.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324560/; classtype:trojan-activity;sid:84187660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1706.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324551/; classtype:trojan-activity;sid:84187651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-10-18-at-10.15.01-1.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324553/; classtype:trojan-activity;sid:84187653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49700_12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324542/; classtype:trojan-activity;sid:84187642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/305748338_512185654240876_5814869488892694930_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324543/; classtype:trojan-activity;sid:84187643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324544)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/08.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324544/; classtype:trojan-activity;sid:84187644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324545)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/energy-star-logo.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324545/; classtype:trojan-activity;sid:84187645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22.07.2014.fechas.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324546/; classtype:trojan-activity;sid:84187646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/briefcase--108524825252002-front-2-300-0-800-800_g.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324547/; classtype:trojan-activity;sid:84187647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1563-done-for-gb.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324548/; classtype:trojan-activity;sid:84187648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-020.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324549/; classtype:trojan-activity;sid:84187649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-tanpa-judul-76.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324550/; classtype:trojan-activity;sid:84187650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/optimus-prime-coloring-pages-printable.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324541/; classtype:trojan-activity;sid:84187641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324536)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lica.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324536/; classtype:trojan-activity;sid:84187636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324537)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery-img-7.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324537/; classtype:trojan-activity;sid:84187637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324538)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-label-eco-01.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324538/; classtype:trojan-activity;sid:84187638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libroresumenescongreso2020.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324539/; classtype:trojan-activity;sid:84187639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-7-24-presentacion-c.-santa-elena-y-saltillo-col.-nisperos-1.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324540/; classtype:trojan-activity;sid:84187640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pdf-1.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324531/; classtype:trojan-activity;sid:84187631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324532)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/03-manual-inclusion.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324532/; classtype:trojan-activity;sid:84187632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324533)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-19-at-11.21.31.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324533/; classtype:trojan-activity;sid:84187633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7583r-fleur-de-lys-fond-rouge.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324534/; classtype:trojan-activity;sid:84187634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informaci25252525252525252525252525252525252525c325252525252525252525252525252525252525b3n-proceso-de-admisi25252525252525252525252525252525252525c325252525252525252525252525252525252525b3n-cupo-explora-unesco-2024.pdf.lnk"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324535/; classtype:trojan-activity;sid:84187635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento-de-evaluacion-2024-mundo-magico.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324527/; classtype:trojan-activity;sid:84187627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados_3t_camporfeta19.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324528/; classtype:trojan-activity;sid:84187628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57832_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324529/; classtype:trojan-activity;sid:84187629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324530)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/edital.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324530/; classtype:trojan-activity;sid:84187630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0a6e4be9-56ef-7e73-0ac7-414cd2bdaced.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324524/; classtype:trojan-activity;sid:84187624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324525)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/30231.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324525/; classtype:trojan-activity;sid:84187625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-l400.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324526/; classtype:trojan-activity;sid:84187626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a-10.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324517/; classtype:trojan-activity;sid:84187617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/encuesta-nac-nutricion-salud_resumen-ejecutivo.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324518/; classtype:trojan-activity;sid:84187618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-9.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324519/; classtype:trojan-activity;sid:84187619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/building-safety-certificate.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324520/; classtype:trojan-activity;sid:84187620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-legal-contract-2024-573.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324521/; classtype:trojan-activity;sid:84187621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54140991015_071a800694_o-st6ltr.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324522/; classtype:trojan-activity;sid:84187622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dinheiro-operacao-ghost-rat-zvwk4h.jpeg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324523/; classtype:trojan-activity;sid:84187623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324514)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide-de-mise-en-jeu-cosmos-20241.8.8.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324514/; classtype:trojan-activity;sid:84187614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-475-gallery-6.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324515/; classtype:trojan-activity;sid:84187615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lista-de-prioritati-in-vederea-repartizarii-prin-inchiriere-a-unor-locuinte-sociale-in-anul-2024.pdf.lnk"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324516/; classtype:trojan-activity;sid:84187616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324507)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lab-2.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324507/; classtype:trojan-activity;sid:84187607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-staking-guide-20245-6-0.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324508/; classtype:trojan-activity;sid:84187608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vessels-for-testing-hob-elements2525252525252525252525252525252525252525252525252525252525252525252525252525252525252c-iec-60335-2-6.pdf.lnk"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324509/; classtype:trojan-activity;sid:84187609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srishti-x-abhinav-6-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324510/; classtype:trojan-activity;sid:84187610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-supply-format-electric-wall-mount-fireplace-1.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324511/; classtype:trojan-activity;sid:84187611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-wallet-setup-guide-2024-3-4-0.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324512/; classtype:trojan-activity;sid:84187612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bioengine-3-manual.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324513/; classtype:trojan-activity;sid:84187613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324501)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/igk-la-blonde-toning-spray-7oz-rig-igk-flabpt07-228x228-1.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324501/; classtype:trojan-activity;sid:84187601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324502)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/high-temperature-universal-oven2525252525252525252525252525252525252525252525252525252525252525252525252525252525252c-xuht-series.pdf.lnk"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324502/; classtype:trojan-activity;sid:84187602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324503)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0440-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324503/; classtype:trojan-activity;sid:84187603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58049_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324504/; classtype:trojan-activity;sid:84187604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324505)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_9b_bar-1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324505/; classtype:trojan-activity;sid:84187605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preguntas-frecuentes-par-explora-2023-2024_v09_03.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324506/; classtype:trojan-activity;sid:84187606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324496)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-2.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324496/; classtype:trojan-activity;sid:84187596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324497)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logos-08.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324497/; classtype:trojan-activity;sid:84187597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324498)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j-365.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324498/; classtype:trojan-activity;sid:84187598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324499)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aulas1.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324499/; classtype:trojan-activity;sid:84187599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324500)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-feria-limari-2019-v2.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324500/; classtype:trojan-activity;sid:84187600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324491)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/yamamoto-nutrition-protesamine252525252525252525252525252525252525252525c2252525252525252525252525252525252525252525ae-mcu-20252525252525252525252525252525252525252525c2252525252525252525252525252525252525252525ae-100-compresse.jpeg.lnk"; http_uri; depth:247; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324491/; classtype:trojan-activity;sid:84187591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324492)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/custom-10x20-tent-3-768x768.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324492/; classtype:trojan-activity;sid:84187592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324493)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/konsep-negara-bangsa.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324493/; classtype:trojan-activity;sid:84187593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324494)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p13.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324494/; classtype:trojan-activity;sid:84187594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324495)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jp-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324495/; classtype:trojan-activity;sid:84187595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324487)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.37.23-1024x768.jpeg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324487/; classtype:trojan-activity;sid:84187587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324488)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fleur-tv-meubel-landelijk-wit-145cm-1.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324488/; classtype:trojan-activity;sid:84187588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foot-ball-1.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324489/; classtype:trojan-activity;sid:84187589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324490)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/manipulator-prosys-rp128kcl0ica.-1.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324490/; classtype:trojan-activity;sid:84187590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324482)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16-1-scaled.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324482/; classtype:trojan-activity;sid:84187582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324483)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vanitacasa_starlight-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324483/; classtype:trojan-activity;sid:84187583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324485)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-116-scaled.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324485/; classtype:trojan-activity;sid:84187585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324486)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58000_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324486/; classtype:trojan-activity;sid:84187586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324478)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-scaled.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324478/; classtype:trojan-activity;sid:84187578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324479)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/penyelewengan-9-ton-pupuk-bersubsidi-pamekasan-digagalkan-miliaran-rupiah-kerugian-negara-diselamatkan.jpeg.lnk"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324479/; classtype:trojan-activity;sid:84187579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324480)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-re.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324480/; classtype:trojan-activity;sid:84187580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324481)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20201024_154503-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324481/; classtype:trojan-activity;sid:84187581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324473)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rttc-save-water-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324473/; classtype:trojan-activity;sid:84187573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324474)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2525d12525852525d02525be2525d12525822525d02525b52525d02525bb.png.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324474/; classtype:trojan-activity;sid:84187574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324475)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/website-privacy-policy-template.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324475/; classtype:trojan-activity;sid:84187575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324476)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afacrit29-1024x1024.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324476/; classtype:trojan-activity;sid:84187576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324477)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_21.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324477/; classtype:trojan-activity;sid:84187577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324467)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-2017-terminal-de-transporte-s_0.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324467/; classtype:trojan-activity;sid:84187567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324468)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/angel-and-stitch-coloring-pages.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324468/; classtype:trojan-activity;sid:84187568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324469)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos_defi_protocol_documentation_2024_1.6.4.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324469/; classtype:trojan-activity;sid:84187569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324470)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324470/; classtype:trojan-activity;sid:84187570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324471)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20230622_153632-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324471/; classtype:trojan-activity;sid:84187571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324472)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comunicare-acceptare-oferta-persoane-juridice.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324472/; classtype:trojan-activity;sid:84187572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324462)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/my_luxury_bargain_hermes_rare_brown_courchevel_hac_birkin_32_2.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324462/; classtype:trojan-activity;sid:84187562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324463)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/art-pop-camiseta-blanca.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324463/; classtype:trojan-activity;sid:84187563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324464)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nikhil-x-pakhi-11-min.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324464/; classtype:trojan-activity;sid:84187564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324465)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-k-231116-1-yw-02_500x.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324465/; classtype:trojan-activity;sid:84187565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324466)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bn211-2010.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324466/; classtype:trojan-activity;sid:84187566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324460)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cronograma-de-entrevistas-cas-1057-001-2024-2.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324460/; classtype:trojan-activity;sid:84187560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324461)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image00002-3.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324461/; classtype:trojan-activity;sid:84187561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324455)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirem.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324455/; classtype:trojan-activity;sid:84187555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324456)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-wallet-setup-guide-2024-4.5.4.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324456/; classtype:trojan-activity;sid:84187556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324457)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-8.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324457/; classtype:trojan-activity;sid:84187557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324458)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clinical-studies.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324458/; classtype:trojan-activity;sid:84187558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324459)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koy3.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324459/; classtype:trojan-activity;sid:84187559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324451)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/igor-azevedo-bomfim-hivap4.jpeg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324451/; classtype:trojan-activity;sid:84187551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324452)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/postkassestativ.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324452/; classtype:trojan-activity;sid:84187552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324453)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/002-memoria-deportiva-2023.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324453/; classtype:trojan-activity;sid:84187553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324454)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerycartaspa.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324454/; classtype:trojan-activity;sid:84187554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324445)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-1.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324445/; classtype:trojan-activity;sid:84187545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324446)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15.-requisitos-para-tramite-de-supervivencia-de-adulto-mayor.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324446/; classtype:trojan-activity;sid:84187546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324447)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-12-24-imagen-c.-piedras-negras-105-ote.-villa-de-fuente-2395000-13.jpg.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324447/; classtype:trojan-activity;sid:84187547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324448)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kelly-dog-hermes-alligator-1.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324448/; classtype:trojan-activity;sid:84187548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324450)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo-9.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324450/; classtype:trojan-activity;sid:84187550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324440)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plan-de-accion-2021-1-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324440/; classtype:trojan-activity;sid:84187540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-12-22-at-22.51.20-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324441/; classtype:trojan-activity;sid:84187541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324442)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/slide-2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324442/; classtype:trojan-activity;sid:84187542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324443)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cecos-college-student-contract-11-june-24.docx.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324443/; classtype:trojan-activity;sid:84187543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324444)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duplex-icarai-8.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324444/; classtype:trojan-activity;sid:84187544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324431)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc03148-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324431/; classtype:trojan-activity;sid:84187531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324432)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/admm.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324432/; classtype:trojan-activity;sid:84187532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324433)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sk-tim-pengelola-pengaduan-yanlik-2024.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324433/; classtype:trojan-activity;sid:84187533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324434)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diagnostic-lab-case-gallery-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324434/; classtype:trojan-activity;sid:84187534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324435)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j19-poweractive-smokedebony_lifestyle.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324435/; classtype:trojan-activity;sid:84187535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324437)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-09-11-at-15.20.34.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324437/; classtype:trojan-activity;sid:84187537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324438)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ayuntamiento2525252525252525252525252525252525252520de2525252525252525252525252525252525252520santomera.pdf.lnk"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324438/; classtype:trojan-activity;sid:84187538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324439)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-maarten_vanden_abeele-12-copia.jpg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324439/; classtype:trojan-activity;sid:84187539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324426)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin_educational_material_20245.3.3.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324426/; classtype:trojan-activity;sid:84187526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324427)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1713-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324427/; classtype:trojan-activity;sid:84187527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryadministration-executive.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324428/; classtype:trojan-activity;sid:84187528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324429)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requiremen.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:255; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324429/; classtype:trojan-activity;sid:84187529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324430)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunline-spec-sheet-sheathing-fabric.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324430/; classtype:trojan-activity;sid:84187530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324422)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marcascalderas.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324422/; classtype:trojan-activity;sid:84187522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324423)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/botany-programmes.specific.outcome.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324423/; classtype:trojan-activity;sid:84187523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324424)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/i-1-1024x356.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324424/; classtype:trojan-activity;sid:84187524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324425)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_adidas.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324425/; classtype:trojan-activity;sid:84187525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324418)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fiche-technique-charpente-en-beton-best-beton.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324418/; classtype:trojan-activity;sid:84187518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324419)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pwd_notice.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324419/; classtype:trojan-activity;sid:84187519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324420)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/104616_g73_ms22_b_530x2525402x.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324420/; classtype:trojan-activity;sid:84187520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/noopur-x-deep-4-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324421/; classtype:trojan-activity;sid:84187521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324414)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-remo-bankstel-2-zits-1.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324414/; classtype:trojan-activity;sid:84187514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324415)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wwe-wrestlers-coloring-pages.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324415/; classtype:trojan-activity;sid:84187515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324416)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/explorador-diciembre-2020_c_compressed.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324416/; classtype:trojan-activity;sid:84187516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324417)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/detail-recreational-sidewall-truss-clip.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324417/; classtype:trojan-activity;sid:84187517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324409)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-ico-ido-ieo-guide-20245.1.5.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324409/; classtype:trojan-activity;sid:84187509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324410)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pemeriksaan-air-untuk-keperluan-hygene-sanitasi.jpeg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324410/; classtype:trojan-activity;sid:84187510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324411)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paypal-copyright.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324411/; classtype:trojan-activity;sid:84187511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324413)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57104_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324413/; classtype:trojan-activity;sid:84187513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324406)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324406/; classtype:trojan-activity;sid:84187506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324407)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot_legal_contract_20245.7.5.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324407/; classtype:trojan-activity;sid:84187507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324408)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos_api_documentation_2024_4.6.8.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324408/; classtype:trojan-activity;sid:84187508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324402)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6d8c301d-4c22-4484-a474-b69217b636cf.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324402/; classtype:trojan-activity;sid:84187502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324403)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d0adc195-03e3-411c-81c4-42c68abe91a6.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324403/; classtype:trojan-activity;sid:84187503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324404)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/psma9726-800x579.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324404/; classtype:trojan-activity;sid:84187504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324405)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hotel-las-plazas-quito-ecuador-galeria2.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324405/; classtype:trojan-activity;sid:84187505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324398)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/evolusi-dan-inovasi-dalam-teknologi-kontruksi.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324398/; classtype:trojan-activity;sid:84187498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324399)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-2023-03-07-alle-18.58.14-1.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324399/; classtype:trojan-activity;sid:84187499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324400)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11.-formulario-de-certificacion-y_o-habilitacion-de-libros.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324400/; classtype:trojan-activity;sid:84187500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324401)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mau-vach-ngan-khung-nhom-kinh-dep-17.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324401/; classtype:trojan-activity;sid:84187501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324391)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-10.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324391/; classtype:trojan-activity;sid:84187491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324392)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/files.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324392/; classtype:trojan-activity;sid:84187492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324393)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60121_16.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324393/; classtype:trojan-activity;sid:84187493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324394)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mau-cau-thang-13.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324394/; classtype:trojan-activity;sid:84187494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324395)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politica-tratamiento-de-datos-personales-y-habeas-data.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324395/; classtype:trojan-activity;sid:84187495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324396)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-sat-b220-1.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324396/; classtype:trojan-activity;sid:84187496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324397)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/miraflex-2020-ed-5-10-24-vol-173-en-esp-04-37-scaled.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324397/; classtype:trojan-activity;sid:84187497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324382)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6_zips-4-port-alarm-unit-merchandising-guide-indonesia.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324382/; classtype:trojan-activity;sid:84187482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1773724623_switch_jewelry_herm2525c32525a8s_kelly_dog_bracelet_black.jpg.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324383/; classtype:trojan-activity;sid:84187483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324385)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_mini_lindy_clemence_gris_etain_palladium_hw-1__56193.1598871740.1280.1280__99897.1599840086.492.335.jpg.lnk"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324385/; classtype:trojan-activity;sid:84187485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324386)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60081_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324386/; classtype:trojan-activity;sid:84187486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324387)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-outnva-rossignol-rsgl-top-hombre-outdoor-beige-7.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324387/; classtype:trojan-activity;sid:84187487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324388)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xamin-200-1.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324388/; classtype:trojan-activity;sid:84187488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324389)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2b83e788-cc36-ecab-92b7-0226ac58cf78.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324389/; classtype:trojan-activity;sid:84187489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324390)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/416-f22.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324390/; classtype:trojan-activity;sid:84187490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324376)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-5kyu.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324376/; classtype:trojan-activity;sid:84187476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324377)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/igk-good-behavior-ultra-smooth-shampoo-34oz-rig-igk-cgbs34-500x500-1.jpg.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324377/; classtype:trojan-activity;sid:84187477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324378)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image_966cb481-12fb-4854-ab98-cbcfb817952f.png.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324378/; classtype:trojan-activity;sid:84187478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324379)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jabzv7i304.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324379/; classtype:trojan-activity;sid:84187479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-264.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324380/; classtype:trojan-activity;sid:84187480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c21u8795.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324381/; classtype:trojan-activity;sid:84187481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324374)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324374/; classtype:trojan-activity;sid:84187474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324375)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/esf-mar-2024.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324375/; classtype:trojan-activity;sid:84187475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324367)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deo-certificate-pg_1-converted.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324367/; classtype:trojan-activity;sid:84187467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324368)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eirini-mourtzoukou-arthro-e17319155224461.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324368/; classtype:trojan-activity;sid:84187468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324369)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-15.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324369/; classtype:trojan-activity;sid:84187469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324370)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/declaratie-consimtamant-directia-pentru-agricultura-judeteana-iasi.docx.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324370/; classtype:trojan-activity;sid:84187470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324371)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_bleu_jean_blue_clemence_1647794568_1ea8e583_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324371/; classtype:trojan-activity;sid:84187471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324372)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gus6333-scaled.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324372/; classtype:trojan-activity;sid:84187472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324373)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/33.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324373/; classtype:trojan-activity;sid:84187473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324365)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/probiotic-bacteria-in-the-human-gastrointestinal-tract-as-a-factor-stimulating-the-immune-system.pdf.lnk"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324365/; classtype:trojan-activity;sid:84187465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324366)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-sheer-3.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324366/; classtype:trojan-activity;sid:84187466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324357)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-submi.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:194; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324357/; classtype:trojan-activity;sid:84187457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324358)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.-protocolo-reconocimiento-identidad-de-genero.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324358/; classtype:trojan-activity;sid:84187458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324359)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_4545-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324359/; classtype:trojan-activity;sid:84187459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324360)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-hali-toplanti.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324360/; classtype:trojan-activity;sid:84187460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324361)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-2.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324361/; classtype:trojan-activity;sid:84187461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324362)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bumdes2-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324362/; classtype:trojan-activity;sid:84187462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324363)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/402-tvd_depto-servicio-trans.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324363/; classtype:trojan-activity;sid:84187463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324364)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/travesias_catalogo_final.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324364/; classtype:trojan-activity;sid:84187464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324353)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/broszura-zespol_turnera.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324353/; classtype:trojan-activity;sid:84187453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324354)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ab8cc4_7d7cb459b6bf44539bf182a5f9f7c17dmv2.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324354/; classtype:trojan-activity;sid:84187454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324355)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ultrasonic-pipet-washer-aw31.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324355/; classtype:trojan-activity;sid:84187455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324356)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190119_150519_1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324356/; classtype:trojan-activity;sid:84187456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324344)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p178701_decim_pmpp.docx.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324344/; classtype:trojan-activity;sid:84187444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324345)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/04-1.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324345/; classtype:trojan-activity;sid:84187445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324346)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs2024_exhibitor_sponsor_terms_notes_20240601.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324346/; classtype:trojan-activity;sid:84187446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324347)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-staking-guide-20243.3.5.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324347/; classtype:trojan-activity;sid:84187447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324348)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/labour_ministry_guidelines_of_scholarhsips_schemes.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324348/; classtype:trojan-activity;sid:84187448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324349)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-8.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324349/; classtype:trojan-activity;sid:84187449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324350)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55963_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324350/; classtype:trojan-activity;sid:84187450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324351)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro-resu252525252525252525252525252525cc25252525252525252525252525252581menes-cre-2017.pdf.lnk"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324351/; classtype:trojan-activity;sid:84187451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324352)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/both-doors-e.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324352/; classtype:trojan-activity;sid:84187452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324340)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-19-at-13.58.18-scaled-htlplp.jpeg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324340/; classtype:trojan-activity;sid:84187440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324341)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dfgd.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324341/; classtype:trojan-activity;sid:84187441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324342)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galala-cream.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324342/; classtype:trojan-activity;sid:84187442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp8670.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324343/; classtype:trojan-activity;sid:84187443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324334)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-captura-de-pantalla-2024-10-02-a-las-12.17.202525252525252525252525252525252525e22525252525252525252525252525252525802525252525252525252525252525252525afp.-m.-1-192x192.png.lnk"; http_uri; depth:195; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324334/; classtype:trojan-activity;sid:84187434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324335)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rotaryanawhite.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324335/; classtype:trojan-activity;sid:84187435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324336)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/student_list_b.ed_2020-2022.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324336/; classtype:trojan-activity;sid:84187436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324337)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comingtotown.txt.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324337/; classtype:trojan-activity;sid:84187437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324338)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/r5-planification-geospatiale-rapport-final-v12.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324338/; classtype:trojan-activity;sid:84187438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324339)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56295_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324339/; classtype:trojan-activity;sid:84187439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324330)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msc.course.outcomes.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324330/; classtype:trojan-activity;sid:84187430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324331)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sino2.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324331/; classtype:trojan-activity;sid:84187431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324332)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-4-consentimiento-sujeto-de-estudio.docx.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324332/; classtype:trojan-activity;sid:84187432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324333)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/system-napco-centrala-gemini-1632.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324333/; classtype:trojan-activity;sid:84187433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324327)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-2023-06-10t095410.035-150x150.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324327/; classtype:trojan-activity;sid:84187427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324328)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1724188464b4835dbc72b244d0f5050dc62ce6f371.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324328/; classtype:trojan-activity;sid:84187428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324329)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pesquisa-da-ong-visao-mundial-sobre-imigrantes.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324329/; classtype:trojan-activity;sid:84187429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324325)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mau-tang-lung-7.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324325/; classtype:trojan-activity;sid:84187425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324326)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kelly-rutherford-hermes-birkin.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324326/; classtype:trojan-activity;sid:84187426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324320)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-da-inserire-sul-sito-2.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324320/; classtype:trojan-activity;sid:84187420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324321)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-trading-strategy-2024336.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324321/; classtype:trojan-activity;sid:84187421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/parijs-bank-met-ottomane-1-3.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324322/; classtype:trojan-activity;sid:84187422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324323)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16-1091.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324323/; classtype:trojan-activity;sid:84187423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324324)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/room-img2-725x544.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324324/; classtype:trojan-activity;sid:84187424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324318)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3078a.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324318/; classtype:trojan-activity;sid:84187418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324319)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/scholarship-program-zebar.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324319/; classtype:trojan-activity;sid:84187419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324312)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ogrenciburstalepformu.docx.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324312/; classtype:trojan-activity;sid:84187412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324313)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/251944-1024x461.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324313/; classtype:trojan-activity;sid:84187413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324314)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60130_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324314/; classtype:trojan-activity;sid:84187414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324315)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-2-concurso-hecho-en-concreto-par-explora-rm-norte.pdf.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324315/; classtype:trojan-activity;sid:84187415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324316)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana_educational_material_2024_1.9.2.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324316/; classtype:trojan-activity;sid:84187416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324317)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16.-protocolo-accidente-escolar.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324317/; classtype:trojan-activity;sid:84187417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324308)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/karta-katalogowa-bcs-tip7300ir.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324308/; classtype:trojan-activity;sid:84187408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324309)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/313485015112.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324309/; classtype:trojan-activity;sid:84187409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324310)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49319051-a442-1d81-1762-a258e6c3c026.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324310/; classtype:trojan-activity;sid:84187410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324311)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aphmau-coloring-pages-printable.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324311/; classtype:trojan-activity;sid:84187411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324298)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa-piscina-estudo-dpi-cam02-noite-r01resultado-1.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324298/; classtype:trojan-activity;sid:84187398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324299)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59772_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324299/; classtype:trojan-activity;sid:84187399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324300)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55545_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324300/; classtype:trojan-activity;sid:84187400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324301)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/karta_katalogowa_centrala_integra_24.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324301/; classtype:trojan-activity;sid:84187401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/so-small-bag--110759825252092-worn-1-0-0-800-800_g.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324302/; classtype:trojan-activity;sid:84187402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_drifit-nike.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324303/; classtype:trojan-activity;sid:84187403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ttsmaker-file-2024-11-22-1-24-42.mp3.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324304/; classtype:trojan-activity;sid:84187404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324305)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-amigos.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324305/; classtype:trojan-activity;sid:84187405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324306)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mandatory-disclosure-details_saras-4.0.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324306/; classtype:trojan-activity;sid:84187406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324307)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-require.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:183; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324307/; classtype:trojan-activity;sid:84187407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324291)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/skawina_mapa1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324291/; classtype:trojan-activity;sid:84187391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324292)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_8i_var.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324292/; classtype:trojan-activity;sid:84187392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324293)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f10d.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324293/; classtype:trojan-activity;sid:84187393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324294)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-16.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324294/; classtype:trojan-activity;sid:84187394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324295)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/painel-croche-g20-df-instituto-6kyulj.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324295/; classtype:trojan-activity;sid:84187395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324296)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-2022-terminal-de-transporte-s-1.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324296/; classtype:trojan-activity;sid:84187396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324297)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/514044082040.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324297/; classtype:trojan-activity;sid:84187397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5.png.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324289/; classtype:trojan-activity;sid:84187389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324290)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/giant_1989751.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324290/; classtype:trojan-activity;sid:84187390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324286)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_american-drill-1.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324286/; classtype:trojan-activity;sid:84187386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acidente-adolescente-porta-malas-compressed-73ojh7.jpeg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324288/; classtype:trojan-activity;sid:84187388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324285)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a01_771-268-hdr.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324285/; classtype:trojan-activity;sid:84187385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324280)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-355-gallery-1.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324280/; classtype:trojan-activity;sid:84187380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2.-convocatoria-charlas-curiosasmentes.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324281/; classtype:trojan-activity;sid:84187381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/statut_turner_projekt_2016.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324282/; classtype:trojan-activity;sid:84187382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4.png.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324283/; classtype:trojan-activity;sid:84187383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/satreetha-png.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324284/; classtype:trojan-activity;sid:84187384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/walk-in-chamber---rooms.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324275/; classtype:trojan-activity;sid:84187375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324276)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324276/; classtype:trojan-activity;sid:84187376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324277)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mario-kart-8-coloring-pages.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324277/; classtype:trojan-activity;sid:84187377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324278)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/235011001-diciembre_2016-estado_de_flujos_de_efectivo-16-02-2017_09-10-am.pdf.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324278/; classtype:trojan-activity;sid:84187378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324279)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-equipo-2.jpeg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324279/; classtype:trojan-activity;sid:84187379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324268)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-powerpro-j19-swim-spa-overhead-ir.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324268/; classtype:trojan-activity;sid:84187368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324269)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-ecosystem-report-2024-5-6-9.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324269/; classtype:trojan-activity;sid:84187369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324270)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/220865_product_uesd2279.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324270/; classtype:trojan-activity;sid:84187370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324271)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscn6405-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324271/; classtype:trojan-activity;sid:84187371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324272)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20241117-wa0062.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324272/; classtype:trojan-activity;sid:84187372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324273)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/18739059_1906038873004157_3950006926017669847_o.jpeg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324273/; classtype:trojan-activity;sid:84187373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324274)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the-siren-of-loreley-rock-preview.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324274/; classtype:trojan-activity;sid:84187374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324264)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/38410.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324264/; classtype:trojan-activity;sid:84187364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324265)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-7.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324265/; classtype:trojan-activity;sid:84187365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324266)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-ejecutado-2015-en-formato-pdf.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324266/; classtype:trojan-activity;sid:84187366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324267)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-t2525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525adtulo-1-7.jpg.lnk"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324267/; classtype:trojan-activity;sid:84187367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324256)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lego-75059-sandcrawler_opt.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324256/; classtype:trojan-activity;sid:84187356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324257)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sige-pag-web_columna-extraible-600-inf.-plus-sige.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324257/; classtype:trojan-activity;sid:84187357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324258)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6693.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324258/; classtype:trojan-activity;sid:84187358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324259)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nature.jpeg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324259/; classtype:trojan-activity;sid:84187359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324260)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.jpeg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324260/; classtype:trojan-activity;sid:84187360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324261)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-backpack-in-orange-and-red-canvas-and-leather.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324261/; classtype:trojan-activity;sid:84187361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324262)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ussia-news-letter-for-march-2024.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324262/; classtype:trojan-activity;sid:84187362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324263)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/500-subgerencia-corporativa_0.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324263/; classtype:trojan-activity;sid:84187363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324252)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brochure-rec-sidewalls.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324252/; classtype:trojan-activity;sid:84187352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324253)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2024-01-19.-sk-penetapan-jenis-pelayanan-tahun-2024.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324253/; classtype:trojan-activity;sid:84187353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324254)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-_friedman_rachel-orders_20-11057_bossart_dismiss_final.wpd-bossart_et_al_v_general_motors_llc__miedce-20-11057__0032.0-2-partially.pdf.lnk"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324254/; classtype:trojan-activity;sid:84187354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324255)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ppn-roscado.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324255/; classtype:trojan-activity;sid:84187355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324245)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myjaca-majormaker-black-pearl-4030f-1-1-scaled.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324245/; classtype:trojan-activity;sid:84187345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324246)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aspen-corner-small-desis.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324246/; classtype:trojan-activity;sid:84187346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324247)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mask-group-3.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324247/; classtype:trojan-activity;sid:84187347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324248)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cua-nhom-thuy-luc-9-2.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324248/; classtype:trojan-activity;sid:84187348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324249)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rapport-sur-lecosysteme-xrp-2024332.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324249/; classtype:trojan-activity;sid:84187349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324250)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16-1620x1080.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324250/; classtype:trojan-activity;sid:84187350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324251)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacarandas-103-e-col.-fuentesjpeg-15.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324251/; classtype:trojan-activity;sid:84187351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324242)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-4-derecho-de-preferencia2017.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324242/; classtype:trojan-activity;sid:84187342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324243)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modern-pool-house-gallery-img-05.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324243/; classtype:trojan-activity;sid:84187343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324244)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-11.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324244/; classtype:trojan-activity;sid:84187344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324241)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6157.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324241/; classtype:trojan-activity;sid:84187341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324235)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/serasi_4_11zon.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324235/; classtype:trojan-activity;sid:84187335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324236)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dagang-ekspor2.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324236/; classtype:trojan-activity;sid:84187336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324237)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/funci2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525b3nfiscal-2.png.lnk"; http_uri; depth:249; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324237/; classtype:trojan-activity;sid:84187337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324238)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5565-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324238/; classtype:trojan-activity;sid:84187338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324239)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s2101217205832_01.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324239/; classtype:trojan-activity;sid:84187339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324240)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-jpo-pacific-mall-tegal.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324240/; classtype:trojan-activity;sid:84187340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324228)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_birkin_25_rose_pourpre_togo_phw_c-1__76946.1676978168.1280.1280__12611.1676979984.jpg.lnk"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324228/; classtype:trojan-activity;sid:84187328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324229)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8977-pont-neuf-guillermot.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324229/; classtype:trojan-activity;sid:84187329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324230)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eeoc_knowyourrights_screen_reader_10_20.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324230/; classtype:trojan-activity;sid:84187330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324231)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/downloads.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324231/; classtype:trojan-activity;sid:84187331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324232)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3112198291851.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324232/; classtype:trojan-activity;sid:84187332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324233)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo3-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324233/; classtype:trojan-activity;sid:84187333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324223)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/surat-laik-higiene-20-april-2024.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324223/; classtype:trojan-activity;sid:84187323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324225)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20180726_083256.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324225/; classtype:trojan-activity;sid:84187325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324226)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-tokenomics-report-2024-5.6.2.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324226/; classtype:trojan-activity;sid:84187326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324227)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3461-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324227/; classtype:trojan-activity;sid:84187327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324219)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myjaca-majormaker-supreme-7019b-1-poprawiona.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324219/; classtype:trojan-activity;sid:84187319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324220)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/top-load-washer-wa80cg4240bwnq.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324220/; classtype:trojan-activity;sid:84187320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324221)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dmz-rotomoldeo.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324221/; classtype:trojan-activity;sid:84187321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324222)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/texto_referencia_aluisio.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324222/; classtype:trojan-activity;sid:84187322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324209)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/frame-3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324209/; classtype:trojan-activity;sid:84187309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324210)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/outdoor-azul-unisex-m1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324210/; classtype:trojan-activity;sid:84187310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324211)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57127_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324211/; classtype:trojan-activity;sid:84187311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324212)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/project-02-4.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324212/; classtype:trojan-activity;sid:84187312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324213)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-58-131.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324213/; classtype:trojan-activity;sid:84187313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324214)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d_nq_np_637328-mlm31894319490_082019-o.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324214/; classtype:trojan-activity;sid:84187314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324215)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/113341125913.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324215/; classtype:trojan-activity;sid:84187315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324216)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/precision-02.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324216/; classtype:trojan-activity;sid:84187316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324217)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-api-documentation-2024-2-3-7.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324217/; classtype:trojan-activity;sid:84187317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324218)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6359.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324218/; classtype:trojan-activity;sid:84187318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324207)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuestoaprobado2013.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324207/; classtype:trojan-activity;sid:84187307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324208)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/v.3-of-annual-appeal-nov.-newsletter-sd-2.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324208/; classtype:trojan-activity;sid:84187308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324201)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6737.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324201/; classtype:trojan-activity;sid:84187301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324202)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandeep-x-ankita-8-scaled.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324202/; classtype:trojan-activity;sid:84187302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324203)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myj25252525252525252525252525252525252525252525252525252525c42525252525252525252525252525252525252525252525252525252585ca-majormaker-luxurious.jpg.lnk"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324203/; classtype:trojan-activity;sid:84187303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324204)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/speed-shelter-brochure.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324204/; classtype:trojan-activity;sid:84187304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324205)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-icono-huarmey-01-192x192.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324205/; classtype:trojan-activity;sid:84187305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324206)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0019.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324206/; classtype:trojan-activity;sid:84187306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4a6756de-725e-415e-877e-8d7b5bd838f0-1200x750-1.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324198/; classtype:trojan-activity;sid:84187298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324199)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambria-college-student-handbook-v2.5-nov-2022.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324199/; classtype:trojan-activity;sid:84187299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324200)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucion-nombramiento-personero-2020-2024-1.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324200/; classtype:trojan-activity;sid:84187300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324196)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kenra-color-maintenance-shampoo-10oz-rke-ken-ccms10-228x228-1.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324196/; classtype:trojan-activity;sid:84187296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324197)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/606_ttsa_flujo-de-efectivo_dic2020.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324197/; classtype:trojan-activity;sid:84187297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324189)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/new-teachers-list-2023-24.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324189/; classtype:trojan-activity;sid:84187289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324190)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/228194325_4213690842017407_5204249061813967248_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324190/; classtype:trojan-activity;sid:84187290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324191)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.-cristo-redentor-brasil-scaled.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324191/; classtype:trojan-activity;sid:84187291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324192)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-14.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324192/; classtype:trojan-activity;sid:84187292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324193)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-feria-chopa-2019-v2.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324193/; classtype:trojan-activity;sid:84187293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324194)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-defi-protokoll-dokumentation-20245-4-7.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324194/; classtype:trojan-activity;sid:84187294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324184)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324184/; classtype:trojan-activity;sid:84187284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324185)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pictorial-representation-of-oelps-varna-samooha-approach.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324185/; classtype:trojan-activity;sid:84187285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324186)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-favicon_kambio-192x192.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324186/; classtype:trojan-activity;sid:84187286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324187)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/air-max-ngo-rojo.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324187/; classtype:trojan-activity;sid:84187287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324188)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/organigrama-2022.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324188/; classtype:trojan-activity;sid:84187288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324181)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/classrooms.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324181/; classtype:trojan-activity;sid:84187281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324182)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image00011.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324182/; classtype:trojan-activity;sid:84187282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324183)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/favicon57x57-1.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324183/; classtype:trojan-activity;sid:84187283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324171)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_2319-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324171/; classtype:trojan-activity;sid:84187271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324172)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/womens_day_2022_poetry.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324172/; classtype:trojan-activity;sid:84187272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324173)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-regulatory-compliance-guide-20241-8-5.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324173/; classtype:trojan-activity;sid:84187273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324174)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bwk-sat-2-lg222-1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324174/; classtype:trojan-activity;sid:84187274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324175)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c21u8684.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324175/; classtype:trojan-activity;sid:84187275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324176)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0016.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324176/; classtype:trojan-activity;sid:84187276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324177)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/75dba150-0947-4d6b-bc41-eedcee212f91.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324177/; classtype:trojan-activity;sid:84187277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324178)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reign-mask-sds.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324178/; classtype:trojan-activity;sid:84187278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324179)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-submission-e.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324179/; classtype:trojan-activity;sid:84187279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324180)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/drapery_track_wall_mount.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324180/; classtype:trojan-activity;sid:84187280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324166)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ideario-automatista-ejemplo.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324166/; classtype:trojan-activity;sid:84187266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324167)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gazongrs.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324167/; classtype:trojan-activity;sid:84187267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324168)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/convocatoria-_001_2023_mdc-ii.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324168/; classtype:trojan-activity;sid:84187268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324169)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mohit-x-nidhi-1-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324169/; classtype:trojan-activity;sid:84187269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324170)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iml-curitiba-ztaio8.jpeg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324170/; classtype:trojan-activity;sid:84187270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324164)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01-capa-3-lynzob.jpeg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324164/; classtype:trojan-activity;sid:84187264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324165)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9a0b23f9-ab03-dfe5-f0b8-fcee03ce2d84.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324165/; classtype:trojan-activity;sid:84187265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324159)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324159/; classtype:trojan-activity;sid:84187259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324160)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-xx1200-split-1.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324160/; classtype:trojan-activity;sid:84187260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324161)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/louis-vuitton-shake-sandal-shoes--aovs2etc44_pm2_front252520view.jpg.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324161/; classtype:trojan-activity;sid:84187261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324162)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sarjana-tekniks-1-1.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324162/; classtype:trojan-activity;sid:84187262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324163)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/113409983326.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324163/; classtype:trojan-activity;sid:84187263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324157)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp9638.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324157/; classtype:trojan-activity;sid:84187257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324158)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-concurso-tcc-2017.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324158/; classtype:trojan-activity;sid:84187258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324150)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano_roadmap_20245.3.1.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324150/; classtype:trojan-activity;sid:84187250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324151)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lilion.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324151/; classtype:trojan-activity;sid:84187251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324152)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-11-21-at-10.48.22.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324152/; classtype:trojan-activity;sid:84187252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324153)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/top-load-washer-wa80cg4240bwnq-3.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324153/; classtype:trojan-activity;sid:84187253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324154)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1259.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324154/; classtype:trojan-activity;sid:84187254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324155)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-02-19-at-20.21.34-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324155/; classtype:trojan-activity;sid:84187255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324156)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/organigrama2021.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324156/; classtype:trojan-activity;sid:84187256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324146)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lacsina.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324146/; classtype:trojan-activity;sid:84187246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324147)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solicitud-arrendamiento-juridica.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324147/; classtype:trojan-activity;sid:84187247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324148)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324148/; classtype:trojan-activity;sid:84187248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324149)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-252525c3252525b6kosystembericht-2024-5-5-0.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324149/; classtype:trojan-activity;sid:84187249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324140)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/children-parents-media-use-attitudes-2017.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324140/; classtype:trojan-activity;sid:84187240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324141)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-25-at-16.51.04_be2a42fb.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324141/; classtype:trojan-activity;sid:84187241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324143)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m_wp_64d8ec49b635f80fcb3a1e28.webp.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324143/; classtype:trojan-activity;sid:84187243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324144)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kandy-056.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324144/; classtype:trojan-activity;sid:84187244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324145)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/230718104934-02-hermes-birkin-bag-explainer-jane-birkin-restricted.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324145/; classtype:trojan-activity;sid:84187245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324131)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200321_180647.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324131/; classtype:trojan-activity;sid:84187231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324132)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e2e684e8345330a0bbc02fe124251c56.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324132/; classtype:trojan-activity;sid:84187232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324133)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324133/; classtype:trojan-activity;sid:84187233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324134)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/detalhes-do-mecanismo-de-consenso-do-bitcoin-20243.6.8.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324134/; classtype:trojan-activity;sid:84187234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324135)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tsw05548-scaled.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324135/; classtype:trojan-activity;sid:84187235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324136)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170384_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324136/; classtype:trojan-activity;sid:84187236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324137)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comunicare-acceptare-oferta-persoane-fizice.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324137/; classtype:trojan-activity;sid:84187237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324138)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/836f0f8a-4844-45ff-a0e6-c56e64f42e7e.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324138/; classtype:trojan-activity;sid:84187238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324139)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ccv-cortaviento-calvin-rossignol-rsgl-tercera-capa-azul-hombre-3.jpg.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324139/; classtype:trojan-activity;sid:84187239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324127)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/promotional-video-final-1.mp4.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324127/; classtype:trojan-activity;sid:84187227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324128)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/714aydmfasl._ac_sx425_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324128/; classtype:trojan-activity;sid:84187228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324129)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/peran-mahasiswa-di-indonesia-dalam-berbagai-bidang-kehidupan.png.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324129/; classtype:trojan-activity;sid:84187229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324126)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49700_17.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324126/; classtype:trojan-activity;sid:84187226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324122)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/company-profile.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324122/; classtype:trojan-activity;sid:84187222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324123)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rotary-monografija.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324123/; classtype:trojan-activity;sid:84187223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324124)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/avis-dappel-a-concurrence-generateur-magnetique-region-analamanga.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324124/; classtype:trojan-activity;sid:84187224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324125)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/penal.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324125/; classtype:trojan-activity;sid:84187225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324118)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oferta-vanzare-persoane-fizice.docx.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324118/; classtype:trojan-activity;sid:84187218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324119)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oferta-vanzare-teren-baetu-dumitru-si-baetu-tatiana-1.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324119/; classtype:trojan-activity;sid:84187219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324120)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-50-radicado-3827352024-nombre-peticionario-anonimo.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324120/; classtype:trojan-activity;sid:84187220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324121)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6_9.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324121/; classtype:trojan-activity;sid:84187221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324115)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ranking-nacional-de-tiro-en-sala-2016-2017.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324115/; classtype:trojan-activity;sid:84187215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324116)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfc-amended-aoi.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324116/; classtype:trojan-activity;sid:84187216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324117)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/precision-08.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324117/; classtype:trojan-activity;sid:84187217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324109)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2525255bdocumentnameandversion2525255d.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324109/; classtype:trojan-activity;sid:84187209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324110)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-7-725x544-1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324110/; classtype:trojan-activity;sid:84187210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324111)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logos-04.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324111/; classtype:trojan-activity;sid:84187211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324112)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/contactsheet-2_copy_699164db-c5c5-4b33-916f-b6b500992cb8_550x.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324112/; classtype:trojan-activity;sid:84187212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324113)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ufs-authorization-letter.png.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324113/; classtype:trojan-activity;sid:84187213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324114)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/puma-ultra-sl.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324114/; classtype:trojan-activity;sid:84187214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324105)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/400-tvd_p3_gerencia-operaciones.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324105/; classtype:trojan-activity;sid:84187205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324106)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/universal-oven-low-temperature2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252c-xult-series.pdf.lnk"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324106/; classtype:trojan-activity;sid:84187206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324107)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0022.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324107/; classtype:trojan-activity;sid:84187207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324108)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpk-jansen-rossignol-rsgl-tercera-capa-mujer-negro-6.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324108/; classtype:trojan-activity;sid:84187208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324098)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formularz-odstapienia-od-umowy-lidor.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324098/; classtype:trojan-activity;sid:84187198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324099)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandeep-x-ankita-6.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324099/; classtype:trojan-activity;sid:84187199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324101)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kaos-lengan-lengan-panjan-rib_1_11zon.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324101/; classtype:trojan-activity;sid:84187201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324103)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-26.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324103/; classtype:trojan-activity;sid:84187203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324104)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4ac3af28-1e56-f597-8c88-d06a6deb562d.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324104/; classtype:trojan-activity;sid:84187204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324090)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/neve_90-.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324090/; classtype:trojan-activity;sid:84187190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324091)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-roma-gold-12.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324091/; classtype:trojan-activity;sid:84187191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324092)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/300-subgerencia-de-servicios-operacionales-e-infraestr.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324092/; classtype:trojan-activity;sid:84187192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324094)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-submiss.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324094/; classtype:trojan-activity;sid:84187194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324095)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/76-bangkalan.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324095/; classtype:trojan-activity;sid:84187195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324097)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-submissio.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324097/; classtype:trojan-activity;sid:84187197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324087)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/burger.jpeg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324087/; classtype:trojan-activity;sid:84187187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324088)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kaos-kerah-kerah_6_11zon.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324088/; classtype:trojan-activity;sid:84187188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324089)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59980_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324089/; classtype:trojan-activity;sid:84187189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324082)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/81rawgxd252bgl._ac_sx425_.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324082/; classtype:trojan-activity;sid:84187182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324083)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lista25252525252525252525252525252520seleccionados2525252525252525252525252525252025252525252525252525252525252520pinto.xlsx.lnk"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324083/; classtype:trojan-activity;sid:84187183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324084)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/doc1-1-scaled-e1665569073944-1127x1500-1-1030x772.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324084/; classtype:trojan-activity;sid:84187184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324085)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a52fbee0-38f0-31ed-6308-d3fe56e02215-1.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324085/; classtype:trojan-activity;sid:84187185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324086)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-18.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324086/; classtype:trojan-activity;sid:84187186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324076)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-deve.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324076/; classtype:trojan-activity;sid:84187176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324077)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-lab-3.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324077/; classtype:trojan-activity;sid:84187177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324078)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/verb-ghost-medium-hairspray-rmo-ver-fgh07-228x228-1.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324078/; classtype:trojan-activity;sid:84187178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324079)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nmat2102.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324079/; classtype:trojan-activity;sid:84187179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324080)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standee-du-hoc-4.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324080/; classtype:trojan-activity;sid:84187180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324081)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunscreen.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324081/; classtype:trojan-activity;sid:84187181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324075)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-2021-terminal-de-transporte-s.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324075/; classtype:trojan-activity;sid:84187175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324073)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/declaratie-consimtamant-directia-pentru-agricultura-judeteana-iasi.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324073/; classtype:trojan-activity;sid:84187173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324074)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eclipse20-dtds-event-1024x683.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324074/; classtype:trojan-activity;sid:84187174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324064)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sulthan-auliya-rzzs0_pmsd0-unsplash-scaled.jpeg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324064/; classtype:trojan-activity;sid:84187164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324065)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-34-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324065/; classtype:trojan-activity;sid:84187165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324066)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-451.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324066/; classtype:trojan-activity;sid:84187166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324067)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/590_33d2dcd96b84dfd0424877330f53a6ad-5-3-850x4601-1.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324067/; classtype:trojan-activity;sid:84187167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324068)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap-staking-guide-2024-2-9-9.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324068/; classtype:trojan-activity;sid:84187168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324069)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gear-shield-synthetic-english-pds-6.9.20.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324069/; classtype:trojan-activity;sid:84187169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324070)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60130_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324070/; classtype:trojan-activity;sid:84187170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324071)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-campamento-explora-va-1.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324071/; classtype:trojan-activity;sid:84187171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324072)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2dining.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324072/; classtype:trojan-activity;sid:84187172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324061)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/140.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324061/; classtype:trojan-activity;sid:84187161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324062)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa-10-pousada-piedade-mata-atlantica-ronco-do-bugio.png.png.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324062/; classtype:trojan-activity;sid:84187162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324063)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-educational-material-2024-3-6-9.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324063/; classtype:trojan-activity;sid:84187163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324052)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/z4122776640327_95461d2c133bad8f739b48996c026197-1-756x1024.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324052/; classtype:trojan-activity;sid:84187152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324053)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/surat-edaran-cuti-lebaran.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324053/; classtype:trojan-activity;sid:84187153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324054)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1293128942394920h1440.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324054/; classtype:trojan-activity;sid:84187154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana_defi_protocol_documentation_2024_2.9.5.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324055/; classtype:trojan-activity;sid:84187155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324056)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/32.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324056/; classtype:trojan-activity;sid:84187156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324057)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cch-robert15ngrih-rossignol-rsgl-segunda-capa-hombre-azul-7.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324057/; classtype:trojan-activity;sid:84187157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324058)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/holoson-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324058/; classtype:trojan-activity;sid:84187158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324059)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_4551-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324059/; classtype:trojan-activity;sid:84187159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324060)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sashay-away-camiseta-negra-2.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324060/; classtype:trojan-activity;sid:84187160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324047)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/luxury-women-hermes-used-handbags-p816941-010.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324047/; classtype:trojan-activity;sid:84187147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324048)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1200-10-pqufug.jpeg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324048/; classtype:trojan-activity;sid:84187148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324049)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eur-lex-31993l0105-en.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324049/; classtype:trojan-activity;sid:84187149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324051)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-captura-de-pantalla-2024-10-02-a-las-12.17.20252525252525252525252525252525252525e225252525252525252525252525252525252580252525252525252525252525252525252525afp.-m.-1-32x32.png.lnk"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324051/; classtype:trojan-activity;sid:84187151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324038)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_5773791619563242019_w.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324038/; classtype:trojan-activity;sid:84187138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324039)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baloo3.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324039/; classtype:trojan-activity;sid:84187139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324040)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-prima-casa-vicino-via-bari.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324040/; classtype:trojan-activity;sid:84187140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324041)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo4.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324041/; classtype:trojan-activity;sid:84187141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324042)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-8-cuadro-de-puestos.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324042/; classtype:trojan-activity;sid:84187142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324043)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4322.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324043/; classtype:trojan-activity;sid:84187143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324044)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs2024_exhibitor-group-name-badges-form_20240809-input.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324044/; classtype:trojan-activity;sid:84187144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324045)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/backlit-panel-light_elp3659540_30w-b-product_datasheet.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324045/; classtype:trojan-activity;sid:84187145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324046)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roofing.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324046/; classtype:trojan-activity;sid:84187146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324035)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-much-is-viagra-on-hims.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324035/; classtype:trojan-activity;sid:84187135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324036)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324036/; classtype:trojan-activity;sid:84187136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324037)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1751.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324037/; classtype:trojan-activity;sid:84187137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324030)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-05-07-at-6.11.29-pm.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324030/; classtype:trojan-activity;sid:84187130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324031)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/notaprensa2018mb.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324031/; classtype:trojan-activity;sid:84187131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324032)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink_smart_contract_tutorial_20245.3.7.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324032/; classtype:trojan-activity;sid:84187132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324033)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/noaa-coral-sunscreen.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324033/; classtype:trojan-activity;sid:84187133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324034)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baby-yoda-coloring-sheet-12.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324034/; classtype:trojan-activity;sid:84187134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324017)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_39.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324017/; classtype:trojan-activity;sid:84187117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324018)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-304-2022-aprobar-la-ordenanza-municipal-que-amplia-el-plazo-de-beneficiosregularizacionprocedimientoslicenciashabitaciones-urbanas-de-la-mdc.pdf.lnk"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324018/; classtype:trojan-activity;sid:84187118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324019)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112200102695.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324019/; classtype:trojan-activity;sid:84187119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324020)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00156448-37f3-e587-1d2f-890f276b294a.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324020/; classtype:trojan-activity;sid:84187120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324021)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-2023-terminal-de-transporte.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324021/; classtype:trojan-activity;sid:84187121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324022)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20140925_142337_3-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324022/; classtype:trojan-activity;sid:84187122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324023)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-12-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324023/; classtype:trojan-activity;sid:84187123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324024)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-795x492.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324024/; classtype:trojan-activity;sid:84187124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324025)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/subham-joshi-118-edit-1000.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324025/; classtype:trojan-activity;sid:84187125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324026)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/br2525252525252525252525252525252525201_2017252525252525252525252525252525252520scalona.pdf.lnk"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324026/; classtype:trojan-activity;sid:84187126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324027)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1452-wr.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324027/; classtype:trojan-activity;sid:84187127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324028)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nazrahotel07.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324028/; classtype:trojan-activity;sid:84187128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324029)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paia-manual.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324029/; classtype:trojan-activity;sid:84187129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324012)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/203-club-nautica-69.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324012/; classtype:trojan-activity;sid:84187112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324013)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/medipro-casopis-2-1.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324013/; classtype:trojan-activity;sid:84187113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324014)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-debates-2018.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324014/; classtype:trojan-activity;sid:84187114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324015)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucion-76-2023-version-3-manual-supervisor-e-interventoria.pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324015/; classtype:trojan-activity;sid:84187115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324016)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60019_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324016/; classtype:trojan-activity;sid:84187116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324006)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-028.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324006/; classtype:trojan-activity;sid:84187106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324007)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-endeavor-limeade-aluminum-1.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324007/; classtype:trojan-activity;sid:84187107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324008)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gulfkolschlayered_web.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324008/; classtype:trojan-activity;sid:84187108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324009)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/course-structure-history.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324009/; classtype:trojan-activity;sid:84187109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324010)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54456_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324010/; classtype:trojan-activity;sid:84187110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324011)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/114108023293.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324011/; classtype:trojan-activity;sid:84187111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324000)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandeep-x-ankita-7.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324000/; classtype:trojan-activity;sid:84187100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324001)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/itapua-03-rotated.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324001/; classtype:trojan-activity;sid:84187101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324002)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/437545209_840484211455885_2290717350882975167_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324002/; classtype:trojan-activity;sid:84187102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324003)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57529_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324003/; classtype:trojan-activity;sid:84187103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324004)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/syllabus_of_b.a_history_programme_of_first_year__second_year_under_cbcs.pdf.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324004/; classtype:trojan-activity;sid:84187104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3324005)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/des-mn01-politicas-de-integridad-v1-1.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3324005/; classtype:trojan-activity;sid:84187105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323998)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/frontdesk1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323998/; classtype:trojan-activity;sid:84187098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323999)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200630_163105.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323999/; classtype:trojan-activity;sid:84187099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323991)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-marzo-2020.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323991/; classtype:trojan-activity;sid:84187091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323992)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presentacion-cocinas-institucionales.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323992/; classtype:trojan-activity;sid:84187092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323993)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bioengine-2-manual.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323993/; classtype:trojan-activity;sid:84187093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323994)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9061-le-point-d-eau.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323994/; classtype:trojan-activity;sid:84187094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323995)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8.-ws2-integrated-charging-exposed-cable-zw1002-thai-translation.pdf.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323995/; classtype:trojan-activity;sid:84187095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323996)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monero-defi-protocol-documentation-20242.4.6.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323996/; classtype:trojan-activity;sid:84187096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323997)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/drone-pic-2-with-beach-scaled.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323997/; classtype:trojan-activity;sid:84187097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323966)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60121_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323966/; classtype:trojan-activity;sid:84187066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323967)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-chess-m200.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323967/; classtype:trojan-activity;sid:84187067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323968)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56856_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323968/; classtype:trojan-activity;sid:84187068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323969)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/225483287_4191788820874276_5976480609178324588_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323969/; classtype:trojan-activity;sid:84187069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-a041115g703fb-product-image.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323970/; classtype:trojan-activity;sid:84187070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323971)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23-febrero-2022-modificacion-ordenanzas-borm-fuentes-marques.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323971/; classtype:trojan-activity;sid:84187071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323972)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cmcp7500mms_datasheet.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323972/; classtype:trojan-activity;sid:84187072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323973)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_7n_var.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323973/; classtype:trojan-activity;sid:84187073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323974)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.37.25-1024x1024.jpeg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323974/; classtype:trojan-activity;sid:84187074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323975)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/amenity-secured-parking.png.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323975/; classtype:trojan-activity;sid:84187075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323976)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/persian-singers-3.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323976/; classtype:trojan-activity;sid:84187076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323977)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eshan-x-aanchal-4-1-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323977/; classtype:trojan-activity;sid:84187077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323978)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rmso_pipe-bases-2023_07_10-final.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323978/; classtype:trojan-activity;sid:84187078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323979)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e1c3ed1a-8a52-4d87-9ea9-832a51f870d6.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323979/; classtype:trojan-activity;sid:84187079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323980)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rex.00458-2024-1.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323980/; classtype:trojan-activity;sid:84187080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323981)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-energy-saving-dne401.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323981/; classtype:trojan-activity;sid:84187081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323982)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/02.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323982/; classtype:trojan-activity;sid:84187082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323983)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/43-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323983/; classtype:trojan-activity;sid:84187083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323984)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/visit-to-house-of-commons-img-5-1-408x544-1.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323984/; classtype:trojan-activity;sid:84187084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323985)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/encuentro-interregional-entre-pares-.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323985/; classtype:trojan-activity;sid:84187085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323986)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/393958d353da051c72c80bf7f73c110f.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323986/; classtype:trojan-activity;sid:84187086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323987)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_superfeel.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323987/; classtype:trojan-activity;sid:84187087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323988)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ser-773x1030.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323988/; classtype:trojan-activity;sid:84187088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323989)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/performance-flood-light_-product_brochure.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323989/; classtype:trojan-activity;sid:84187089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323990)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/policia_federal_pf_05-8ims9i.jpeg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323990/; classtype:trojan-activity;sid:84187090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323960)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4985-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323960/; classtype:trojan-activity;sid:84187060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323961)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-congreso-regional-y-nacional-1.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323961/; classtype:trojan-activity;sid:84187061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323962)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum-risk-assessment-report-2024-4-9-0.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323962/; classtype:trojan-activity;sid:84187062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323963)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/firenca-loungebank.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323963/; classtype:trojan-activity;sid:84187063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323964)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58295_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323964/; classtype:trojan-activity;sid:84187064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323965)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58049_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323965/; classtype:trojan-activity;sid:84187065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323955)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-42-radicado-2915042024-nombre-peticionario-anonimo.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323955/; classtype:trojan-activity;sid:84187055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323956)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/johan-sjokvist-cv-2023-11-eng.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323956/; classtype:trojan-activity;sid:84187056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323957)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flujo-de-efectivo-2013.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323957/; classtype:trojan-activity;sid:84187057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323958)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58531_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323958/; classtype:trojan-activity;sid:84187058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323959)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myj252525252525252525252525c425252525252525252525252585ca-majormaker-deluxe-4020fb-1.png.lnk"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323959/; classtype:trojan-activity;sid:84187059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323951)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/078.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323951/; classtype:trojan-activity;sid:84187051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323952)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/80344_a-1.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323952/; classtype:trojan-activity;sid:84187052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323953)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/512889658722.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323953/; classtype:trojan-activity;sid:84187053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323954)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-49-radicado-20240010063281-nombre-peticionario-juan-sebastian-rodriguez-rubiano.pdf.lnk"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323954/; classtype:trojan-activity;sid:84187054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323950)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20180719-wa0007-1.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323950/; classtype:trojan-activity;sid:84187050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323947)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_mini_evelyne_chai_ghw_1654653978_5c98cc26.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323947/; classtype:trojan-activity;sid:84187047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323948)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-de-gestion-2023-vf-1.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323948/; classtype:trojan-activity;sid:84187048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323949)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zestawienie-nr-01.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323949/; classtype:trojan-activity;sid:84187049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323942)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/176087087_3904529759600185_3685720569472187316_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323942/; classtype:trojan-activity;sid:84187042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323943)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estatutos-terminal-de-transporte.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323943/; classtype:trojan-activity;sid:84187043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323944)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerypl.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323944/; classtype:trojan-activity;sid:84187044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/funghi-533x400.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323945/; classtype:trojan-activity;sid:84187045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323946)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8bb22ba9c4aece51e35eb7d716d10969.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323946/; classtype:trojan-activity;sid:84187046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323930)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/db-avion-2.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323930/; classtype:trojan-activity;sid:84187030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323931)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paintball.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323931/; classtype:trojan-activity;sid:84187031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323932)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/334.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323932/; classtype:trojan-activity;sid:84187032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323933)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/visit-to-house-of-commons-img-5-408x544-1.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323933/; classtype:trojan-activity;sid:84187033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323934)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323934/; classtype:trojan-activity;sid:84187034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323935)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_zn.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323935/; classtype:trojan-activity;sid:84187035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323936)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3468-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323936/; classtype:trojan-activity;sid:84187036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323937)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-25-at-16.51.00_e31f9852.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323937/; classtype:trojan-activity;sid:84187037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323938)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1935-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323938/; classtype:trojan-activity;sid:84187038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323939)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpk-louis-rossignol-rsgl-tercera-capa-hombre-parka-azul-7.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323939/; classtype:trojan-activity;sid:84187039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323940)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/477_ejecucion-presupuestal-sep2020-publicacion-web_0.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323940/; classtype:trojan-activity;sid:84187040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323941)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/instrucitvo-congresos-provinciales-tt7m.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323941/; classtype:trojan-activity;sid:84187041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323913)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aa.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323913/; classtype:trojan-activity;sid:84187013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323914)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7749-2250-x-1500.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323914/; classtype:trojan-activity;sid:84187014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323915)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/239276035_106314628431697_7582783850027825349_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323915/; classtype:trojan-activity;sid:84187015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323916)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cottonshirt_7.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323916/; classtype:trojan-activity;sid:84187016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323917)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/48103_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323917/; classtype:trojan-activity;sid:84187017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323918)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-34.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323918/; classtype:trojan-activity;sid:84187018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323919)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/convocatoria-2018-sala426.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323919/; classtype:trojan-activity;sid:84187019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323920)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roller_100_inside_corner_meet_at_corner.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323920/; classtype:trojan-activity;sid:84187020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323921)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323921/; classtype:trojan-activity;sid:84187021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323922)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myjaca-majormaker-honor-1017q-scaled.jpg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323922/; classtype:trojan-activity;sid:84187022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323923)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barbie-mermaid-printable-coloring-pages.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323923/; classtype:trojan-activity;sid:84187023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323924)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lego-city-kids-playground-30588.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323924/; classtype:trojan-activity;sid:84187024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323925)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logotipo-pajaritos-fm-2.png.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323925/; classtype:trojan-activity;sid:84187025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323926)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rastebord-med-rygg-og-tak-scaled.jpeg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323926/; classtype:trojan-activity;sid:84187026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323928)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6756.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323928/; classtype:trojan-activity;sid:84187028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323929)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-building-supply-p42i-tc-pellet-insert-5.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323929/; classtype:trojan-activity;sid:84187029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323900)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/airport.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323900/; classtype:trojan-activity;sid:84187000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323901)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp9078-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323901/; classtype:trojan-activity;sid:84187001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323902)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galleryimage1-1.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323902/; classtype:trojan-activity;sid:84187002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323903)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1680804303e04f4735ef97ef247dd4e985786e8e93.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323903/; classtype:trojan-activity;sid:84187003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323904)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/malana-himachal-pradesh.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323904/; classtype:trojan-activity;sid:84187004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323905)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ete08.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323905/; classtype:trojan-activity;sid:84187005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323906)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/63.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323906/; classtype:trojan-activity;sid:84187006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323907)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/618ofph1wel._ac_sx425_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323907/; classtype:trojan-activity;sid:84187007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323908)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01c1f143-5e5e-4714-b039-46636d9061d8.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323908/; classtype:trojan-activity;sid:84187008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323909)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/06-4.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323909/; classtype:trojan-activity;sid:84187009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323910)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phan-mem-trinh-chieu-co-doc-v4-1-2.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323910/; classtype:trojan-activity;sid:84187010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323911)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-nft-leitfaden-2024-v1-9-0.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323911/; classtype:trojan-activity;sid:84187011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323912)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/russian-singers-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323912/; classtype:trojan-activity;sid:84187012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323892)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14.-apisonador-disel-kama-ft.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323892/; classtype:trojan-activity;sid:84186992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323893)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323893/; classtype:trojan-activity;sid:84186993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323894)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4972-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323894/; classtype:trojan-activity;sid:84186994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323895)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/press-release-sept-17-reputation-today.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323895/; classtype:trojan-activity;sid:84186995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323896)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/magnum-authorization-letter.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323896/; classtype:trojan-activity;sid:84186996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323897)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/olaplex-bonding-oil-rol-ola-lbo01-228x228-1.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323897/; classtype:trojan-activity;sid:84186997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323898)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_7i_var.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323898/; classtype:trojan-activity;sid:84186998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323899)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmosconsensusmechanismdetails2024532.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323899/; classtype:trojan-activity;sid:84186999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323883)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/algorand-trading-strategy-2024-3-6-0.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323883/; classtype:trojan-activity;sid:84186983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323884)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/angled_bottom_up_roller_specs.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323884/; classtype:trojan-activity;sid:84186984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323885)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/abp-mineduc-1.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323885/; classtype:trojan-activity;sid:84186985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323886)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58000_34.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323886/; classtype:trojan-activity;sid:84186986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323887)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-02-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323887/; classtype:trojan-activity;sid:84186987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323888)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rf200211-i-cruso-de-jueces.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323888/; classtype:trojan-activity;sid:84186988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323889)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3016977.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323889/; classtype:trojan-activity;sid:84186989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pagina-nota2-190924-oald.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323890/; classtype:trojan-activity;sid:84186990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323891)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/86259g.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323891/; classtype:trojan-activity;sid:84186991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323871)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b__iqac_meeting__and_action_report_19_th_july2019.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323871/; classtype:trojan-activity;sid:84186971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323872)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-5.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323872/; classtype:trojan-activity;sid:84186972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323873)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majormaker-katalog-1.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323873/; classtype:trojan-activity;sid:84186973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323874)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1730990563ceb16c1942f610b62989ee3ae327acb6.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323874/; classtype:trojan-activity;sid:84186974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323875)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the-grooming-bag--068312ckrc-worn-11-0-0-800-800_g.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323875/; classtype:trojan-activity;sid:84186975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323876)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requ.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323876/; classtype:trojan-activity;sid:84186976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323877)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coliseo-mayor.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323877/; classtype:trojan-activity;sid:84186977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323878)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/decreto-1079-2015.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323878/; classtype:trojan-activity;sid:84186978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323879)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/07laboratorios-sophia-1.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323879/; classtype:trojan-activity;sid:84186979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323880)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kisisel-verilerin-korunmasi-mevzuati-uyarinca-uye-aydinlatma-bilgisi-ve-uye-onami.jpg.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323880/; classtype:trojan-activity;sid:84186980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323881)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8444-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323881/; classtype:trojan-activity;sid:84186981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323882)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pexels-andrew-neel-5860602.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323882/; classtype:trojan-activity;sid:84186982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323867)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-260.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323867/; classtype:trojan-activity;sid:84186967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323868)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6355-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323868/; classtype:trojan-activity;sid:84186968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323869)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tagreuters.com2023binary_lynxmpej7h0gv-filedimage-eumzwn.jpeg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323869/; classtype:trojan-activity;sid:84186969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323870)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aanshi-insta.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323870/; classtype:trojan-activity;sid:84186970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323861)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moroccanoil-smoothing-shampoo-rmo-mor-sss08-500x500-1.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323861/; classtype:trojan-activity;sid:84186961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323862)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-feria-cientifica-colegio-antartica-chilena.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323862/; classtype:trojan-activity;sid:84186962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323863)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190930_092435-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323863/; classtype:trojan-activity;sid:84186963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323864)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/communities-take-initiative-to-manage-and-protect-their-sacred-cultural-site.pdf.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323864/; classtype:trojan-activity;sid:84186964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323865)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eduardo-campos-ykxjqv.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323865/; classtype:trojan-activity;sid:84186965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323866)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/201.1-tvd_p2_depto-bienes.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323866/; classtype:trojan-activity;sid:84186966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323845)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/252525252525252525252525255bsoftwarenameandversion252525252525252525252525255d.pdf.lnk"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323845/; classtype:trojan-activity;sid:84186945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323846)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/peripoliko-3-11.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323846/; classtype:trojan-activity;sid:84186946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323847)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modal-systems-from-4-kn-to-15-kn-and-100-n-to-2.7-kn.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323847/; classtype:trojan-activity;sid:84186947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lili-on.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323848/; classtype:trojan-activity;sid:84186948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323849)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-1.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323849/; classtype:trojan-activity;sid:84186949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323850)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fasil113.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323850/; classtype:trojan-activity;sid:84186950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323851)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-sandia-santa-amelia-1.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323851/; classtype:trojan-activity;sid:84186951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323852)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informacion-alergenos-manjares_03-1030x728.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323852/; classtype:trojan-activity;sid:84186952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323853)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-clubes_2019.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323853/; classtype:trojan-activity;sid:84186953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323854)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ipn-tablas-de-perfiles.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323854/; classtype:trojan-activity;sid:84186954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323855)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rd4696255b2255d.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323855/; classtype:trojan-activity;sid:84186955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323856)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20231130_091750-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323856/; classtype:trojan-activity;sid:84186956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323857)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60081_12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323857/; classtype:trojan-activity;sid:84186957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323858)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-re.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323858/; classtype:trojan-activity;sid:84186958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323859)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8.8-directorio-contratistas-segundo-trimestre-2022.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323859/; classtype:trojan-activity;sid:84186959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323860)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_40.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323860/; classtype:trojan-activity;sid:84186960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323837)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-2.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323837/; classtype:trojan-activity;sid:84186937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323838)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/np_2011_023-027.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323838/; classtype:trojan-activity;sid:84186938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323839)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unknown.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323839/; classtype:trojan-activity;sid:84186939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323840)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucion_0000264_del_11-02-2020.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323840/; classtype:trojan-activity;sid:84186940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323841)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-community-guidelines-2024-1-7-1.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323841/; classtype:trojan-activity;sid:84186941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323842)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/69035d79064f976143516ca7962f229f.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323842/; classtype:trojan-activity;sid:84186942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323843)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cypress-slate-17-2.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323843/; classtype:trojan-activity;sid:84186943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323844)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/botany-course_objectiveslearning_outcome-course_structure.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323844/; classtype:trojan-activity;sid:84186944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323828)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-bag-35-black-togo-95.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323828/; classtype:trojan-activity;sid:84186928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323829)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-03-at-17.00.26-e1701688498780.jpeg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323829/; classtype:trojan-activity;sid:84186929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323830)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mmdms.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323830/; classtype:trojan-activity;sid:84186930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323831)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bg_1-3.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323831/; classtype:trojan-activity;sid:84186931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323832)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20230531-wa0003.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323832/; classtype:trojan-activity;sid:84186932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323833)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-submission-.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323833/; classtype:trojan-activity;sid:84186933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323834)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58457_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323834/; classtype:trojan-activity;sid:84186934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323836)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55572.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323836/; classtype:trojan-activity;sid:84186936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323810)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/interior2.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323810/; classtype:trojan-activity;sid:84186910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323811)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-1200x800.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323811/; classtype:trojan-activity;sid:84186911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323812)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a17i6471.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323812/; classtype:trojan-activity;sid:84186912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323813)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gov.uscourts.ksd_.129438.174.0_1dodge.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323813/; classtype:trojan-activity;sid:84186913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323814)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60081_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323814/; classtype:trojan-activity;sid:84186914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323815)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15-2-1620x1080.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323815/; classtype:trojan-activity;sid:84186915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323816)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/87437064.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323816/; classtype:trojan-activity;sid:84186916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323817)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/co2-system-gas-weight-monitoring-system.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323817/; classtype:trojan-activity;sid:84186917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56918_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323818/; classtype:trojan-activity;sid:84186918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323819)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/custom-10x20-tent-4-768x768.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323819/; classtype:trojan-activity;sid:84186919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58928_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323820/; classtype:trojan-activity;sid:84186920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323821)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/314.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323821/; classtype:trojan-activity;sid:84186921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323822)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-tanpa-judul-89.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323822/; classtype:trojan-activity;sid:84186922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323823)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_0097-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323823/; classtype:trojan-activity;sid:84186923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323824)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deska-sedesowa-z-funkcja-bidetu-majormaker-smaragd-200a-4.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323824/; classtype:trojan-activity;sid:84186924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323825)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0661-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323825/; classtype:trojan-activity;sid:84186925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323826)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-fap-sheer-burkolattal-2.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323826/; classtype:trojan-activity;sid:84186926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323827)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-4.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323827/; classtype:trojan-activity;sid:84186927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323809)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpk-jansen-rossignol-rsgl-tercera-capa-mujer-negro-1.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323809/; classtype:trojan-activity;sid:84186909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-concurso-explora.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323787/; classtype:trojan-activity;sid:84186887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/captain-cook-header18.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323788/; classtype:trojan-activity;sid:84186888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323789)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01-censo-sociedades-2024.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323789/; classtype:trojan-activity;sid:84186889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323790)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/situacion-financiera-septiembre-2021.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323790/; classtype:trojan-activity;sid:84186890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323791)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2017_07_fitness9708-copy-705x705-1.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323791/; classtype:trojan-activity;sid:84186891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-475-gallery-2.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323792/; classtype:trojan-activity;sid:84186892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323793)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-413-2023-reconocer-y-felicitar-a-la-servidor-edward-antonio-bedregal-neira.pdf.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323793/; classtype:trojan-activity;sid:84186893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323794)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/posecheckin-1.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323794/; classtype:trojan-activity;sid:84186894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323795)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo10.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323795/; classtype:trojan-activity;sid:84186895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323796)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/selama-37-tahun-istiqomah-shalat-berjamaah-di-masjid.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323796/; classtype:trojan-activity;sid:84186896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323797)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-integral-a-30-de-septiembre-de-2022-ttb-en-formato-pdf.pdf.lnk"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323797/; classtype:trojan-activity;sid:84186897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323798)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tu-parque-andadores_3.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323798/; classtype:trojan-activity;sid:84186898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323799)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/invitacion-privada-suministro-de-stickers.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323799/; classtype:trojan-activity;sid:84186899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323800)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20160115-wa0008.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323800/; classtype:trojan-activity;sid:84186900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323801)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/samsung-galaxy-s24-amber-yellow.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323801/; classtype:trojan-activity;sid:84186901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323802)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myjaca-majormaker-topaz-4701fw-3-scaled.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323802/; classtype:trojan-activity;sid:84186902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323803)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/salon2.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323803/; classtype:trojan-activity;sid:84186903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323804)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7987-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323804/; classtype:trojan-activity;sid:84186904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323805)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vilalcarolina-cafam-del-sol.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323805/; classtype:trojan-activity;sid:84186905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323806)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13237d43b3b3231f4f4cec0e0141aeb9.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323806/; classtype:trojan-activity;sid:84186906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323807)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/royal-rove-apartments-floor-plan.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323807/; classtype:trojan-activity;sid:84186907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323808)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/between-salouq-and-al-abyar-2016.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323808/; classtype:trojan-activity;sid:84186908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323756)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerycartaspa.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323756/; classtype:trojan-activity;sid:84186856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/riempimento-generativo.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323757/; classtype:trojan-activity;sid:84186857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/evento-astronomico-el-carrizo-3_compressed-1.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323758/; classtype:trojan-activity;sid:84186858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20180831_192614.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323759/; classtype:trojan-activity;sid:84186859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-44-radicado-2980252024-y-2980262024-nombre-anonimo.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323760/; classtype:trojan-activity;sid:84186860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-1576-campionat-catalunya-tir-en-sala.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323761/; classtype:trojan-activity;sid:84186861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-extra-3.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323762/; classtype:trojan-activity;sid:84186862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-89-scaled.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323763/; classtype:trojan-activity;sid:84186863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-11.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323764/; classtype:trojan-activity;sid:84186864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13-po.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323765/; classtype:trojan-activity;sid:84186865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lettredepolitique.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323766/; classtype:trojan-activity;sid:84186866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/canaa-dos-carajas.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323767/; classtype:trojan-activity;sid:84186867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323768)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/44-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323768/; classtype:trojan-activity;sid:84186868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stt-favicon-2-100x100.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323769/; classtype:trojan-activity;sid:84186869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55046_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323770/; classtype:trojan-activity;sid:84186870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-ewl-1-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323771/; classtype:trojan-activity;sid:84186871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo-title-opengraph.png.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323772/; classtype:trojan-activity;sid:84186872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323773)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/avocado-smash-halloumi-beetroot-hommus-400x400.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323773/; classtype:trojan-activity;sid:84186873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-1-782x544.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323774/; classtype:trojan-activity;sid:84186874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc00945.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323775/; classtype:trojan-activity;sid:84186875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/autorizaciones-docentes-2022.docx.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323776/; classtype:trojan-activity;sid:84186876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/02galeria-articulo-transitions-vyo-18-12-19.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323777/; classtype:trojan-activity;sid:84186877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requireme.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:254; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323778/; classtype:trojan-activity;sid:84186878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-02-19-at-20.21.32-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323779/; classtype:trojan-activity;sid:84186879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20525209_1489158224483802_8728995674349127693_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323780/; classtype:trojan-activity;sid:84186880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/autorizzazioni-iscrizione-estatennis-2024.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323781/; classtype:trojan-activity;sid:84186881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambridge_pansu_3.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323782/; classtype:trojan-activity;sid:84186882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aspire_fitline.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323783/; classtype:trojan-activity;sid:84186883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6174-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323784/; classtype:trojan-activity;sid:84186884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apel_organizacji_wybory.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323785/; classtype:trojan-activity;sid:84186885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/v505.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323786/; classtype:trojan-activity;sid:84186886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3933fileminimizer.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323721/; classtype:trojan-activity;sid:84186821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01045-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323722/; classtype:trojan-activity;sid:84186822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323723)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-de-convocatoria-pipe-rmso-2021.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323723/; classtype:trojan-activity;sid:84186823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requiremen.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323724/; classtype:trojan-activity;sid:84186824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/evisa.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323725/; classtype:trojan-activity;sid:84186825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323726)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/botines-adidas-predator-183-fg-terreno-firme-hombre-rosa-d_nq_np_670868-mla31600395374_072019-f.jpg.lnk"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323726/; classtype:trojan-activity;sid:84186826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-submission-.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323727/; classtype:trojan-activity;sid:84186827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afa-virtual-28-nov-1024x1024.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323728/; classtype:trojan-activity;sid:84186828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politicas-y-lineamientos-de-compra-ttsa.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323729/; classtype:trojan-activity;sid:84186829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tess2.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323730/; classtype:trojan-activity;sid:84186830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323731)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bottom-basics-03.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323731/; classtype:trojan-activity;sid:84186831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323732)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323732/; classtype:trojan-activity;sid:84186832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bann_declaracao.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323733/; classtype:trojan-activity;sid:84186833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/indyvidualni.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323734/; classtype:trojan-activity;sid:84186834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/posecheckin.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323735/; classtype:trojan-activity;sid:84186835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bmg3.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323736/; classtype:trojan-activity;sid:84186836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-marvel-onyx-4.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323737/; classtype:trojan-activity;sid:84186837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323738)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/taller1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323738/; classtype:trojan-activity;sid:84186838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323739)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sac-a-depeches-29-messenger-bag--082688cb89-worn-9-0-0-800-800_g.jpg.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323739/; classtype:trojan-activity;sid:84186839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323740)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ap452e00.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323740/; classtype:trojan-activity;sid:84186840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323741)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/controlador.php_.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323741/; classtype:trojan-activity;sid:84186841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/himanshu-x-yogita-9-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323742/; classtype:trojan-activity;sid:84186842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/newsletter.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323743/; classtype:trojan-activity;sid:84186843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nat-f147230-1-e1527186411794.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323744/; classtype:trojan-activity;sid:84186844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j19_brushedgray_lifestyle.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323745/; classtype:trojan-activity;sid:84186845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boletin-julio-2015.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323746/; classtype:trojan-activity;sid:84186846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f047925c-3607-cfe1-3074-c61b4c31c07e.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323747/; classtype:trojan-activity;sid:84186847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56295_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323748/; classtype:trojan-activity;sid:84186848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-sheer-1.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323749/; classtype:trojan-activity;sid:84186849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323750)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.-06.11.2024-per-portalin-24-25.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323750/; classtype:trojan-activity;sid:84186850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-07-06-at-13.00.11-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323751/; classtype:trojan-activity;sid:84186851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/341.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323752/; classtype:trojan-activity;sid:84186852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/planetary-mixer.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323753/; classtype:trojan-activity;sid:84186853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adrien.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323754/; classtype:trojan-activity;sid:84186854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323755)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clothing-catalog-template-2.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323755/; classtype:trojan-activity;sid:84186855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323711)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6cb4ab46-3f16-4b86-a852-b00afd533d52-768x1024.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323711/; classtype:trojan-activity;sid:84186811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323712)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boitier-porte-1.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323712/; classtype:trojan-activity;sid:84186812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323713)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/349148671_1446143179536470_1548598553806031080_n-min-837x628.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323713/; classtype:trojan-activity;sid:84186813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-l1600.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323714/; classtype:trojan-activity;sid:84186814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49806620702_70ae96e69e_o-e1709622946482-zgtgzq.jpeg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323715/; classtype:trojan-activity;sid:84186815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_convocatoria_1.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323716/; classtype:trojan-activity;sid:84186816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323717)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe_semanal_28_11_2022.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323717/; classtype:trojan-activity;sid:84186817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20170214-wa0004.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323718/; classtype:trojan-activity;sid:84186818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1717.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323719/; classtype:trojan-activity;sid:84186819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ecostp-flyer-ver3-compressed-1.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323720/; classtype:trojan-activity;sid:84186820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323699)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-21-at-13.40.23.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323699/; classtype:trojan-activity;sid:84186799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323700)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/freeze-dryer-dc801.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323700/; classtype:trojan-activity;sid:84186800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323701)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pagina-nota1-100424-oald.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323701/; classtype:trojan-activity;sid:84186801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323702)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/appfichajes_instalacion_v1.1.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323702/; classtype:trojan-activity;sid:84186802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323703)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-submiss.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323703/; classtype:trojan-activity;sid:84186803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323704)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/z-9-min.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323704/; classtype:trojan-activity;sid:84186804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323705)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m500303_0004068_p.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323705/; classtype:trojan-activity;sid:84186805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323706)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/puma-colores.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323706/; classtype:trojan-activity;sid:84186806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17144854192c4772642ecc60009456a4036ea61896.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323707/; classtype:trojan-activity;sid:84186807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323709)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rx-hombro.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323709/; classtype:trojan-activity;sid:84186809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323710)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1499_hermes_kelly_mini_roseextreme-rougedecoeur-bluezanzibar_s_1f_collector-1-800x1024.jpg.lnk"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323710/; classtype:trojan-activity;sid:84186810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-541.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323693/; classtype:trojan-activity;sid:84186793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323694)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/86_azidolysis_flow_green_chem_2013_15_2394-2400.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323694/; classtype:trojan-activity;sid:84186794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323695)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/65313848_10156785939003743_5961386882834104320_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323695/; classtype:trojan-activity;sid:84186795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323696)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0471.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323696/; classtype:trojan-activity;sid:84186796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323697)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aditi-x-harsh-5-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323697/; classtype:trojan-activity;sid:84186797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323698)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerimonia-base-aerea_mcamgo_abr_010420221818-12-e1732153502168-48vo9r.jpeg.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323698/; classtype:trojan-activity;sid:84186798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323688)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57658_31.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323688/; classtype:trojan-activity;sid:84186788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323689)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5.-gestion-colaborativa-de-conflictos.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323689/; classtype:trojan-activity;sid:84186789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323690)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_3768b8841dace643b82fc5deb2080864.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323690/; classtype:trojan-activity;sid:84186790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323691)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.42.21-2-1024x1024.jpeg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323691/; classtype:trojan-activity;sid:84186791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323692)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_25.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323692/; classtype:trojan-activity;sid:84186792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323674)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image00008.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323674/; classtype:trojan-activity;sid:84186774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/slide-5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323675/; classtype:trojan-activity;sid:84186775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323676)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bmj-factory-al-hamra-fze-rak-al-baraq-steel.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323676/; classtype:trojan-activity;sid:84186776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323677)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0653.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323677/; classtype:trojan-activity;sid:84186777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323678)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fixedratio_20160706102700_nike_internationalist_print_833814_101.jpeg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323678/; classtype:trojan-activity;sid:84186778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323679)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/86258g-2.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323679/; classtype:trojan-activity;sid:84186779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323680)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/652_situacion-financiera-marzo-2021.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323680/; classtype:trojan-activity;sid:84186780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323681)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56295_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323681/; classtype:trojan-activity;sid:84186781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323682)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/under_armour_logo.svg.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323682/; classtype:trojan-activity;sid:84186782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323683)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo4.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323683/; classtype:trojan-activity;sid:84186783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323684)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink_wallet_setup_guide_2024_3.8.1.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323684/; classtype:trojan-activity;sid:84186784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323685)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nanoimprint.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323685/; classtype:trojan-activity;sid:84186785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323686)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/obudowa_centrali_z_akumulatorem_europower_17ah-.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323686/; classtype:trojan-activity;sid:84186786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323687)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultados-2012.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323687/; classtype:trojan-activity;sid:84186787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323669)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/line_album_id-perspective-mb_230225_5.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323669/; classtype:trojan-activity;sid:84186769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323670)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0010.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323670/; classtype:trojan-activity;sid:84186770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323672)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tende-showroom.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323672/; classtype:trojan-activity;sid:84186772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323673)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59021_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323673/; classtype:trojan-activity;sid:84186773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-21-at-12.58.47-e1732214747455-x8pttg.jpeg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323663/; classtype:trojan-activity;sid:84186763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/375x500.53465.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323664/; classtype:trojan-activity;sid:84186764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-5.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323665/; classtype:trojan-activity;sid:84186765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323666)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-pptal-septiembre-2021-1.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323666/; classtype:trojan-activity;sid:84186766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323667)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-aprobado-2020-ttsa-pdf.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323667/; classtype:trojan-activity;sid:84186767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323668)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rm-239-2020-minsa-y-anexo.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323668/; classtype:trojan-activity;sid:84186768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02546.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323659/; classtype:trojan-activity;sid:84186759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57199_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323660/; classtype:trojan-activity;sid:84186760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323661)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/etyeki-furdoszobaszalon-4-1.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323661/; classtype:trojan-activity;sid:84186761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lego-architecture-trafalgar-square.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323662/; classtype:trojan-activity;sid:84186762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery47.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323652/; classtype:trojan-activity;sid:84186752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kjnnnnnnn-scaled.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323653/; classtype:trojan-activity;sid:84186753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-267.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323654/; classtype:trojan-activity;sid:84186754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-6.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323655/; classtype:trojan-activity;sid:84186755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit-210-balcony-scaled.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323656/; classtype:trojan-activity;sid:84186756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-4.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323657/; classtype:trojan-activity;sid:84186757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-victoria-travel-bag-clemence-pl-rot-1.800-ewa-lagan-secondhand-frankfurt-copy.jpg.lnk"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323658/; classtype:trojan-activity;sid:84186758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-smart-contract-tutorial-20245.0.4.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323649/; classtype:trojan-activity;sid:84186749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fl-pl01dr-u-ww-1080x1920-002-450x800.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323650/; classtype:trojan-activity;sid:84186750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hut-brochure.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323651/; classtype:trojan-activity;sid:84186751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1672191326245-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323640/; classtype:trojan-activity;sid:84186740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-07-at-19.58.07_48c2f652-768x1024.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323641/; classtype:trojan-activity;sid:84186741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/large-ashler-with-texture-bullnose-3-1.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323642/; classtype:trojan-activity;sid:84186742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58097_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323643/; classtype:trojan-activity;sid:84186743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112560676625.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323644/; classtype:trojan-activity;sid:84186744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/miembros-junta-directiva-2024.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323645/; classtype:trojan-activity;sid:84186745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200409_124638.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323646/; classtype:trojan-activity;sid:84186746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/events-for-edm-6.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323647/; classtype:trojan-activity;sid:84186747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lightbox-placeholder.png.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323648/; classtype:trojan-activity;sid:84186748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nails123-and-nailsolution-min.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323636/; classtype:trojan-activity;sid:84186736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/310-direccion-de-servicio-al-transportador.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323637/; classtype:trojan-activity;sid:84186737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arabika-2.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323638/; classtype:trojan-activity;sid:84186738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pisicnas-15-elite-1.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323639/; classtype:trojan-activity;sid:84186739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17315014806db27f407308e057020cf76a595b6c2d.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323628/; classtype:trojan-activity;sid:84186728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-defi-protocol-documentation-2024-4.7.5.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323629/; classtype:trojan-activity;sid:84186729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cream-lover-200g-crema-pasticcera.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323630/; classtype:trojan-activity;sid:84186730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/44-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323631/; classtype:trojan-activity;sid:84186731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1197.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323632/; classtype:trojan-activity;sid:84186732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/06-4.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323633/; classtype:trojan-activity;sid:84186733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casino-efdeco.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323634/; classtype:trojan-activity;sid:84186734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/samsung-11kg-ai-control-front-load-washing-machine-ww11cg604dlb-6.png.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323635/; classtype:trojan-activity;sid:84186735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum-staking-guide-20245.1.4.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323620/; classtype:trojan-activity;sid:84186720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pressrelease_h2energysolutions_turkeystrategy.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323621/; classtype:trojan-activity;sid:84186721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryanyfile.pngcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323622/; classtype:trojan-activity;sid:84186722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-submission.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323623/; classtype:trojan-activity;sid:84186723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/003.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323624/; classtype:trojan-activity;sid:84186724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5498_d372d26d7fc77a16-3-ua0non.jpeg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323625/; classtype:trojan-activity;sid:84186725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56856_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323626/; classtype:trojan-activity;sid:84186726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ficha_inscripcion_feria_2017_ok_1.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323627/; classtype:trojan-activity;sid:84186727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pakxtg6712eb.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323618/; classtype:trojan-activity;sid:84186718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/203-tvd_p2_depto-sistemas.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323619/; classtype:trojan-activity;sid:84186719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/03_latder-scaled.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323614/; classtype:trojan-activity;sid:84186714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1675360828ef204119e9a4fee4be3c0e1942adcb2d.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323615/; classtype:trojan-activity;sid:84186715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323616)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-de-etapa-de-admisibilidad-1.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323616/; classtype:trojan-activity;sid:84186716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-subm.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323617/; classtype:trojan-activity;sid:84186717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/travis-scott-air-jordan-33-cd5965-300-release-date-4.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323611/; classtype:trojan-activity;sid:84186711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gps-lte__el7enhzd2kq6_og.png.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323612/; classtype:trojan-activity;sid:84186712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aqar-for-2018-19.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323613/; classtype:trojan-activity;sid:84186713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54456_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323607/; classtype:trojan-activity;sid:84186707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/orabond-1397pp-631-technical-data-sheet-europe-en.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323608/; classtype:trojan-activity;sid:84186708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-su.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323609/; classtype:trojan-activity;sid:84186709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-r.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323610/; classtype:trojan-activity;sid:84186710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-developmen.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323606/; classtype:trojan-activity;sid:84186706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/241053303_113203324409494_7681632414197488355_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323602/; classtype:trojan-activity;sid:84186702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20150305_191010_lls-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323603/; classtype:trojan-activity;sid:84186703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tradewinds-stripe-e1474907953595.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323604/; classtype:trojan-activity;sid:84186704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-iie-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323605/; classtype:trojan-activity;sid:84186705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cataogo-alma.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323598/; classtype:trojan-activity;sid:84186698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7078502_1729693685742.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323599/; classtype:trojan-activity;sid:84186699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/footer-logo-ncaa.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323600/; classtype:trojan-activity;sid:84186700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55979_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323601/; classtype:trojan-activity;sid:84186701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moes-bread-menu-3.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323593/; classtype:trojan-activity;sid:84186693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-27.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323594/; classtype:trojan-activity;sid:84186694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marko-kraljevic-unutrasnja.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323595/; classtype:trojan-activity;sid:84186695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formato-de-programaciones-emo.xlsx.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323596/; classtype:trojan-activity;sid:84186696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guarda-do-bico-opw-1-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323597/; classtype:trojan-activity;sid:84186697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-risk-assessment-report-2024-3.8.6.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323591/; classtype:trojan-activity;sid:84186691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/argi.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323592/; classtype:trojan-activity;sid:84186692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin_sicherheitsbest_practices_2024_4.9.6.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323587/; classtype:trojan-activity;sid:84186687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-thermae-8.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323588/; classtype:trojan-activity;sid:84186688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/metodologiya-za-izsledvane.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323589/; classtype:trojan-activity;sid:84186689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-aprobado-2011.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323590/; classtype:trojan-activity;sid:84186690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7-14.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323582/; classtype:trojan-activity;sid:84186682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_38.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323583/; classtype:trojan-activity;sid:84186683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp7151.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323584/; classtype:trojan-activity;sid:84186684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11-1440x1080.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323585/; classtype:trojan-activity;sid:84186685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01789.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323586/; classtype:trojan-activity;sid:84186686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/daa-scaled.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323575/; classtype:trojan-activity;sid:84186675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_24.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323576/; classtype:trojan-activity;sid:84186676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bracelet-kelly-gourmette-very-small-model--221410b25252000-worn-4-0-0-800-800_g.jpg.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323577/; classtype:trojan-activity;sid:84186677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-03-at-08.42.22-1-1024x1024.jpeg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323578/; classtype:trojan-activity;sid:84186678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/t86lewry2w0_092bd5-msie3u.jpeg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323579/; classtype:trojan-activity;sid:84186679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-integral-a-31-de-marzo-2022-ttb-formato-pdf.pdf.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323580/; classtype:trojan-activity;sid:84186680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-mola.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323581/; classtype:trojan-activity;sid:84186681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/autocad-lt-icon-128.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323568/; classtype:trojan-activity;sid:84186668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/haiti-eco-4.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323569/; classtype:trojan-activity;sid:84186669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/events-for-edm-2.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323570/; classtype:trojan-activity;sid:84186670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/34_veggie-stack-3_4_retouch.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323571/; classtype:trojan-activity;sid:84186671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17297859973b2e151c3e3d2e264435290b72260a1a.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323572/; classtype:trojan-activity;sid:84186672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/telpro_presentation.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323573/; classtype:trojan-activity;sid:84186673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/protection-against-splashing-water-and-spraying-iec-60529.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323574/; classtype:trojan-activity;sid:84186674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pink_birkin_bag.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323564/; classtype:trojan-activity;sid:84186664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugi.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:231; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323565/; classtype:trojan-activity;sid:84186665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323566/; classtype:trojan-activity;sid:84186666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-pizza-food-clipart-7503664-32x32.png.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323567/; classtype:trojan-activity;sid:84186667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/406.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323562/; classtype:trojan-activity;sid:84186662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/splash-test-device-iec-60335-1.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323563/; classtype:trojan-activity;sid:84186663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_vintage_kelly_ado_backp_1688305275_977569d5_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323561/; classtype:trojan-activity;sid:84186661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/service-ac-6-768x768-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323554/; classtype:trojan-activity;sid:84186654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/interior-biserica-hoghilagh.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323555/; classtype:trojan-activity;sid:84186655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-tbs-1a-da2-1.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323556/; classtype:trojan-activity;sid:84186656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultados-2014.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323557/; classtype:trojan-activity;sid:84186657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-495b64d4e9-142212.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323558/; classtype:trojan-activity;sid:84186658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-11.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323559/; classtype:trojan-activity;sid:84186659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flora-of-wadi-el-ghattara-2010-1.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323560/; classtype:trojan-activity;sid:84186660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/scouts.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323552/; classtype:trojan-activity;sid:84186652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/300-tvd_p1_subgerencia-sec.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323553/; classtype:trojan-activity;sid:84186653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4328-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323546/; classtype:trojan-activity;sid:84186646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/termos-e-condicoes.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323547/; classtype:trojan-activity;sid:84186647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/camscanner-12-05-2023-11.55-1.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323548/; classtype:trojan-activity;sid:84186648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rbr6464-vtbtsp.jpeg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323549/; classtype:trojan-activity;sid:84186649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-3.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323550/; classtype:trojan-activity;sid:84186650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59814_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323551/; classtype:trojan-activity;sid:84186651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/30416.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323535/; classtype:trojan-activity;sid:84186635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323536)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flujos-de-efectivo-2017.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323536/; classtype:trojan-activity;sid:84186636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323537)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58049_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323537/; classtype:trojan-activity;sid:84186637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323538)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-api-dokumentation-2024-4-6-8.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323538/; classtype:trojan-activity;sid:84186638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_8i_bar.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323539/; classtype:trojan-activity;sid:84186639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moes-bread-decor.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323540/; classtype:trojan-activity;sid:84186640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/121212-min-scaled.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323541/; classtype:trojan-activity;sid:84186641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/telpro_brochure.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323542/; classtype:trojan-activity;sid:84186642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto_2018.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323543/; classtype:trojan-activity;sid:84186643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323544)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adventist-home-zokam.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323544/; classtype:trojan-activity;sid:84186644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323545)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ens-2016-17_primeros-resultados.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323545/; classtype:trojan-activity;sid:84186645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmd-bld-2-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323531/; classtype:trojan-activity;sid:84186631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323532)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3863-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323532/; classtype:trojan-activity;sid:84186632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323533)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1451-wr.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323533/; classtype:trojan-activity;sid:84186633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e6f38b2c-e250-4093-adf7-85b1cff90571-df6gtp.jpeg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323534/; classtype:trojan-activity;sid:84186634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/94e46824-0147-40b5-93e8-9be70804999b-1-e1731893822884-nj7ju6.jpeg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323528/; classtype:trojan-activity;sid:84186628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-8-1200x800.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323529/; classtype:trojan-activity;sid:84186629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323530)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfin-list-of-top-20-as-of-april-13-2022.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323530/; classtype:trojan-activity;sid:84186630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-02-02-at-12.35.39-pm-1.jpeg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323524/; classtype:trojan-activity;sid:84186624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323525)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/statut-fundacji-impuls-dla-mlodych.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323525/; classtype:trojan-activity;sid:84186625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1401-campeonatos-y-trofeos-rfeta-20191002-1.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323526/; classtype:trojan-activity;sid:84186626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01-memoria-deportiva-2018.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323527/; classtype:trojan-activity;sid:84186627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/newsletter-pdf-july-22_page-0001.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323520/; classtype:trojan-activity;sid:84186620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1712259768195.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323521/; classtype:trojan-activity;sid:84186621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/manual-de-convivencia-para-la-vida-armoniosa-disciplinario-2019-2020.pdf.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323522/; classtype:trojan-activity;sid:84186622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323523/; classtype:trojan-activity;sid:84186623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60080_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323516/; classtype:trojan-activity;sid:84186616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59514_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323517/; classtype:trojan-activity;sid:84186617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323518/; classtype:trojan-activity;sid:84186618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/l-display-instant-electric-heating-kitchen-eu-plug-p42254432-12237118-origin.jpg.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323519/; classtype:trojan-activity;sid:84186619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323514)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novo-guia-de-identidade-visual-e-verbal-da-rede-lojacorr.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323514/; classtype:trojan-activity;sid:84186614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nature-eyecare-complex.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323515/; classtype:trojan-activity;sid:84186615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323507)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/36632287_890212561163520_7189185258141515776_n_768x768.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323507/; classtype:trojan-activity;sid:84186607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.com_.-sem-i-to-iv-repeat-exam-timetable-dec-2020.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323508/; classtype:trojan-activity;sid:84186608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/il_570xn.3059825265_46ls.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323509/; classtype:trojan-activity;sid:84186609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-6-2017.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323510/; classtype:trojan-activity;sid:84186610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sprawozdanie2016.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323511/; classtype:trojan-activity;sid:84186611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4853-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323512/; classtype:trojan-activity;sid:84186612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anuario-2017-colombimurcia.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323513/; classtype:trojan-activity;sid:84186613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323501)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/news-nota2-11-05-2022-oald.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323501/; classtype:trojan-activity;sid:84186601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323502)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-ewl-1222.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323502/; classtype:trojan-activity;sid:84186602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323503)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/79d1cce4-fbb5-4964-b07d-064cd71f31b6.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323503/; classtype:trojan-activity;sid:84186603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54456_12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323504/; classtype:trojan-activity;sid:84186604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323505)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/all8.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323505/; classtype:trojan-activity;sid:84186605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/exotic-grandeur-exlated-living.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323506/; classtype:trojan-activity;sid:84186606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323490)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron2525252520risk2525252520assessment2525252520report2525252520202425252525201.6.3.pdf.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323490/; classtype:trojan-activity;sid:84186590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323491)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_honeycomb.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323491/; classtype:trojan-activity;sid:84186591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323492)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-ewl-12-2.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323492/; classtype:trojan-activity;sid:84186592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323493)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323493/; classtype:trojan-activity;sid:84186593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323494)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requiremen.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323494/; classtype:trojan-activity;sid:84186594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323495)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/isida_dms_theme_8_contracts_34-scaled.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323495/; classtype:trojan-activity;sid:84186595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323496)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58097_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323496/; classtype:trojan-activity;sid:84186596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323497)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323497/; classtype:trojan-activity;sid:84186597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323498)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/haberlersuudiarab.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323498/; classtype:trojan-activity;sid:84186598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323499)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preeti-x-anupam-4-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323499/; classtype:trojan-activity;sid:84186599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323500)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_36.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323500/; classtype:trojan-activity;sid:84186600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323488)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-38-radicado-2985442024-nombre-peticionario-diana-carolina-gonzalez-lopez.pdf.lnk"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323488/; classtype:trojan-activity;sid:84186588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugi.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323489/; classtype:trojan-activity;sid:84186589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323483)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fb_img_1519670817341-1024x768.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323483/; classtype:trojan-activity;sid:84186583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323485)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-kelly-20-vert-frizz-silver-hardware_set_015-675x675.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323485/; classtype:trojan-activity;sid:84186585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323486)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-07-06-at-13.00.10-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323486/; classtype:trojan-activity;sid:84186586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323487)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/grs_27_11-1.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323487/; classtype:trojan-activity;sid:84186587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323478)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-arquivo-agencia-brasilia-7-dgqcss.jpeg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323478/; classtype:trojan-activity;sid:84186578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323479)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/db2132_imagen-de-las-botas-de-futbol-predator-tango-18.3-tf-2018-rosa_1_pie-derecho.jpg.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323479/; classtype:trojan-activity;sid:84186579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323480)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20231130_091844-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323480/; classtype:trojan-activity;sid:84186580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323481)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58049_42.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323481/; classtype:trojan-activity;sid:84186581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323482)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-sandpiper-2017-living-area-49.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323482/; classtype:trojan-activity;sid:84186582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323475)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323475/; classtype:trojan-activity;sid:84186575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323476)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-integral-sep-2024.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323476/; classtype:trojan-activity;sid:84186576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323477)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-best-practices-2024-2.0.0.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323477/; classtype:trojan-activity;sid:84186577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323473)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-21-at-17.14.23-3vnxa2.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323473/; classtype:trojan-activity;sid:84186573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323474)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unknown-5.jpeg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323474/; classtype:trojan-activity;sid:84186574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323466)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seleccionados-peque-exploradores-2024-1.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323466/; classtype:trojan-activity;sid:84186566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323467)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47479_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323467/; classtype:trojan-activity;sid:84186567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323468)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56856_16.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323468/; classtype:trojan-activity;sid:84186568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323469)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plat-map-1-scaled.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323469/; classtype:trojan-activity;sid:84186569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323470)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-legal-contract-2024-2-2-0.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323470/; classtype:trojan-activity;sid:84186570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323471)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rf203317-campeonato_espan25252525252525252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525252525252525bea_absoluto_17_r.pdf.lnk"; http_uri; depth:187; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323471/; classtype:trojan-activity;sid:84186571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323472)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wiltamamegalogo.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323472/; classtype:trojan-activity;sid:84186572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323460)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fachada-02.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323460/; classtype:trojan-activity;sid:84186560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323461)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/certificado-local-virtual.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323461/; classtype:trojan-activity;sid:84186561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323462)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/32_breeky-burger-td_retouch-e1709786045766.png.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323462/; classtype:trojan-activity;sid:84186562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323463)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informacion-alergenos-manjares_08-1030x728.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323463/; classtype:trojan-activity;sid:84186563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323464)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guiam.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323464/; classtype:trojan-activity;sid:84186564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323465)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/catalogo2023.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323465/; classtype:trojan-activity;sid:84186565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323453)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imag0032.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323453/; classtype:trojan-activity;sid:84186553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323454)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6353.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323454/; classtype:trojan-activity;sid:84186554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323455)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bwk-sat-2-332-b-1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323455/; classtype:trojan-activity;sid:84186555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323456)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323456/; classtype:trojan-activity;sid:84186556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323457)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf0409.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323457/; classtype:trojan-activity;sid:84186557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323458)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide-de-conformite-reglementaire-binance-coin-20241.8.5.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323458/; classtype:trojan-activity;sid:84186558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323459)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin2525252525252525252520audit2525252525252525252520report2525252525252525252520202425252525252525252525205.1.2.pdf.lnk"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323459/; classtype:trojan-activity;sid:84186559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323452)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/outward-shoulder-rotater-1-271x300.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323452/; classtype:trojan-activity;sid:84186552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323449)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-devel.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323449/; classtype:trojan-activity;sid:84186549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323450)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-pre-delivery-guide.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323450/; classtype:trojan-activity;sid:84186550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323451)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/turan-3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323451/; classtype:trojan-activity;sid:84186551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323443)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b5a885a4-89fb-50b0-0b41-9284fbacf4c3.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323443/; classtype:trojan-activity;sid:84186543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323444)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/algorand-smart-contract-tutorial-20245.6.2.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323444/; classtype:trojan-activity;sid:84186544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323445)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hammer-7354618_1280-e1731507580458-uyqeex.jpeg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323445/; classtype:trojan-activity;sid:84186545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323446)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/09.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323446/; classtype:trojan-activity;sid:84186546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323447)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo3.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323447/; classtype:trojan-activity;sid:84186547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323448)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave_roadmap_2024_3.6.6.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323448/; classtype:trojan-activity;sid:84186548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323439)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/watt-star-gel-40-ml-gel-energetico.jpeg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323439/; classtype:trojan-activity;sid:84186539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323440)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tether-community-guidelines-2024-1-7-4.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323440/; classtype:trojan-activity;sid:84186540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d90a18e7-9726-4c9a-a0e7-ec366822c083.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323441/; classtype:trojan-activity;sid:84186541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323442)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1624.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323442/; classtype:trojan-activity;sid:84186542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323437)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-explora-el-cine-2019.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323437/; classtype:trojan-activity;sid:84186537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323438)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/itapua-08.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323438/; classtype:trojan-activity;sid:84186538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323430)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_12n_bar.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323430/; classtype:trojan-activity;sid:84186530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323431)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17214054352674e166c47203ea0bde9945b16515a4.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323431/; classtype:trojan-activity;sid:84186531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323432)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primary-section-annual-function-7.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323432/; classtype:trojan-activity;sid:84186532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323433)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-lego-3.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323433/; classtype:trojan-activity;sid:84186533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323434)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-food-booth-sidewall-grape.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323434/; classtype:trojan-activity;sid:84186534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323435)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3470-600-x-400.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323435/; classtype:trojan-activity;sid:84186535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323436)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/petrosea2-1.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323436/; classtype:trojan-activity;sid:84186536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323424)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eclipse8-pppv-baseball-1.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323424/; classtype:trojan-activity;sid:84186524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323425)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/celebrating-40-years-of-mig-v2.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323425/; classtype:trojan-activity;sid:84186525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323426)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d_nq_np_966405-mlm32046081741_092019-o.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323426/; classtype:trojan-activity;sid:84186526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323427)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/43779479_255071758535560_7064208694311374880_n.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323427/; classtype:trojan-activity;sid:84186527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-2.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323428/; classtype:trojan-activity;sid:84186528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323429)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/veja-village-praia-ext-quadra-de-tenis-r01resultado-1.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323429/; classtype:trojan-activity;sid:84186529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323420)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323420/; classtype:trojan-activity;sid:84186520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57786_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323421/; classtype:trojan-activity;sid:84186521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323422)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-98-scaled.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323422/; classtype:trojan-activity;sid:84186522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323423)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-terminal-de-transporte-enero-2024.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323423/; classtype:trojan-activity;sid:84186523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323416)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/103445718_10157789964938743_2424272777231936380_n.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323416/; classtype:trojan-activity;sid:84186516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323417)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/crc-anti-seize-copper-msds.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323417/; classtype:trojan-activity;sid:84186517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323418)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-4-1200x800.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323418/; classtype:trojan-activity;sid:84186518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323419)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6163.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323419/; classtype:trojan-activity;sid:84186519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323412)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3274-2-1200x800.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323412/; classtype:trojan-activity;sid:84186512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323413)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/inas_compressed.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323413/; classtype:trojan-activity;sid:84186513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323414)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/siding-roofing.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323414/; classtype:trojan-activity;sid:84186514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323415)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.sc_.-botany-syllabus-cbcs.-21-22-annexure-i.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323415/; classtype:trojan-activity;sid:84186515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323407)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-subm.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323407/; classtype:trojan-activity;sid:84186507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323408)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/planimetria-a-2.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323408/; classtype:trojan-activity;sid:84186508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323409)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9392-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323409/; classtype:trojan-activity;sid:84186509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323410)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/materi-par-p.-agus.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323410/; classtype:trojan-activity;sid:84186510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323411)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shanher716690_2_xl.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323411/; classtype:trojan-activity;sid:84186511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323401)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/especial-australia_compressed.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323401/; classtype:trojan-activity;sid:84186501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323402)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ata_age25jun15.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323402/; classtype:trojan-activity;sid:84186502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323403)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-smart-contract-tutorial-20241.6.0.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323403/; classtype:trojan-activity;sid:84186503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323404)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asf20thanniversary.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323404/; classtype:trojan-activity;sid:84186504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323405)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marvel-x.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323405/; classtype:trojan-activity;sid:84186505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323406)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/princess-peach-coloring-pages-printable.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323406/; classtype:trojan-activity;sid:84186506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323400)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sig-p365-5.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323400/; classtype:trojan-activity;sid:84186500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323395)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/338.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323395/; classtype:trojan-activity;sid:84186495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323396)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/with-frame-2_0.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323396/; classtype:trojan-activity;sid:84186496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323397)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/convocatorias-rendiciones-de-cuentas-localidades-2024.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323397/; classtype:trojan-activity;sid:84186497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323398)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-ewl-121.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323398/; classtype:trojan-activity;sid:84186498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323399)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/defensa.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323399/; classtype:trojan-activity;sid:84186499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323389)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-develop.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:240; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323389/; classtype:trojan-activity;sid:84186489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323390)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie2.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323390/; classtype:trojan-activity;sid:84186490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323391)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/index.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323391/; classtype:trojan-activity;sid:84186491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323392)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-002-altas-bajas-de-palomas.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323392/; classtype:trojan-activity;sid:84186492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323393)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-tanpa-judul-94-1.png.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323393/; classtype:trojan-activity;sid:84186493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323394)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/333.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323394/; classtype:trojan-activity;sid:84186494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323382)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msbk3508904_3.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323382/; classtype:trojan-activity;sid:84186482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323384)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-re.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323384/; classtype:trojan-activity;sid:84186484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323385)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seek-downlighter.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323385/; classtype:trojan-activity;sid:84186485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323386)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requir.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323386/; classtype:trojan-activity;sid:84186486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323387)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1622-e1626454104516.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323387/; classtype:trojan-activity;sid:84186487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323388)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/verb-glossy-shampoo-12oz-rve-ver-cgls12-228x228-1.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323388/; classtype:trojan-activity;sid:84186488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myjaca-majormaker-supreme-7019b-7-scaled.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323380/; classtype:trojan-activity;sid:84186480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-10.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323381/; classtype:trojan-activity;sid:84186481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323376)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viena7.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323376/; classtype:trojan-activity;sid:84186476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323377)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11.-zips-single-port-alarm-unit-indonesia.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323377/; classtype:trojan-activity;sid:84186477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323378)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplug.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:230; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323378/; classtype:trojan-activity;sid:84186478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323379)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-156-sinaloa-1105-col-roma-5.jpeg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323379/; classtype:trojan-activity;sid:84186479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323375)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/papel-filtrante-do-filtro-prensa-de-diesel-725252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525977.jpg.lnk"; http_uri; depth:264; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323375/; classtype:trojan-activity;sid:84186475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323366)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desemprego-3-nj8q9e.jpeg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323366/; classtype:trojan-activity;sid:84186466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323367)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin_regulatory_compliance_guide_20245.9.6.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323367/; classtype:trojan-activity;sid:84186467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323368)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/les-necessaires-d-hermes-groom-valet--931088m25252001-worn-3-0-0-320-320_g.jpg.lnk"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323368/; classtype:trojan-activity;sid:84186468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323369)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moss-youtube-thumbnail-224x126_x1.5.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323369/; classtype:trojan-activity;sid:84186469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323370)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/persian-singers-5.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323370/; classtype:trojan-activity;sid:84186470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323371)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp4626.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323371/; classtype:trojan-activity;sid:84186471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323372)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/procesal.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323372/; classtype:trojan-activity;sid:84186472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323373)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain-mining-setup-guide-20241.9.6.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323373/; classtype:trojan-activity;sid:84186473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323374)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mask-group-2.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323374/; classtype:trojan-activity;sid:84186474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323360)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/102.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323360/; classtype:trojan-activity;sid:84186460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323361)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cfa80b12-1731955796281-547049361-thessaoloniki-dolofonia1.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323361/; classtype:trojan-activity;sid:84186461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323362)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-ano-2015-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323362/; classtype:trojan-activity;sid:84186462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323363)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/320-direccion-de-servicio-al-ciudadano.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323363/; classtype:trojan-activity;sid:84186463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323364)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modelo-carta-solicitud-ruc-junio-2024.doc.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323364/; classtype:trojan-activity;sid:84186464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323365)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323365/; classtype:trojan-activity;sid:84186465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323355)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ec-102-compressed-wa1jxr.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323355/; classtype:trojan-activity;sid:84186455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323356)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gujarat-10th-ranked-co-ed-day-school-by-education-world.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323356/; classtype:trojan-activity;sid:84186456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323357)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dickslogo2004.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323357/; classtype:trojan-activity;sid:84186457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323358)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-12.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323358/; classtype:trojan-activity;sid:84186458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323359)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdcmx-puebla4.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323359/; classtype:trojan-activity;sid:84186459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323352)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imagen-pagos-online.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323352/; classtype:trojan-activity;sid:84186452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323353)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/118375201_3598257816885155_8158661852379148887_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323353/; classtype:trojan-activity;sid:84186453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323354)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/russian-singers-2.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323354/; classtype:trojan-activity;sid:84186454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323346)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01-acta-2022-10-7-ordinaria-1.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323346/; classtype:trojan-activity;sid:84186446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323347)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/28cdd1ce-1c78-ce46-8b3f-9372fb0a8948.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323347/; classtype:trojan-activity;sid:84186447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323348)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-11-21-at-10.48.21.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323348/; classtype:trojan-activity;sid:84186448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323349)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-staas-logo-favicon-300x300.png.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323349/; classtype:trojan-activity;sid:84186449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323350)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.-httpwww.pinterest.compin419890365232431881.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323350/; classtype:trojan-activity;sid:84186450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323351)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/frenchfries.jpeg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323351/; classtype:trojan-activity;sid:84186451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1670596495410.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323343/; classtype:trojan-activity;sid:84186443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323344)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pichinco-en-busca-del-agua-web.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323344/; classtype:trojan-activity;sid:84186444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323345)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323345/; classtype:trojan-activity;sid:84186445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323339)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/metas-cnj-01.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323339/; classtype:trojan-activity;sid:84186439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323340)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d-1.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323340/; classtype:trojan-activity;sid:84186440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323341)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1_20230530_115036_0000.png.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323341/; classtype:trojan-activity;sid:84186441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323342)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59021_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323342/; classtype:trojan-activity;sid:84186442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323336)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hindi_course_outcome.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323336/; classtype:trojan-activity;sid:84186436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323337)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4_20230530_115037_0003.png.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323337/; classtype:trojan-activity;sid:84186437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323338)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1124225-bulletin.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323338/; classtype:trojan-activity;sid:84186438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323334)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/578357579.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323334/; classtype:trojan-activity;sid:84186434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323335)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formulario-inscripci252525252525252525252525252525c3252525252525252525252525252525b3n.pdf.lnk"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323335/; classtype:trojan-activity;sid:84186435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323324)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-bag-and-scarf-colors-fall-2021.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323324/; classtype:trojan-activity;sid:84186424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323325)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquery254-zebar-school-for-children-thaltej-pro-order-abad-rural.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323325/; classtype:trojan-activity;sid:84186425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323326)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170754_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323326/; classtype:trojan-activity;sid:84186426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323327)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-sat-1-arm-2-1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323327/; classtype:trojan-activity;sid:84186427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323328)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bhabsons-profile.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323328/; classtype:trojan-activity;sid:84186428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323329)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kupur3.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323329/; classtype:trojan-activity;sid:84186429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323330)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5d8c126aa47534f6b7b23c0e113858c4-1.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323330/; classtype:trojan-activity;sid:84186430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323331)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1912198291838.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323331/; classtype:trojan-activity;sid:84186431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323332)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-iie.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323332/; classtype:trojan-activity;sid:84186432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323333)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sne-tache-4.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323333/; classtype:trojan-activity;sid:84186433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323319)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-req.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323319/; classtype:trojan-activity;sid:84186419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323320)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/crizal_rock_external_white_paper_eng.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323320/; classtype:trojan-activity;sid:84186420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323321)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/legalitas2.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323321/; classtype:trojan-activity;sid:84186421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-o4224ar3l309c-product-image-scaled.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323322/; classtype:trojan-activity;sid:84186422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323323)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-require.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323323/; classtype:trojan-activity;sid:84186423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323316)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sac-a-main-hermes-herbag-31-zip-en-toile-cuir-beige.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323316/; classtype:trojan-activity;sid:84186416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323317)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryadobe-photoshop-crack.comcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323317/; classtype:trojan-activity;sid:84186417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323318)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ea87d368-7e8d-b7b0-8b08-994f78550ae7-1.png.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323318/; classtype:trojan-activity;sid:84186418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323310)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-2-1-725x544-1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323310/; classtype:trojan-activity;sid:84186410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323311)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-railskirt-10-punch-red.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323311/; classtype:trojan-activity;sid:84186411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323312)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/110i210i.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323312/; classtype:trojan-activity;sid:84186412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323313)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-2020-12-11-ordinaria.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323313/; classtype:trojan-activity;sid:84186413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323314)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_475e2eddc8ef9d6eebc9580e0a5c2328.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323314/; classtype:trojan-activity;sid:84186414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323315)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pro-stake-kit-brochure.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323315/; classtype:trojan-activity;sid:84186415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323303/; classtype:trojan-activity;sid:84186403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/what-natural-remedies-for-erectile-problems.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323304/; classtype:trojan-activity;sid:84186404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323305)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ursinha-de-feltro-cantinho-da-thiana.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323305/; classtype:trojan-activity;sid:84186405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323306)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coucher-_soleil3.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323306/; classtype:trojan-activity;sid:84186406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323307)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-25-at-15.11.23_bc01ec5e.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323307/; classtype:trojan-activity;sid:84186407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323308)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bb9c4bdb-7198-4604-8326-ce3cc5834577_7390c88c.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323308/; classtype:trojan-activity;sid:84186408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323309)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-21-at-19.35.55-7us8te.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323309/; classtype:trojan-activity;sid:84186409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323299)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-0908-1030x772.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323299/; classtype:trojan-activity;sid:84186399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323300)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eixo-monumental-5-lotes-dsny7s.jpeg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323300/; classtype:trojan-activity;sid:84186400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323301)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1674910214d8e35a0a36ebc4790189002e15623fd7.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323301/; classtype:trojan-activity;sid:84186401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55876_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323302/; classtype:trojan-activity;sid:84186402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323296)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/interloop-md-house-2.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323296/; classtype:trojan-activity;sid:84186396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323297)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/113485015112.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323297/; classtype:trojan-activity;sid:84186397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323298)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.a.konkani_syllabus.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323298/; classtype:trojan-activity;sid:84186398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323293)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4507-2-scaled.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323293/; classtype:trojan-activity;sid:84186393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323294)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-building-supply-p42i-tc-pellet-insert-8.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323294/; classtype:trojan-activity;sid:84186394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323295)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/castor-oil-pack-instructions.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323295/; classtype:trojan-activity;sid:84186395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323285)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-14.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323285/; classtype:trojan-activity;sid:84186385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323286)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cert-familia-ejemplo-scaled.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323286/; classtype:trojan-activity;sid:84186386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323287)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/august-munchen-germany-hermes-outlet-store-city-mall-172393339.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323287/; classtype:trojan-activity;sid:84186387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/venta-acciones.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323288/; classtype:trojan-activity;sid:84186388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saye-sifir-atik-katalog.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323289/; classtype:trojan-activity;sid:84186389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323290)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunglasses-kaleos-sheridan-2-round-green-brown-by-kambio-eyewear-front.jpg.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323290/; classtype:trojan-activity;sid:84186390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323291)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20201224_134858.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323291/; classtype:trojan-activity;sid:84186391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323292)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cal.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323292/; classtype:trojan-activity;sid:84186392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323280)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/premium-akc25cc25a7a.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323280/; classtype:trojan-activity;sid:84186380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/71ukpyvc6cs._sl1500_.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323281/; classtype:trojan-activity;sid:84186381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3859-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323282/; classtype:trojan-activity;sid:84186382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20220326_133227-removebg-preview.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323283/; classtype:trojan-activity;sid:84186383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3437-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323284/; classtype:trojan-activity;sid:84186384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323274)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/handbook-2021-22.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323274/; classtype:trojan-activity;sid:84186374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dia-da-consciencia-negra-pzrfuq.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323275/; classtype:trojan-activity;sid:84186375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323276)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6658.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323276/; classtype:trojan-activity;sid:84186376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323277)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4459601_1851101.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323277/; classtype:trojan-activity;sid:84186377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323278)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-4.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323278/; classtype:trojan-activity;sid:84186378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323279)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/petlas-195-50-r16-tl-84v-velox-sport-pt741-1955016-4377.png.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323279/; classtype:trojan-activity;sid:84186379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323267)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/313341125924.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323267/; classtype:trojan-activity;sid:84186367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323268)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-75.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323268/; classtype:trojan-activity;sid:84186368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323269)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pj-min-2.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323269/; classtype:trojan-activity;sid:84186369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323270)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agilest_tlr_info_03.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323270/; classtype:trojan-activity;sid:84186370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323271)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/isula-poker-regles.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323271/; classtype:trojan-activity;sid:84186371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323272)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rti_citizen_charter2021.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323272/; classtype:trojan-activity;sid:84186372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323273)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-fae_2017-web.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323273/; classtype:trojan-activity;sid:84186373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323263)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/436725299_342763758803797_8601220966904392190_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323263/; classtype:trojan-activity;sid:84186363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323264)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60174_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323264/; classtype:trojan-activity;sid:84186364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323265)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/30-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323265/; classtype:trojan-activity;sid:84186365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323266)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/118797368_3598257826885154_1684847076174089874_o.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323266/; classtype:trojan-activity;sid:84186366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323262)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_herbag__backpack_vintag_1617259193_4522a9fb_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323262/; classtype:trojan-activity;sid:84186362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323257)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/corporate-social-responsibility-beyond-community-relations.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323257/; classtype:trojan-activity;sid:84186357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323258)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery-26.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323258/; classtype:trojan-activity;sid:84186358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323259)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mask-group-6.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323259/; classtype:trojan-activity;sid:84186359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323260)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6752.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323260/; classtype:trojan-activity;sid:84186360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323261)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.04.10.2024-per-portalin-24-25-1.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323261/; classtype:trojan-activity;sid:84186361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323251)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-t2525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525adtulo-1.jpg.lnk"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323251/; classtype:trojan-activity;sid:84186351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323252)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/weekly-calendar-november-2024.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323252/; classtype:trojan-activity;sid:84186352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323253)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/les-necessaires-d-hermes-groom-valet--960188m25252001-worn-2-0-0-1000-1000_g.jpg.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323253/; classtype:trojan-activity;sid:84186353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323254)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mola-convocatoria-curiosasmentes-2024.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323254/; classtype:trojan-activity;sid:84186354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323255)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guiacsdocentes.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323255/; classtype:trojan-activity;sid:84186355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323256)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51aigctvokl._ac_sy580_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323256/; classtype:trojan-activity;sid:84186356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323245)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59814_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323245/; classtype:trojan-activity;sid:84186345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323246)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238927473_106374821759011_7219786027362176812_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323246/; classtype:trojan-activity;sid:84186346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323247)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultados-2013.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323247/; classtype:trojan-activity;sid:84186347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323248)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/haiti-eco-3.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323248/; classtype:trojan-activity;sid:84186348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323249)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-final-epscyt-2015.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323249/; classtype:trojan-activity;sid:84186349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323250)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xx-trofeo-arcoastur.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323250/; classtype:trojan-activity;sid:84186350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323241)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-presupuestal-corte-a-junio-2022-ttb-en-formato-pdf.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323241/; classtype:trojan-activity;sid:84186341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323242)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-sep-2024.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323242/; classtype:trojan-activity;sid:84186342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323243)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/property-1hatton-img-gallery-2.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323243/; classtype:trojan-activity;sid:84186343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323244)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/camioneta-elctrica-montable-land-rover-defender-20201220144259.2766380015.jpg.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323244/; classtype:trojan-activity;sid:84186344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323233)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hostel-karadjordje3.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323233/; classtype:trojan-activity;sid:84186333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323234)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-1440rfeta22.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323234/; classtype:trojan-activity;sid:84186334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323235)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/situacion-financiera-dic-2018.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323235/; classtype:trojan-activity;sid:84186335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323236)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requi.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323236/; classtype:trojan-activity;sid:84186336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323237)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deska-sedesowa-z-funkcja-bidetu-majormaker-smaragd-200a-2.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323237/; classtype:trojan-activity;sid:84186337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323238)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fb2ad6ca-e0ad-4705-730f-475e4f29d535.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323238/; classtype:trojan-activity;sid:84186338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323239)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplug.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323239/; classtype:trojan-activity;sid:84186339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323240)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/billetto-editorial-334686-unsplash.png.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323240/; classtype:trojan-activity;sid:84186340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323227)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpc-cooldry-rossignol-rsgl-primera-capa-mujer-6.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323227/; classtype:trojan-activity;sid:84186327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323228)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nanopto2023-e1699525316999.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323228/; classtype:trojan-activity;sid:84186328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323229)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rogier.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323229/; classtype:trojan-activity;sid:84186329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323230)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8683-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323230/; classtype:trojan-activity;sid:84186330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323231)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/liflet.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323231/; classtype:trojan-activity;sid:84186331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323232)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image_3a138b09_aac5_49be_a0a2_3f2e3fcebb84_master.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323232/; classtype:trojan-activity;sid:84186332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323224)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-trading-strategy-20245-8-3.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323224/; classtype:trojan-activity;sid:84186324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323225)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61898_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323225/; classtype:trojan-activity;sid:84186325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323226)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57199_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323226/; classtype:trojan-activity;sid:84186326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323222)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-energy-saving-dne411.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323222/; classtype:trojan-activity;sid:84186322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323223)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1722-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323223/; classtype:trojan-activity;sid:84186323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323218)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f.1-cerere-pentru-emiterea-certificatului-de-urbanism.doc.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323218/; classtype:trojan-activity;sid:84186318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323219)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majocchi_modello231_versioneinternet-2018.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323219/; classtype:trojan-activity;sid:84186319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323220)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img7.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323220/; classtype:trojan-activity;sid:84186320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323221)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambios-situacion-financiera-2014.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323221/; classtype:trojan-activity;sid:84186321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323214)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/376_a.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323214/; classtype:trojan-activity;sid:84186314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323215)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2024-08-01_10-48-10-1030x773.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323215/; classtype:trojan-activity;sid:84186315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323216)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14607310457552_674x0.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323216/; classtype:trojan-activity;sid:84186316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323217)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/inferno-bpr-termogenico-bruciagrassi.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323217/; classtype:trojan-activity;sid:84186317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323207)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/andaina4-uai-258x145.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323207/; classtype:trojan-activity;sid:84186307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323208)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-ejecucion-presupuestal-a-diciembre-2019-en-formato-pdf.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323208/; classtype:trojan-activity;sid:84186308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323209)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landscapes-3.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323209/; classtype:trojan-activity;sid:84186309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323210)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-12-proclamacion-definitiva-del-presidente-fcrm.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323210/; classtype:trojan-activity;sid:84186310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323211)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20241201_205323-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323211/; classtype:trojan-activity;sid:84186311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323212)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-87.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323212/; classtype:trojan-activity;sid:84186312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323213)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20200213-wa0050-768x1024.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323213/; classtype:trojan-activity;sid:84186313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323201)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alw-808.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323201/; classtype:trojan-activity;sid:84186301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323202)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-security-best-practices-20244.9.1.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323202/; classtype:trojan-activity;sid:84186302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323203)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-2021-01-26-extraordinaria.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323203/; classtype:trojan-activity;sid:84186303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323204)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pack-de-figuras-batman-vs-superman-mattel-dln32.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323204/; classtype:trojan-activity;sid:84186304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323205)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/land-deed.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323205/; classtype:trojan-activity;sid:84186305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323206)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galle.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323206/; classtype:trojan-activity;sid:84186306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323195)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2525252525252525255bsoftwarenameandversion2525252525252525255d.pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323195/; classtype:trojan-activity;sid:84186295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323196)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-261.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323196/; classtype:trojan-activity;sid:84186296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323197)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/25.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323197/; classtype:trojan-activity;sid:84186297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/50207.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323198/; classtype:trojan-activity;sid:84186298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323199)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpk-jansen-rossignol-rsgl-tercera-capa-mujer-negro-3.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323199/; classtype:trojan-activity;sid:84186299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323200)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171369_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323200/; classtype:trojan-activity;sid:84186300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323190)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/familia-envolvida-no-narcotrafico-e-alvo-de-operacao-no-entorno-ruw8zz.jpeg.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323190/; classtype:trojan-activity;sid:84186290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323191)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4683675435.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323191/; classtype:trojan-activity;sid:84186291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323192)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60080_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323192/; classtype:trojan-activity;sid:84186292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323193)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resize-3.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323193/; classtype:trojan-activity;sid:84186293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323194)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cata25252525252525252525252525252525cc2525252525252525252525252525252581logo-cti-slep_barrancas.pdf.lnk"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323194/; classtype:trojan-activity;sid:84186294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323183)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apple-watch-herm2525c32525a8s-gourmette-double-tour-in-fauve-bar2525c32525a9nia-leather..jpg.lnk"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323183/; classtype:trojan-activity;sid:84186283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323184)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/backdrop-bien-1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323184/; classtype:trojan-activity;sid:84186284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323185)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/examination-fee-structure.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323185/; classtype:trojan-activity;sid:84186285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323186)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primary-section-annual-function-2.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323186/; classtype:trojan-activity;sid:84186286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323187)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-junta-directiva-25-04-2024.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323187/; classtype:trojan-activity;sid:84186287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323188)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9719.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323188/; classtype:trojan-activity;sid:84186288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323189)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1488-wr-2.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323189/; classtype:trojan-activity;sid:84186289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323181)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hotel-las-plazas-quito-ecuador-galeria1.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323181/; classtype:trojan-activity;sid:84186281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323182)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/34_veggie-stack-td_retouch.png.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323182/; classtype:trojan-activity;sid:84186282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323177)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a__iqac_minutes_and_action_report_11th_april_2019.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323177/; classtype:trojan-activity;sid:84186277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323178)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hrperion-01a.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323178/; classtype:trojan-activity;sid:84186278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323179)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/62150_0.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323179/; classtype:trojan-activity;sid:84186279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323180)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/front-view-revise-01-1024x614.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323180/; classtype:trojan-activity;sid:84186280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323172)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oferta_czeskie_marki_piw.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323172/; classtype:trojan-activity;sid:84186272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323173)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/09-1.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323173/; classtype:trojan-activity;sid:84186273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323174)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capture-2.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323174/; classtype:trojan-activity;sid:84186274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323175)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/samsung-11kg-ai-control-front-load-washing-machine-ww11cg604dlb-2.png.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323175/; classtype:trojan-activity;sid:84186275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323176)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cinco-rios-fishing03.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323176/; classtype:trojan-activity;sid:84186276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323170)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10864_alt9.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323170/; classtype:trojan-activity;sid:84186270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323171)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/167646649602bbe3e331c165c2dafd77626e73cd92.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323171/; classtype:trojan-activity;sid:84186271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323167)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20431562_1489158161150475_3152717253862416837_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323167/; classtype:trojan-activity;sid:84186267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323168)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-2-1200x800.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323168/; classtype:trojan-activity;sid:84186268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323169)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-09-16-at-20.22.51.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323169/; classtype:trojan-activity;sid:84186269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323158)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fluke_pinces_multimetres_et_testeurs_electriques_fr.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323158/; classtype:trojan-activity;sid:84186258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323159)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-terminal-de-transporte-octubre-2024.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323159/; classtype:trojan-activity;sid:84186259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323160)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0972.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323160/; classtype:trojan-activity;sid:84186260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323161)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323161/; classtype:trojan-activity;sid:84186261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323162)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_16.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323162/; classtype:trojan-activity;sid:84186262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323163)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47479_44.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323163/; classtype:trojan-activity;sid:84186263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323164)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hustle-pkg-web-1-e1646220553159.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323164/; classtype:trojan-activity;sid:84186264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323165)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/muzike-piano-sekondare_1.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323165/; classtype:trojan-activity;sid:84186265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323166)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/protegeme_instruyeme_grande.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323166/; classtype:trojan-activity;sid:84186266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323156)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20241127_211456_canva-762x1030.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323156/; classtype:trojan-activity;sid:84186256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323157)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iqac-1staug2017.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323157/; classtype:trojan-activity;sid:84186257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323153)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dossier-2020_antartica.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323153/; classtype:trojan-activity;sid:84186253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323154)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20241023_143936.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323154/; classtype:trojan-activity;sid:84186254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323155)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-13.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323155/; classtype:trojan-activity;sid:84186255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323149)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-51-radicado-20240520071101-nombre-peticionario-anonimo.pdf.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323149/; classtype:trojan-activity;sid:84186249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323150)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c57516299b7ab157dea8dd08fc50f0f7.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323150/; classtype:trojan-activity;sid:84186250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323151)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp9036.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323151/; classtype:trojan-activity;sid:84186251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323152)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59806_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323152/; classtype:trojan-activity;sid:84186252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323143)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/303-tvd_p2_depto-transportadr.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323143/; classtype:trojan-activity;sid:84186243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323144)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-tundra-2.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323144/; classtype:trojan-activity;sid:84186244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323145)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estatutos-federacion-de-colombicultura-borm.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323145/; classtype:trojan-activity;sid:84186245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323146)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20241023_144209.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323146/; classtype:trojan-activity;sid:84186246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323147)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/158871-3_1_jornada-puerta-abiertas-crn-ganaderia.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323147/; classtype:trojan-activity;sid:84186247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323148)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-bb404-p-1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323148/; classtype:trojan-activity;sid:84186248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323136)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coem-reverso-2.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323136/; classtype:trojan-activity;sid:84186236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323137)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-defi-protokolldokumentation-20245.4.7.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323137/; classtype:trojan-activity;sid:84186237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323138)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/codigo-conar-2021_6pv.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323138/; classtype:trojan-activity;sid:84186238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323139)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kelo-cote-solaire-geloctinoxate-octisalate-octocrylene-oxybenzone-uk-1.jpg.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323139/; classtype:trojan-activity;sid:84186239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323140)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thelyrasociety_newsletter2018.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323140/; classtype:trojan-activity;sid:84186240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323141)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-263.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323141/; classtype:trojan-activity;sid:84186241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323142)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2017-actualizado-24-1-20-reglamento-general-de-competicion-y-disciplina-de-la-fcrm-.pdf.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323142/; classtype:trojan-activity;sid:84186242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323132)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-developme.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323132/; classtype:trojan-activity;sid:84186232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323133)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/de7907bd-0011-49e5-90b4-24c5b7c0bf27_23e1aa5a-b5a0-4837-849c-837088d33394_800x.jpg.lnk"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323133/; classtype:trojan-activity;sid:84186233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323134)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lof-logo-gtl.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323134/; classtype:trojan-activity;sid:84186234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323135)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/350b74f8-f9a1-4c75-8106-fc3c9a4adc84.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323135/; classtype:trojan-activity;sid:84186235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323127)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atrium.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323127/; classtype:trojan-activity;sid:84186227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323128)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/itapua-11.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323128/; classtype:trojan-activity;sid:84186228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323129)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie4.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323129/; classtype:trojan-activity;sid:84186229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323130)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20241023_143900.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323130/; classtype:trojan-activity;sid:84186230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323131)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinai-pearl-beige-6.jpeg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323131/; classtype:trojan-activity;sid:84186231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323120)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/staff-parties-img-2-408x544-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323120/; classtype:trojan-activity;sid:84186220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323121)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/podrecznik-dla-organizatorow-ruchu-pieszego.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323121/; classtype:trojan-activity;sid:84186221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323122)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aquaclean-220ml-lbl.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323122/; classtype:trojan-activity;sid:84186222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323123)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tesss.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323123/; classtype:trojan-activity;sid:84186223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323124)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9057.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323124/; classtype:trojan-activity;sid:84186224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323125)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gardenland.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323125/; classtype:trojan-activity;sid:84186225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323126)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/with-frame_0.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323126/; classtype:trojan-activity;sid:84186226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323117)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59450_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323117/; classtype:trojan-activity;sid:84186217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323118)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/what-can-i-take-to-last-longer-in-bed.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323118/; classtype:trojan-activity;sid:84186218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323119)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0002.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323119/; classtype:trojan-activity;sid:84186219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323116)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323116/; classtype:trojan-activity;sid:84186216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323110)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-3.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323110/; classtype:trojan-activity;sid:84186210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323111)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/property-4hatoon-gallery-img-3-1-copy.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323111/; classtype:trojan-activity;sid:84186211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323112)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hazer-amani-2-e1646393274839.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323112/; classtype:trojan-activity;sid:84186212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323113)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/09laboratorios-sophia-1.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323113/; classtype:trojan-activity;sid:84186213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323114)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/picture1-2.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323114/; classtype:trojan-activity;sid:84186214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323115)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/table_exterieure.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323115/; classtype:trojan-activity;sid:84186215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323106)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2525255bsoftwarenameandversion2525255d.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323106/; classtype:trojan-activity;sid:84186206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323107)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/meia-natalina-de-feltro.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323107/; classtype:trojan-activity;sid:84186207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323108)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-re.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:247; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323108/; classtype:trojan-activity;sid:84186208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323109)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/06_comedorv2-scaled.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323109/; classtype:trojan-activity;sid:84186209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323099)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/basil-oil-2342052901-tds.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323099/; classtype:trojan-activity;sid:84186199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323100)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barrera-instalada-3-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323100/; classtype:trojan-activity;sid:84186200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323101)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mario-coloring-pages-princess-peach.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323101/; classtype:trojan-activity;sid:84186201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323102)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/poza-4.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323102/; classtype:trojan-activity;sid:84186202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323103)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide-nft-polkadot-20245.7.5.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323103/; classtype:trojan-activity;sid:84186203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323104)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wwe-coloring-pages-to-print.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323104/; classtype:trojan-activity;sid:84186204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323105)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunline_spec_sheet_for_base_coat_in_bags_page.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323105/; classtype:trojan-activity;sid:84186205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323097)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dosjet-nga-jashte-2024-19.11.2024.xlsx.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323097/; classtype:trojan-activity;sid:84186197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323098)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ecc-b.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323098/; classtype:trojan-activity;sid:84186198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323095)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roller_100_pocket_mount.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323095/; classtype:trojan-activity;sid:84186195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323096)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/course-main-book-introducing-intercultural-communication-global-cultures-and-contexts-klqv.pdf.lnk"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323096/; classtype:trojan-activity;sid:84186196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323086)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirement.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:187; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323086/; classtype:trojan-activity;sid:84186186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323087)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-30-4000has-sector-entre-guerrero-y-santa-monica-4000has-6.jpeg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323087/; classtype:trojan-activity;sid:84186187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323088)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aakanksha-x-vivek-11-scaled.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323088/; classtype:trojan-activity;sid:84186188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323089)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-venti-boost-21.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323089/; classtype:trojan-activity;sid:84186189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323090)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pac-clad-color-chart.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323090/; classtype:trojan-activity;sid:84186190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323091)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-01-26-at-21.36.59-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323091/; classtype:trojan-activity;sid:84186191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323092)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reportaje-hilda.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323092/; classtype:trojan-activity;sid:84186192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323093)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-15-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323093/; classtype:trojan-activity;sid:84186193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323094)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323094/; classtype:trojan-activity;sid:84186194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323079)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standard-electric-furnace-fo310.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323079/; classtype:trojan-activity;sid:84186179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323080)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standard-electric-furnace-fo810.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323080/; classtype:trojan-activity;sid:84186180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323081)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urdher-nr.610-date-24.10.2023-per-percaktimin-e-datave-te-zhvillimit-te-olimpiadave-kombetare-1.pdf.lnk"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323081/; classtype:trojan-activity;sid:84186181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323082)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vacuum-drying-oven-compact-dp200.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323082/; classtype:trojan-activity;sid:84186182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323083)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/situacion-financiera-dic-2018_.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323083/; classtype:trojan-activity;sid:84186183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323084)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58049_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323084/; classtype:trojan-activity;sid:84186184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323085)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2112198291840.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323085/; classtype:trojan-activity;sid:84186185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323076)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum_security_best_practices_2024_1.3.2.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323076/; classtype:trojan-activity;sid:84186176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323077)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/350.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323077/; classtype:trojan-activity;sid:84186177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323078)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/menu-qr.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323078/; classtype:trojan-activity;sid:84186178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323070)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2620413-new_thickbox.webp.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323070/; classtype:trojan-activity;sid:84186170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323071)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anunt-transfer-2024.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323071/; classtype:trojan-activity;sid:84186171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323072)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/havisha-sharma-chess-tournament-under-11.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323072/; classtype:trojan-activity;sid:84186172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323073)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mi-comuna-vive-la-ciencia_bases-2017.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323073/; classtype:trojan-activity;sid:84186173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323074)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/amazon-birkin-handtas-dupe.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323074/; classtype:trojan-activity;sid:84186174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323075)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323075/; classtype:trojan-activity;sid:84186175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323069)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hnh-gr.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323069/; classtype:trojan-activity;sid:84186169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323060)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pernambuco-tamarineira-int-layout-b-cam02-r01resultado-1.jpg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323060/; classtype:trojan-activity;sid:84186160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323061)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6681.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323061/; classtype:trojan-activity;sid:84186161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323062)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a01_771-263-hdr.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323062/; classtype:trojan-activity;sid:84186162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323063)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/political_science_course_outcomes.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323063/; classtype:trojan-activity;sid:84186163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323064)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323064/; classtype:trojan-activity;sid:84186164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323065)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-iie-2024.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323065/; classtype:trojan-activity;sid:84186165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323066)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2014-10-10-nota-info-ccalls.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323066/; classtype:trojan-activity;sid:84186166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323067)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_19.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323067/; classtype:trojan-activity;sid:84186167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323068)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0236-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323068/; classtype:trojan-activity;sid:84186168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323057)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clay.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323057/; classtype:trojan-activity;sid:84186157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323058)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3326762w1033.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323058/; classtype:trojan-activity;sid:84186158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323059)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saye-sifir-atik-referanslarimiz.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323059/; classtype:trojan-activity;sid:84186159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323056)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adobe-photoshop-crack.com.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323056/; classtype:trojan-activity;sid:84186156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323050)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/candidatures25252525252525252525252525252525252520ca252525252525252525252525252525252525202020.pdf.lnk"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323050/; classtype:trojan-activity;sid:84186150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323051)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nazrahotel02.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323051/; classtype:trojan-activity;sid:84186151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323052)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baby-yoda-coloring-sheet.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323052/; classtype:trojan-activity;sid:84186152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323053)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uso-de-imagen.docx.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323053/; classtype:trojan-activity;sid:84186153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323054)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-11-21-at-10.48.18-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323054/; classtype:trojan-activity;sid:84186154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/verification-statement-climate-change-impacts-of-pharmaceutical-packaging.pdf.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323055/; classtype:trojan-activity;sid:84186155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323043)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/33029_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323043/; classtype:trojan-activity;sid:84186143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323044)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/leaflet-af-015-2022-06-23.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323044/; classtype:trojan-activity;sid:84186144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323045)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nikhil-x-pakhi-9-min.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323045/; classtype:trojan-activity;sid:84186145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323046)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57199_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323046/; classtype:trojan-activity;sid:84186146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323047)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-kelly-20-vert-frizz-silver-hardware_angle_006-675x676.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323047/; classtype:trojan-activity;sid:84186147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323048)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ke2017.2-6.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323048/; classtype:trojan-activity;sid:84186148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323049)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-06-03-at-7.48.00-pm.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323049/; classtype:trojan-activity;sid:84186149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323038)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d.el_.ed_students_list_2020-22.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323038/; classtype:trojan-activity;sid:84186138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323039)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-003-impreso-para-facilitar-el-preparador-las-palomasa-federacion-sociedad.pdf.lnk"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323039/; classtype:trojan-activity;sid:84186139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323040)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/publicacion-de-resultados-finales-conv-002-dl-728.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323040/; classtype:trojan-activity;sid:84186140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323041)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/28.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323041/; classtype:trojan-activity;sid:84186141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323042)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-262.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323042/; classtype:trojan-activity;sid:84186142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323037)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oks-464-tds.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323037/; classtype:trojan-activity;sid:84186137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323035)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22188038_52127598_600.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323035/; classtype:trojan-activity;sid:84186135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323036)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moroccanoil-hydrating-styling-cream-rmo-mor-lhsc10-500x500-1.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323036/; classtype:trojan-activity;sid:84186136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323025)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a0009674-1024x768.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323025/; classtype:trojan-activity;sid:84186125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323026)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3166b.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323026/; classtype:trojan-activity;sid:84186126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323027)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apresentacao.mte.17092024final.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323027/; classtype:trojan-activity;sid:84186127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323028)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/algorand-legal-contract-20245-4-2.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323028/; classtype:trojan-activity;sid:84186128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323029)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1726.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323029/; classtype:trojan-activity;sid:84186129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323030)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monero-mining-setup-guide-2024-3-2-5.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323030/; classtype:trojan-activity;sid:84186130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323031)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-taxation-guide-2024-1.6.2.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323031/; classtype:trojan-activity;sid:84186131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323032)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum-smart-contract-tutorial-2024-1.4.7.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323032/; classtype:trojan-activity;sid:84186132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323033)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_08e97d0f8ad88eb531dfaf80633101d3.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323033/; classtype:trojan-activity;sid:84186133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323034)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/federica.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323034/; classtype:trojan-activity;sid:84186134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323020)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-3.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323020/; classtype:trojan-activity;sid:84186120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323021)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa02suites_venda_centro-caucaia-ce-4.jpeg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323021/; classtype:trojan-activity;sid:84186121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323022)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide-de-la-communaute-solana-20245.0.3.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323022/; classtype:trojan-activity;sid:84186122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323023)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/andaina3.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323023/; classtype:trojan-activity;sid:84186123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323024)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baby-yoda-coloring-sheet-2.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323024/; classtype:trojan-activity;sid:84186124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323016)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/split-face-project-1.jpeg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323016/; classtype:trojan-activity;sid:84186116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323017)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/villeraze5-1024x461.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323017/; classtype:trojan-activity;sid:84186117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323018)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-setelan-training1.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323018/; classtype:trojan-activity;sid:84186118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323019)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/snimok-ekrana-2020-02-20-v-10.48.06.png.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323019/; classtype:trojan-activity;sid:84186119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323011)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m500303_0004003_p.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323011/; classtype:trojan-activity;sid:84186111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323012)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/morbid-thoughts.mp4.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323012/; classtype:trojan-activity;sid:84186112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323013)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/403-tvd_depto-seguridad.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323013/; classtype:trojan-activity;sid:84186113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323014)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo7.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323014/; classtype:trojan-activity;sid:84186114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323015)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iqac-28sept2017.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323015/; classtype:trojan-activity;sid:84186115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323007)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312111384756.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323007/; classtype:trojan-activity;sid:84186107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323008)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_10b_bar.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323008/; classtype:trojan-activity;sid:84186108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323009)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-req.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323009/; classtype:trojan-activity;sid:84186109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323010)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kawaii-axolotl-coloring-page.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323010/; classtype:trojan-activity;sid:84186110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323001)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sundance-spas-splash-120v-paisley-glacier-sparkle-black.jpeg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323001/; classtype:trojan-activity;sid:84186101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323002)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-blockchain-architecture-diagram-20245.6.2.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323002/; classtype:trojan-activity;sid:84186102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323003)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-ppto-diciembre-2021-1.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323003/; classtype:trojan-activity;sid:84186103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323004)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_mikro-bulu.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323004/; classtype:trojan-activity;sid:84186104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323005)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-biscuit-swift-in-and-out-birkin-25-palladium-hardware-2021.jpg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323005/; classtype:trojan-activity;sid:84186105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323006)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57201_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323006/; classtype:trojan-activity;sid:84186106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322997)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/economics.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322997/; classtype:trojan-activity;sid:84186097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322998)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saint-jean-paul-ii.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322998/; classtype:trojan-activity;sid:84186098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322999)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/favicon-1-75x75.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322999/; classtype:trojan-activity;sid:84186099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3323000)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plan-estrategico-2023.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3323000/; classtype:trojan-activity;sid:84186100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322991)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-3-rt-resized-768x1024.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322991/; classtype:trojan-activity;sid:84186091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322992)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srocc_finaldraft_fullreport.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322992/; classtype:trojan-activity;sid:84186092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322993)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tlet.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322993/; classtype:trojan-activity;sid:84186093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322994)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zestawienie-nr-05.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322994/; classtype:trojan-activity;sid:84186094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322995)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide-ico-ido-ieo-cosmos-20242.8.7.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322995/; classtype:trojan-activity;sid:84186095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322996)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/02-solicitud-campeonato-comarcal-para-la-web.doc.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322996/; classtype:trojan-activity;sid:84186096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322987)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/513sq-zknel._ac_sx522_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322987/; classtype:trojan-activity;sid:84186087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322988)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/colectie-poze-6.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322988/; classtype:trojan-activity;sid:84186088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322989)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s11111.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322989/; classtype:trojan-activity;sid:84186089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322990)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/attendance-monitoring-officer-job-description.docx.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322990/; classtype:trojan-activity;sid:84186090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322982)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1730311622780bc06ce46eef7668628a0ffd73bdf7.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322982/; classtype:trojan-activity;sid:84186082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322983)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_convocatoria_pipe_2022-rmsp.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322983/; classtype:trojan-activity;sid:84186083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322984)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/04laboratorios-sophia-1.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322984/; classtype:trojan-activity;sid:84186084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322985)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/milton-sperafico21.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322985/; classtype:trojan-activity;sid:84186085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322986)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bannery_vizualni_identity_sumo2.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322986/; classtype:trojan-activity;sid:84186086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322976)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kuppel-gewaechshaeus-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322976/; classtype:trojan-activity;sid:84186076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322977)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17303116223c368326ad181b67e41ef244c0cf0926.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322977/; classtype:trojan-activity;sid:84186077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322978)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/michael-carl-1.jpeg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322978/; classtype:trojan-activity;sid:84186078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322979)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seleccionadas-pipe-2023.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322979/; classtype:trojan-activity;sid:84186079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322980)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/www.pharmaself24.it-1.mp4.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322980/; classtype:trojan-activity;sid:84186080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322981)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-11-01-at-14.21.40.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322981/; classtype:trojan-activity;sid:84186081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322969)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-oxford15-rossignol-rsgl-top-camisa-hombre-blanca-5.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322969/; classtype:trojan-activity;sid:84186069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-7.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322970/; classtype:trojan-activity;sid:84186070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322971)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eclipse_ide_logo.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322971/; classtype:trojan-activity;sid:84186071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322972)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0723-2.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322972/; classtype:trojan-activity;sid:84186072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322973)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/strategia-anuala-de-achizitie-publica-pentru-anul-2022-anonimizat.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322973/; classtype:trojan-activity;sid:84186073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322974)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-280-2024-encargar-el-despacho-de-la-alcaldia-a-la-regidora-zulema-lizbeth-nunonca-huarca-paea-los-dias-26-y-27.pdf.lnk"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322974/; classtype:trojan-activity;sid:84186074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322975)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-a04142500salt-product-image.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322975/; classtype:trojan-activity;sid:84186075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322965)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0036-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322965/; classtype:trojan-activity;sid:84186065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322966)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0731.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322966/; classtype:trojan-activity;sid:84186066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322967)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bilans-i-rzis-q3-2022-mm-s.a.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322967/; classtype:trojan-activity;sid:84186067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322968)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kryos2-850x4601-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322968/; classtype:trojan-activity;sid:84186068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322964)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cumplimiento-presupuesto-cd-malaga-23-24.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322964/; classtype:trojan-activity;sid:84186064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322958)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/114579822654.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322958/; classtype:trojan-activity;sid:84186058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322959)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3375-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322959/; classtype:trojan-activity;sid:84186059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322960)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/co2-system-actuator.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322960/; classtype:trojan-activity;sid:84186060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322961)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/514108023315.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322961/; classtype:trojan-activity;sid:84186061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322962)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/la-planificacion-pastoral-estrate25252525252525252525cc2525252525252525252581gica.pdf.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322962/; classtype:trojan-activity;sid:84186062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322963)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juz-25.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322963/; classtype:trojan-activity;sid:84186063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322953)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pernambuco-malia-ext-piscina-cam01-r06resultado-1.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322953/; classtype:trojan-activity;sid:84186053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322954)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-100-scaled.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322954/; classtype:trojan-activity;sid:84186054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322955)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nursery-a.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322955/; classtype:trojan-activity;sid:84186055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322956)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-269.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322956/; classtype:trojan-activity;sid:84186056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322957)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/economical-water-bath-constant-temp.-bm500.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322957/; classtype:trojan-activity;sid:84186057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322947)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo-12.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322947/; classtype:trojan-activity;sid:84186047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322948)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/437134429_840484214789218_7846918101211689960_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322948/; classtype:trojan-activity;sid:84186048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322949)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/peashooter-plants-vs-zombies-coloring-pages.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322949/; classtype:trojan-activity;sid:84186049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322950)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-31-de-diciembre-2016-pdf.pdf.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322950/; classtype:trojan-activity;sid:84186050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322951)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mohit-x-nidhi-5-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322951/; classtype:trojan-activity;sid:84186051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322952)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/opptenningsved1.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322952/; classtype:trojan-activity;sid:84186052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322942)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6676.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322942/; classtype:trojan-activity;sid:84186042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322943)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/610_ttsa_notas-estados-financieros-2020_dic2020.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322943/; classtype:trojan-activity;sid:84186043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322944)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d_nq_np_681157-mlm41398838981_042020-o.webp.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322944/; classtype:trojan-activity;sid:84186044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/313866373372.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322945/; classtype:trojan-activity;sid:84186045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322946)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery-img1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322946/; classtype:trojan-activity;sid:84186046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322936)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-energy-saving-dne670.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322936/; classtype:trojan-activity;sid:84186036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322937)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/l02.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322937/; classtype:trojan-activity;sid:84186037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322938)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/princess-peach-color-pages.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322938/; classtype:trojan-activity;sid:84186038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322939)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ami_ap-n25252525252525252525252525252525252525252525252525252525252525252525c225252525252525252525252525252525252525252525252525252525252525252525b002_meh_2023.pdf.lnk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322939/; classtype:trojan-activity;sid:84186039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322940)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adrien5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322940/; classtype:trojan-activity;sid:84186040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322941)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-14-at-21.09.17.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322941/; classtype:trojan-activity;sid:84186041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322935)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/302442703_1983328921860266_8776519485642852491_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322935/; classtype:trojan-activity;sid:84186035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322930)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tcc-carta-compromiso-parvulos-2018.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322930/; classtype:trojan-activity;sid:84186030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322931)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20171024_082618-m2525252525252525252525252525c32525252525252525252525252525a1solata.jpg.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322931/; classtype:trojan-activity;sid:84186031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322932)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dise25252525252525252525252525252525252525c325252525252525252525252525252525252525b1o-sin-t25252525252525252525252525252525252525c325252525252525252525252525252525252525adtulo-9.png.lnk"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322932/; classtype:trojan-activity;sid:84186032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322933)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6es72314hf320xb0_datasheet_en.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322933/; classtype:trojan-activity;sid:84186033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322934)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sagrilaft-distribuciones-hicar-sas.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322934/; classtype:trojan-activity;sid:84186034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322926)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/outdoor-gris-m2.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322926/; classtype:trojan-activity;sid:84186026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322927)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dogecoin-smart-contract-tutorial-20244.1.6.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322927/; classtype:trojan-activity;sid:84186027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322928)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20241124_163507.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322928/; classtype:trojan-activity;sid:84186028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322929)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-consensus-mechanism-details-2024-3-6-8.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322929/; classtype:trojan-activity;sid:84186029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322925)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/90670-17_20hermes_20endless_20road_20hac_20birkin_20bag_20togo_20w_2d_0002_1024x1024.jpg.lnk"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322925/; classtype:trojan-activity;sid:84186025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322917)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-staking-guide-2024-4.5.3.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322917/; classtype:trojan-activity;sid:84186017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322918)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-1920x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322918/; classtype:trojan-activity;sid:84186018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322919)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/36-1200x800.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322919/; classtype:trojan-activity;sid:84186019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322920)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jueugetes.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322920/; classtype:trojan-activity;sid:84186020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322921)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16-249.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322921/; classtype:trojan-activity;sid:84186021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322922)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0011.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322922/; classtype:trojan-activity;sid:84186022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322923)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cadastro-de-empregadores-que-tenham-submetido-trabalhadores-a-condicoes-analogas-a-de-escravo-setembro-de-2024.pdf.lnk"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322923/; classtype:trojan-activity;sid:84186023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322924)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/course-structure-psychology.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322924/; classtype:trojan-activity;sid:84186024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322910)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/313231940084.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322910/; classtype:trojan-activity;sid:84186010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322911)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stairway-december-2015.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322911/; classtype:trojan-activity;sid:84186011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322912)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2024_fiche-de-poste-animateur.ice-jardin-eedd_mai.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322912/; classtype:trojan-activity;sid:84186012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322913)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0123-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322913/; classtype:trojan-activity;sid:84186013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322914)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xxx_800_11430897315.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322914/; classtype:trojan-activity;sid:84186014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322916)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/camion-de-los-helados-60253-lego-city.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322916/; classtype:trojan-activity;sid:84186016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322902)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-terminal-de-trasnporte-junio-2024.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322902/; classtype:trojan-activity;sid:84186002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322903)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modern-pool-house-gallery-img-04.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322903/; classtype:trojan-activity;sid:84186003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322904)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/himanshu-x-yogita-3-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322904/; classtype:trojan-activity;sid:84186004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322905)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-plazo-solicitud-proxima-temporada-2024.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322905/; classtype:trojan-activity;sid:84186005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322906)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/medidores.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322906/; classtype:trojan-activity;sid:84186006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322907)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-r.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322907/; classtype:trojan-activity;sid:84186007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322908)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/am-043-2023-aprobar-que-las-sesiones-de-concejo-municipal-sean-transmitidas-por-las-redes-sociales-de-la-municipalidad-distrital-de-cayma.pdf.lnk"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322908/; classtype:trojan-activity;sid:84186008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322909)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-ano-2015.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322909/; classtype:trojan-activity;sid:84186009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322896)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/billionaire-dubai-image-04.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322896/; classtype:trojan-activity;sid:84185996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322897)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-mb602-e1530943689870.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322897/; classtype:trojan-activity;sid:84185997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322898)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pipe-rm-sur-oriente-bases-de-convocatoria-2024.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322898/; classtype:trojan-activity;sid:84185998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322899)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-3.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322899/; classtype:trojan-activity;sid:84185999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322900)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/granberg-authorization-letter.png.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322900/; classtype:trojan-activity;sid:84186000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322901)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rizol-topgear-lithium-complex-240-msds.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322901/; classtype:trojan-activity;sid:84186001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322894)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capa-1_1-0rgpek.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322894/; classtype:trojan-activity;sid:84185994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322895)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formulario-personanatural-ellibertador.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322895/; classtype:trojan-activity;sid:84185995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1195.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322890/; classtype:trojan-activity;sid:84185990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322891)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/timthumb-1.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322891/; classtype:trojan-activity;sid:84185991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322892)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a0009652-1024x768.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322892/; classtype:trojan-activity;sid:84185992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322893)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comunicat-apavital.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322893/; classtype:trojan-activity;sid:84185993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322886)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/producto-krytantek-pf-frasco-multiusos.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322886/; classtype:trojan-activity;sid:84185986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322887)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estatuto_emendas.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322887/; classtype:trojan-activity;sid:84185987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322888)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15.-protocolo-de-retencion-y-apoyo-a-estudiantes-padres-madres-y-embarazadas.pdf.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322888/; classtype:trojan-activity;sid:84185988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322889)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-42.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322889/; classtype:trojan-activity;sid:84185989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322881)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/173167921490050a2bd4cedbdc60236fcb45689874.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322881/; classtype:trojan-activity;sid:84185981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322882)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/05.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322882/; classtype:trojan-activity;sid:84185982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322883)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc00162_639ed528-2727-475b-b28c-291655bdf88f_800x.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322883/; classtype:trojan-activity;sid:84185983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322884)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/counsellor18092024.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322884/; classtype:trojan-activity;sid:84185984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322885)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3113981994673.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322885/; classtype:trojan-activity;sid:84185985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322878)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cp-unc-te30fl3-m.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322878/; classtype:trojan-activity;sid:84185978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322879)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20150210_094423-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322879/; classtype:trojan-activity;sid:84185979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322880)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/913981994640.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322880/; classtype:trojan-activity;sid:84185980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322874)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-l300.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322874/; classtype:trojan-activity;sid:84185974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322875)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-oxford15-rossignol-rsgl-top-camisa-hombre-blanca-2.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322875/; classtype:trojan-activity;sid:84185975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322876)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/layer-12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322876/; classtype:trojan-activity;sid:84185976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322877)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-6.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322877/; classtype:trojan-activity;sid:84185977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322870)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wibreport.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322870/; classtype:trojan-activity;sid:84185970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322871)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6175.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322871/; classtype:trojan-activity;sid:84185971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322872)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmd-sba-2-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322872/; classtype:trojan-activity;sid:84185972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322873)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3227156w1033.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322873/; classtype:trojan-activity;sid:84185973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322867)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pulsoximetro-c21.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322867/; classtype:trojan-activity;sid:84185967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322868)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112645306584.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322868/; classtype:trojan-activity;sid:84185968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322869)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rf202715-xxxvii-cto-espa25252525252525252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525252525252525b1a-tiro-de-campo.pdf.lnk"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322869/; classtype:trojan-activity;sid:84185969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322864)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ekonomist-banke-i-osiguranja.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322864/; classtype:trojan-activity;sid:84185964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322865)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2024-10-03-at-12.32.01-pm.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322865/; classtype:trojan-activity;sid:84185965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322866)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/elderstatement1.17.21-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322866/; classtype:trojan-activity;sid:84185966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322859)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/talleres-de-robotica-submarina-aplicada.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322859/; classtype:trojan-activity;sid:84185959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322860)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_2580_foto.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322860/; classtype:trojan-activity;sid:84185960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322861)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-ppto-junio-2023.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322861/; classtype:trojan-activity;sid:84185961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322862)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-20-at-09.13.55-5.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322862/; classtype:trojan-activity;sid:84185962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322863)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bumblebee-optimus-prime-coloring-page-1.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322863/; classtype:trojan-activity;sid:84185963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322854)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clinical-study-06.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322854/; classtype:trojan-activity;sid:84185954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322855)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ader-seg-1.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322855/; classtype:trojan-activity;sid:84185955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322856)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/focaccina-eat-pro-focaccina-proteica-chetogenica-naturale.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322856/; classtype:trojan-activity;sid:84185956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322857)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-con-corte-a-30-de-septiembre-de-2022-ttb-en-formato-pdf.pdf.lnk"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322857/; classtype:trojan-activity;sid:84185957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322858)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viaggio_antarctica-patagonia-argentina-classica_04.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322858/; classtype:trojan-activity;sid:84185958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322846)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-09-16-at-18.56.57.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322846/; classtype:trojan-activity;sid:84185946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322847)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adhi.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322847/; classtype:trojan-activity;sid:84185947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-3.jpeg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322848/; classtype:trojan-activity;sid:84185948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322849)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wwe-superstars-coloring-pages.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322849/; classtype:trojan-activity;sid:84185949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322850)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpc-cooldry-rossignol-rsgl-primera-capa-mujer-5.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322850/; classtype:trojan-activity;sid:84185950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322851)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-label-invisible-performance-02.png.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322851/; classtype:trojan-activity;sid:84185951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322852)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/instrukcja_instalatora_manipulator_int-tsg-ssw-bsb.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322852/; classtype:trojan-activity;sid:84185952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322853)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_picotin_bloghero.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322853/; classtype:trojan-activity;sid:84185953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322842)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-36.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322842/; classtype:trojan-activity;sid:84185942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322843)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-21-at-09.55.33-nbv1pu.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322843/; classtype:trojan-activity;sid:84185943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322844)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cos_english.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322844/; classtype:trojan-activity;sid:84185944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322845)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_fleece-pe.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322845/; classtype:trojan-activity;sid:84185945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322836)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tether-tokenomics-report-20241.1.6.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322836/; classtype:trojan-activity;sid:84185936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322837)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-30-radicado-2568562024-nombre-peticionario-yorladys-del-carmen-rodriguez-palomino.pdf.lnk"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322837/; classtype:trojan-activity;sid:84185937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322838)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52067_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322838/; classtype:trojan-activity;sid:84185938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322839)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/armario-cambiador-reborn-de-f5b.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322839/; classtype:trojan-activity;sid:84185939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322840)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6352.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322840/; classtype:trojan-activity;sid:84185940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322841)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image7.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322841/; classtype:trojan-activity;sid:84185941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322835)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bann.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322835/; classtype:trojan-activity;sid:84185935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322829)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bf_ar_2020-1.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322829/; classtype:trojan-activity;sid:84185929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322830)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preeti-x-anupam-9.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322830/; classtype:trojan-activity;sid:84185930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322831)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0021.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322831/; classtype:trojan-activity;sid:84185931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322832)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requ.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:249; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322832/; classtype:trojan-activity;sid:84185932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322833)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-tip-anexa-1-timp-de-completare-15-minute-.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322833/; classtype:trojan-activity;sid:84185933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322834)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/weekly-menu-detox-spring-2014.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322834/; classtype:trojan-activity;sid:84185934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322825)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lud-na-brasno.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322825/; classtype:trojan-activity;sid:84185925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322826)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forense-1.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322826/; classtype:trojan-activity;sid:84185926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322827)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-declaracion_jurada-predio_rusticopr.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322827/; classtype:trojan-activity;sid:84185927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322828)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp1094.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322828/; classtype:trojan-activity;sid:84185928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-669-2022-felicitar-al-abogado-angel-justo-justo.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322818/; classtype:trojan-activity;sid:84185918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322819)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1787.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322819/; classtype:trojan-activity;sid:84185919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lume.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322820/; classtype:trojan-activity;sid:84185920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322821)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain-trading-strategy-20241.9.2.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322821/; classtype:trojan-activity;sid:84185921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322822)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/37114-4_hermes_etriviere_shopping_tote_toile_and_l_2d_0002_grande.jpg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322822/; classtype:trojan-activity;sid:84185922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322823)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plan-de-accion-de-la-terminal-2020.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322823/; classtype:trojan-activity;sid:84185923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322824)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mindset.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322824/; classtype:trojan-activity;sid:84185924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322816)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1721-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322816/; classtype:trojan-activity;sid:84185916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322817)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/924c4929a2204781c6c82f873e919174.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322817/; classtype:trojan-activity;sid:84185917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322815)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap-market-analysis-report-2024-1.0.4.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322815/; classtype:trojan-activity;sid:84185915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322806)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oscar-catalog1.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322806/; classtype:trojan-activity;sid:84185906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322807)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf0414.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322807/; classtype:trojan-activity;sid:84185907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322808)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aerea-9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322808/; classtype:trojan-activity;sid:84185908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322809)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1724188448b972b9698e59e56d7058874e76ac40fe.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322809/; classtype:trojan-activity;sid:84185909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322810)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00197630155873____15__640x640.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322810/; classtype:trojan-activity;sid:84185910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322811)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preguntas-frecuentes-cupo-explora-unesco-admisio25252525252525252525252525252525252525252525cc2525252525252525252525252525252525252525252581n-2025.pdf.lnk"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322811/; classtype:trojan-activity;sid:84185911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322812)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/princess-peach-printable-coloring-pages.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322812/; classtype:trojan-activity;sid:84185912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322813)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-1620x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322813/; classtype:trojan-activity;sid:84185913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322814)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bread-rack-at-village-baker-bend-1.jpeg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322814/; classtype:trojan-activity;sid:84185914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322804)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oelp-capacitybuilding-program.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322804/; classtype:trojan-activity;sid:84185904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322805)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no-46-de-2024-radicado-3487872024-nombre-marcelino-guitarra.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322805/; classtype:trojan-activity;sid:84185905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322796)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image.jpeg-14.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322796/; classtype:trojan-activity;sid:84185896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322797)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anunt-termen-efectiv-eliberare-acte-de-identitate-22-mai-2023.pdf.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322797/; classtype:trojan-activity;sid:84185897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322798)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sort-of-food-on-the-table.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322798/; classtype:trojan-activity;sid:84185898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322799)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-audit-report-2024-1.3.1.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322799/; classtype:trojan-activity;sid:84185899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322800)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/114061271015.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322800/; classtype:trojan-activity;sid:84185900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322801)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01558-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322801/; classtype:trojan-activity;sid:84185901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322802)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56295_12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322802/; classtype:trojan-activity;sid:84185902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322803)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mask-group-4.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322803/; classtype:trojan-activity;sid:84185903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322794)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322794/; classtype:trojan-activity;sid:84185894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322795)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/escowill.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322795/; classtype:trojan-activity;sid:84185895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322789)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/our-tannery-production-setup-2.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322789/; classtype:trojan-activity;sid:84185889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322790)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/playbook-aktywistyczny.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322790/; classtype:trojan-activity;sid:84185890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322791)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322791/; classtype:trojan-activity;sid:84185891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/custom-stipple.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322792/; classtype:trojan-activity;sid:84185892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322793)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58097_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322793/; classtype:trojan-activity;sid:84185893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-06-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322780/; classtype:trojan-activity;sid:84185880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/94883255_10157642336008743_3134252912536977408_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322781/; classtype:trojan-activity;sid:84185881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m500303_0004052_p.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322782/; classtype:trojan-activity;sid:84185882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sprawozdanie2012.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322783/; classtype:trojan-activity;sid:84185883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01327-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322784/; classtype:trojan-activity;sid:84185884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/newsletter-fall-2023.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322785/; classtype:trojan-activity;sid:84185885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_4606-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322786/; classtype:trojan-activity;sid:84185886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-20-at-12.45.44-nikthj.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322787/; classtype:trojan-activity;sid:84185887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1052.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322788/; classtype:trojan-activity;sid:84185888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-sandpiper-2017-living-area-61.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322777/; classtype:trojan-activity;sid:84185877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programul-anual-al-achizitiilor-publice-pentru-anul-2023.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322778/; classtype:trojan-activity;sid:84185878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-picotine-lock-bag.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322779/; classtype:trojan-activity;sid:84185879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2018-10-19-reglamento-de-competii2525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525b3n-de-palomos-de-razas-firmado.pdf.lnk"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322771/; classtype:trojan-activity;sid:84185871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112863940423.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322772/; classtype:trojan-activity;sid:84185872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322773)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/instant-hot-water-tap-500x500.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322773/; classtype:trojan-activity;sid:84185873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-icono-huarmey-01-32x32.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322774/; classtype:trojan-activity;sid:84185874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j7sxsmjgxqq-uvux1a.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322775/; classtype:trojan-activity;sid:84185875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1998-jan-1st-golds-gym.gif.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322776/; classtype:trojan-activity;sid:84185876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/typ5-c10.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322766/; classtype:trojan-activity;sid:84185866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/live-05-28abril2021-9.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322767/; classtype:trojan-activity;sid:84185867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322768)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/legal-halfmarathon-results-by-profesion.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322768/; classtype:trojan-activity;sid:84185868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-divulgacao-igesdf-e1732126830768-proqwr.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322769/; classtype:trojan-activity;sid:84185869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-eternity-3.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322770/; classtype:trojan-activity;sid:84185870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capa-51-advp9o.jpeg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322761/; classtype:trojan-activity;sid:84185861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/_img_1329.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322762/; classtype:trojan-activity;sid:84185862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg-3003sd.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322763/; classtype:trojan-activity;sid:84185863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/200-subgerencia-de-planeacion-y-proyectos.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322764/; classtype:trojan-activity;sid:84185864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-a-marzo-2023.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322765/; classtype:trojan-activity;sid:84185865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322755)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lula-u021ps.jpeg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322755/; classtype:trojan-activity;sid:84185855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322756)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-14.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322756/; classtype:trojan-activity;sid:84185856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tu-parque-andadores_2.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322757/; classtype:trojan-activity;sid:84185857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pawl-puanzar.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322758/; classtype:trojan-activity;sid:84185858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20170202-wa0012.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322759/; classtype:trojan-activity;sid:84185859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/miembros-asamblea-general-2024-2028.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322760/; classtype:trojan-activity;sid:84185860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/05-4.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322752/; classtype:trojan-activity;sid:84185852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1683700866_4.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322753/; classtype:trojan-activity;sid:84185853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arches-corbels-window-trims.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322754/; classtype:trojan-activity;sid:84185854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/queen-mary-university-trip-img-12-725x544-1.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322742/; classtype:trojan-activity;sid:84185842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b7456cc1-f34a-e633-a1d2-89b031cc5331.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322743/; classtype:trojan-activity;sid:84185843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/articles-46509_recurso_2.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322744/; classtype:trojan-activity;sid:84185844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/378183273_2258443801015442_133634130861659742_na.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322745/; classtype:trojan-activity;sid:84185845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0170-1-scaled.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322746/; classtype:trojan-activity;sid:84185846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/muad-planlama-katalog-2016-1-1.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322747/; classtype:trojan-activity;sid:84185847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322748/; classtype:trojan-activity;sid:84185848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1562-done-for-gb.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322749/; classtype:trojan-activity;sid:84185849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322750)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54154499002_2a1585c060_k-swhf5i.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322750/; classtype:trojan-activity;sid:84185850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57852_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322751/; classtype:trojan-activity;sid:84185851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322739)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/funci252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525b3nfiscal-2.png.lnk"; http_uri; depth:217; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322739/; classtype:trojan-activity;sid:84185839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322740)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estados-financieros-comparativos-2018-2019.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322740/; classtype:trojan-activity;sid:84185840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322741)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-presupuestal-sep-2024-1.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322741/; classtype:trojan-activity;sid:84185841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unknown-2.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322737/; classtype:trojan-activity;sid:84185837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322738)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59426_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322738/; classtype:trojan-activity;sid:84185838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322732)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mqdefault.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322732/; classtype:trojan-activity;sid:84185832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/line_album_perspective_230225_13.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322733/; classtype:trojan-activity;sid:84185833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-156-sinaloa-1105-col-roma-6.jpeg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322734/; classtype:trojan-activity;sid:84185834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moroccanoil-smoothing-lotion-rmo-mor-lsl10-500x500-1.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322735/; classtype:trojan-activity;sid:84185835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zadig-voltaire-this-is-her-vibes-of-freedom.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322736/; classtype:trojan-activity;sid:84185836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shed-move-guide.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322729/; classtype:trojan-activity;sid:84185829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/single-use.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322730/; classtype:trojan-activity;sid:84185830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322731)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322731/; classtype:trojan-activity;sid:84185831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322723)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/verificacion-de-presentacion-de-expedientes-proceso-cas-002-2024.pdf.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322723/; classtype:trojan-activity;sid:84185823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2024-12-02-19-02-47.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322724/; classtype:trojan-activity;sid:84185824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-de.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322725/; classtype:trojan-activity;sid:84185825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322726)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/academias-explora-2023-2.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322726/; classtype:trojan-activity;sid:84185826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3016932.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322727/; classtype:trojan-activity;sid:84185827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-eliberare-atestat-de-producator.docx.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322728/; classtype:trojan-activity;sid:84185828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322717)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/naffcoelectricalvehicles.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322717/; classtype:trojan-activity;sid:84185817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img2.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322718/; classtype:trojan-activity;sid:84185818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01938-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322719/; classtype:trojan-activity;sid:84185819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nikhil-x-pakhi-4-2-scaled.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322720/; classtype:trojan-activity;sid:84185820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238774275_106310991765394_8703793129366586991_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322721/; classtype:trojan-activity;sid:84185821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/manousakis1.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322722/; classtype:trojan-activity;sid:84185822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322711)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200731_163021.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322711/; classtype:trojan-activity;sid:84185811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322712)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58897_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322712/; classtype:trojan-activity;sid:84185812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322713)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1_ws2-apple-watch-tray-sensors-zw1051-52-install-guide-thai.pdf.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322713/; classtype:trojan-activity;sid:84185813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/buy-wholesale-fashion-rivet-leather-car-seat-cushion-universal-women-auto-seat-covers-1pcs-black-from-chinese-wholesaler-1.png.lnk"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322714/; classtype:trojan-activity;sid:84185814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standee-cong-ty-8.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322715/; classtype:trojan-activity;sid:84185815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60078_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322716/; classtype:trojan-activity;sid:84185816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322704)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jhktshirt_catalogue_es.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322704/; classtype:trojan-activity;sid:84185804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322705)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-pipe-2022-1.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322705/; classtype:trojan-activity;sid:84185805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322706)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/item5.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322706/; classtype:trojan-activity;sid:84185806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d1e179d9-5fae-4894-8ddb-30be6dcb5123.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322707/; classtype:trojan-activity;sid:84185807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322708)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seleccionados_ohiggins_crecyt-2018.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322708/; classtype:trojan-activity;sid:84185808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322710)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/having-lunch-together.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322710/; classtype:trojan-activity;sid:84185810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322699)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59138_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322699/; classtype:trojan-activity;sid:84185799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322700)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-15.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322700/; classtype:trojan-activity;sid:84185800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322701)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/interna-coplan-741x494-px-l3fv1s.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322701/; classtype:trojan-activity;sid:84185801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322702)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2018-complaints-resolution-policy.asd_.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322702/; classtype:trojan-activity;sid:84185802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322703)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9301-r-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322703/; classtype:trojan-activity;sid:84185803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322695)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-submis.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322695/; classtype:trojan-activity;sid:84185795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322696)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eshan-x-aanchal-5-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322696/; classtype:trojan-activity;sid:84185796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322697)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/decizia-persoane-fizice.docx.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322697/; classtype:trojan-activity;sid:84185797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322698)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-1-de-2023-03212023093209.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322698/; classtype:trojan-activity;sid:84185798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322691)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nmuovomkjrg-enbtlm.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322691/; classtype:trojan-activity;sid:84185791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322692)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-outnva17-rossignol-rsgl-top-mujer-blanca-3.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322692/; classtype:trojan-activity;sid:84185792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryinstrukcja-montazu-4020fb-4020fw-4030f-4050fw.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322693/; classtype:trojan-activity;sid:84185793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322694)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pagina_nota2_20_11_24_oald.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322694/; classtype:trojan-activity;sid:84185794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322684)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/front-image-2.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322684/; classtype:trojan-activity;sid:84185784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322685)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eclipse-10-dt-school-university-1024x683.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322685/; classtype:trojan-activity;sid:84185785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322686)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6ca2e78cc3845ef6726978a403f654e2.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322686/; classtype:trojan-activity;sid:84185786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322687)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/folleto-fuentes_compressed-1.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322687/; classtype:trojan-activity;sid:84185787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322688)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-taxation-guide-20242.6.7.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322688/; classtype:trojan-activity;sid:84185788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322689)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-whitepaper-20242-6-6.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322689/; classtype:trojan-activity;sid:84185789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322690)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6173.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322690/; classtype:trojan-activity;sid:84185790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322677)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-su.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:191; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322677/; classtype:trojan-activity;sid:84185777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322678)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-lotte-bogor-v.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322678/; classtype:trojan-activity;sid:84185778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322679)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/international-women-day-img-1-725x544-1.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322679/; classtype:trojan-activity;sid:84185779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322680)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58000_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322680/; classtype:trojan-activity;sid:84185780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322681)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-consolidado-2021-terminal-de-transporte-s.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322681/; classtype:trojan-activity;sid:84185781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322682)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/manual-de-uso-base-de-datos-epsct-20153.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322682/; classtype:trojan-activity;sid:84185782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322683)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1720.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322683/; classtype:trojan-activity;sid:84185783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322674)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1559-done-for-gb.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322674/; classtype:trojan-activity;sid:84185774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-2024-10-22-alle-11.27.09.png.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322675/; classtype:trojan-activity;sid:84185775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322676)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4342-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322676/; classtype:trojan-activity;sid:84185776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322669)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-risikobewertungsbericht-20245.2.3.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322669/; classtype:trojan-activity;sid:84185769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322670)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vigilia-2024.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322670/; classtype:trojan-activity;sid:84185770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322671)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pleno_10abril.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322671/; classtype:trojan-activity;sid:84185771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322672)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731594122d7c5d3ee4c5cef5c6b69c21384c26172.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322672/; classtype:trojan-activity;sid:84185772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322673)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/springfield-xd.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322673/; classtype:trojan-activity;sid:84185773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200722_171531.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322663/; classtype:trojan-activity;sid:84185763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-4-5.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322664/; classtype:trojan-activity;sid:84185764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-smart-contract-tutorial-2024-5-6-1.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322665/; classtype:trojan-activity;sid:84185765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322666)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ec-102-compressed-m5n47u.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322666/; classtype:trojan-activity;sid:84185766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322667)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/golden-jubilee.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322667/; classtype:trojan-activity;sid:84185767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322668)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image11.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322668/; classtype:trojan-activity;sid:84185768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01449-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322658/; classtype:trojan-activity;sid:84185758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-20.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322659/; classtype:trojan-activity;sid:84185759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/194.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322660/; classtype:trojan-activity;sid:84185760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322661)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spray-1024x338.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322661/; classtype:trojan-activity;sid:84185761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-gato-con-botas-logo-2-192x192.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322662/; classtype:trojan-activity;sid:84185762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/item2.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322653/; classtype:trojan-activity;sid:84185753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-39.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322654/; classtype:trojan-activity;sid:84185754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/913220745052.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322655/; classtype:trojan-activity;sid:84185755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/projectshipment-general14.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322656/; classtype:trojan-activity;sid:84185756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vardenafil-levitra-stacyn.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322657/; classtype:trojan-activity;sid:84185757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6ie5boiqy4s-ix1y7o.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322647/; classtype:trojan-activity;sid:84185747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdcmx-puebla2.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322648/; classtype:trojan-activity;sid:84185748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nueva-disposicion-del-campo1.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322649/; classtype:trojan-activity;sid:84185749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/professional-accountnt-on-accounting-and-taxation.png.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322650/; classtype:trojan-activity;sid:84185750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20160115-wa0007.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322651/; classtype:trojan-activity;sid:84185751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/elec.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322652/; classtype:trojan-activity;sid:84185752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_bibliograf252525252525252525252525252525c3252525252525252525252525252525ada_congresos_regionales_2016.pdf.lnk"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322644/; classtype:trojan-activity;sid:84185744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento-interno-de-estudios-de-la-enfmp.-consejo-directivo.-definitivo-1.pdf.lnk"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322645/; classtype:trojan-activity;sid:84185745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-submiss.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322646/; classtype:trojan-activity;sid:84185746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fama-sunny-hall-int-recepcao-r01resultado-1.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322637/; classtype:trojan-activity;sid:84185737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/101-tvd_p2_secretaria-.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322638/; classtype:trojan-activity;sid:84185738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04187.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322639/; classtype:trojan-activity;sid:84185739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plataforma-estrategica-ttsa-2021-2023.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322640/; classtype:trojan-activity;sid:84185740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-1-1-1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322641/; classtype:trojan-activity;sid:84185741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/006-presupuesto-ingresos-gastos-2023-24.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322642/; classtype:trojan-activity;sid:84185742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/225884651_4191788784207613_8508122316259043217_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322643/; classtype:trojan-activity;sid:84185743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5011-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322630/; classtype:trojan-activity;sid:84185730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requir.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322631/; classtype:trojan-activity;sid:84185731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aqar-2015-16.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322632/; classtype:trojan-activity;sid:84185732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/new-photo.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322633/; classtype:trojan-activity;sid:84185733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238612189_106311201765373_3302040080263212940_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322634/; classtype:trojan-activity;sid:84185734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pinguim-natalino.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322635/; classtype:trojan-activity;sid:84185735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hellomalden.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322636/; classtype:trojan-activity;sid:84185736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-favicon-1-32x32.png.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322624/; classtype:trojan-activity;sid:84185724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/co2-system-pressure-switch.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322625/; classtype:trojan-activity;sid:84185725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain_trading_strategy_20241.3.4.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322626/; classtype:trojan-activity;sid:84185726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs-2024-layout-semi-final-20240827-1.png.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322627/; classtype:trojan-activity;sid:84185727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-community-guidelines-2024-1-7-4.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322628/; classtype:trojan-activity;sid:84185728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/situacion-financiera-septiembre-2020.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322629/; classtype:trojan-activity;sid:84185729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60k_besz_2023.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322618/; classtype:trojan-activity;sid:84185718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afaproc28-1024x1024.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322619/; classtype:trojan-activity;sid:84185719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3452-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322620/; classtype:trojan-activity;sid:84185720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/313981994638.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322621/; classtype:trojan-activity;sid:84185721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/centrala-_prosys_rp116..jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322622/; classtype:trojan-activity;sid:84185722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragambuat-seragam.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322623/; classtype:trojan-activity;sid:84185723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-consolidado-2022-terminal-de-transporte-s-1.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322612/; classtype:trojan-activity;sid:84185712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322613/; classtype:trojan-activity;sid:84185713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/legenda.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322614/; classtype:trojan-activity;sid:84185714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1730473795388756b2c4ba75701b6b90cb7b31b7d5.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322615/; classtype:trojan-activity;sid:84185715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322616)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sige-pag-web_columna-extraible-300-y-600-materia-2-sige.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322616/; classtype:trojan-activity;sid:84185716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-remo-bankstel-2-en-2.5-zits-14.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322617/; classtype:trojan-activity;sid:84185717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sml_878973170-1443276358-reciproque-consignment-store-paris-large.jpg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322610/; classtype:trojan-activity;sid:84185710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/crna-haljina-002.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322611/; classtype:trojan-activity;sid:84185711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01194-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322607/; classtype:trojan-activity;sid:84185707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kenra-platinum-working-wax-1oz-rke-kep-lww01-228x228-1.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322608/; classtype:trojan-activity;sid:84185708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nazrahotel08.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322609/; classtype:trojan-activity;sid:84185709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rpi-notebook-600x438-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322603/; classtype:trojan-activity;sid:84185703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/609_ttsa_estado-situacion-financiera_dic2020.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322604/; classtype:trojan-activity;sid:84185704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moor-23.08.2023.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322605/; classtype:trojan-activity;sid:84185705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aphmau-and-friends-coloring-pages.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322606/; classtype:trojan-activity;sid:84185706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-thermae-6.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322601/; classtype:trojan-activity;sid:84185701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento-de-trabajo-ttb_vf_firma.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322602/; classtype:trojan-activity;sid:84185702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baby-yoda-coloring-sheet-7.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322599/; classtype:trojan-activity;sid:84185699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/notas-2021.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322600/; classtype:trojan-activity;sid:84185700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pranzo-di-natale-2024.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322598/; classtype:trojan-activity;sid:84185698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-del-ecosistema-polkadot-2024-1-6-6.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322587/; classtype:trojan-activity;sid:84185687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain-whitepaper-2024-3-4-8.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322588/; classtype:trojan-activity;sid:84185688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/billionaire-dubai-image-03.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322589/; classtype:trojan-activity;sid:84185689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-974cde612e-142206.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322590/; classtype:trojan-activity;sid:84185690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-2024-08-15t232717.793.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322591/; classtype:trojan-activity;sid:84185691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_8n_bar.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322592/; classtype:trojan-activity;sid:84185692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_drifit-dropneedle.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322593/; classtype:trojan-activity;sid:84185693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lycratag.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322594/; classtype:trojan-activity;sid:84185694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-feb-mar-2019.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322595/; classtype:trojan-activity;sid:84185695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/etyeki-furdoszobaszalon-1-1.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322596/; classtype:trojan-activity;sid:84185696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-milano-floor-3.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322597/; classtype:trojan-activity;sid:84185697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20170203-wa0019.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322582/; classtype:trojan-activity;sid:84185682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primary-section-annual-function-5.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322583/; classtype:trojan-activity;sid:84185683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3313485015145.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322584/; classtype:trojan-activity;sid:84185684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16-1291.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322585/; classtype:trojan-activity;sid:84185685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/condizioni-generali-delle-fonderie-europee-ed-2013.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322586/; classtype:trojan-activity;sid:84185686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/frc-final-17-march.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322579/; classtype:trojan-activity;sid:84185679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_6706d088210c02f9b2d94836634db3a9.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322580/; classtype:trojan-activity;sid:84185680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bvc-initial-2023-hcl-nr.14-din-01.02.2023-1-1.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322581/; classtype:trojan-activity;sid:84185681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/81.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322576/; classtype:trojan-activity;sid:84185676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2gfmayxuybw-v2g9hy.jpeg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322577/; classtype:trojan-activity;sid:84185677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-tokenomics-report-2024-3-8-6.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322578/; classtype:trojan-activity;sid:84185678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1261908-migliorato-nr.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322569/; classtype:trojan-activity;sid:84185669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fullsizerender-120.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322570/; classtype:trojan-activity;sid:84185670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-afisare-oferta-persoane-fizice-1.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322571/; classtype:trojan-activity;sid:84185671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkinvskelly_900x600_e9dbc005-23ff-48d9-8c5d-1c22040943dc_1024x1024.jpg.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322572/; classtype:trojan-activity;sid:84185672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roman-reigns-wwe-coloring-pages.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322573/; classtype:trojan-activity;sid:84185673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3118068_1646162697666.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322574/; classtype:trojan-activity;sid:84185674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58097_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322575/; classtype:trojan-activity;sid:84185675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_gift_packaging_boxes_and_paper_bags_3d_model_c4d_max_obj_fbx_ma_lwo_3ds_3dm_stl_3360373_o.jpg.lnk"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322566/; classtype:trojan-activity;sid:84185666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anunt-concurs-recrutare-functie-publica-de-executie-inspector-i-asistent-compartiment-contabilitate-si-buget.pdf.lnk"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322567/; classtype:trojan-activity;sid:84185667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3329-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322568/; classtype:trojan-activity;sid:84185668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modificacion-presupuestal-marzo-de-2023-pagina-web.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322563/; classtype:trojan-activity;sid:84185663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cua-nhom-thuy-luc-2-2.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322564/; classtype:trojan-activity;sid:84185664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7750-4500-x-3000-2250-x-1500.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322565/; classtype:trojan-activity;sid:84185665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-sidewall-standard-10-royal-blue.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322561/; classtype:trojan-activity;sid:84185661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4dc943a1-9093-c852-c4dc-04088bf326d6.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322562/; classtype:trojan-activity;sid:84185662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3884fileminimizer.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322555/; classtype:trojan-activity;sid:84185655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/danh-sach-to-chuc-chung-nhan-halal-duoc-phe-duyet.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322556/; classtype:trojan-activity;sid:84185656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gov.uscourts.njd_.497515.36.0.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322557/; classtype:trojan-activity;sid:84185657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hnc-hnd-in-business-programme-brochure.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322558/; classtype:trojan-activity;sid:84185658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/drp-detox-booklet.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322559/; classtype:trojan-activity;sid:84185659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01593.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322560/; classtype:trojan-activity;sid:84185660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322544)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/isida_dms_theme_8_contracts_35-scaled.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322544/; classtype:trojan-activity;sid:84185644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322545)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sach-msutong-tap-1.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322545/; classtype:trojan-activity;sid:84185645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/abcdoble_ad-300x300.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322546/; classtype:trojan-activity;sid:84185646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0520.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322547/; classtype:trojan-activity;sid:84185647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit25252525252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525252525a0-a-1.pdf.lnk"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322548/; classtype:trojan-activity;sid:84185648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/impalaauto.com.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322549/; classtype:trojan-activity;sid:84185649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a-covid-19-e-o-mundo-do-trabalho-foco-nos-povos-indigenas-e-tribais.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322550/; classtype:trojan-activity;sid:84185650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/medicalwastepacket.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322551/; classtype:trojan-activity;sid:84185651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60174_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322552/; classtype:trojan-activity;sid:84185652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-13.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322553/; classtype:trojan-activity;sid:84185653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-afri-septianingrini-1.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322554/; classtype:trojan-activity;sid:84185654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-audit-report-20245-1-2.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322543/; classtype:trojan-activity;sid:84185643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322538)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie26.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322538/; classtype:trojan-activity;sid:84185638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200321_180724.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322539/; classtype:trojan-activity;sid:84185639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-1.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322540/; classtype:trojan-activity;sid:84185640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/parchemin1.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322541/; classtype:trojan-activity;sid:84185641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vesilni.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322542/; classtype:trojan-activity;sid:84185642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-aprobado-2012.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322531/; classtype:trojan-activity;sid:84185631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322532)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-11-21-at-10.48.19.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322532/; classtype:trojan-activity;sid:84185632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322533)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/academic_calendar_2021-22.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322533/; classtype:trojan-activity;sid:84185633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-2525252525252525c32525252525252525b6kosystembericht-2024-5-5-0.pdf.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322534/; classtype:trojan-activity;sid:84185634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerywww.google.comcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322535/; classtype:trojan-activity;sid:84185635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322536)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa-07-pousada-piedade-mata-atlantica-ronco-do-bugio.png.png.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322536/; classtype:trojan-activity;sid:84185636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322537)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/villa-athos_verdieping_-1-1024x938.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322537/; classtype:trojan-activity;sid:84185637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/188001-1024x1024.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322528/; classtype:trojan-activity;sid:84185628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lpo.pdf.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322529/; classtype:trojan-activity;sid:84185629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322530)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iss1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322530/; classtype:trojan-activity;sid:84185630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-tus-competencias-en-ciencias-ed.-parvularia-2017.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322526/; classtype:trojan-activity;sid:84185626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alfaletrando-materia1-mvyccc.jpeg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322527/; classtype:trojan-activity;sid:84185627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fe376e67-2cc5-47f1-b692-40ddab8e3fd6.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322523/; classtype:trojan-activity;sid:84185623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-09-03-at-11.31.19.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322524/; classtype:trojan-activity;sid:84185624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322525)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61ndetkgc2l.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322525/; classtype:trojan-activity;sid:84185625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oceanic-handwash-70-off-700x700-1.png.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322520/; classtype:trojan-activity;sid:84185620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-de-gestion-2019.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322521/; classtype:trojan-activity;sid:84185621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-485-gallery-3.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322522/; classtype:trojan-activity;sid:84185622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/biosilk-silk-therapy-rfa-bio-lst12-228x228-1.jpg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322513/; classtype:trojan-activity;sid:84185613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322514)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2.-protocolo-autolesion.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322514/; classtype:trojan-activity;sid:84185614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/117229777_10157955868698743_6424166456962812368_o.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322515/; classtype:trojan-activity;sid:84185615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-neutra-14.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322516/; classtype:trojan-activity;sid:84185616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-032.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322517/; classtype:trojan-activity;sid:84185617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1513981994651.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322518/; classtype:trojan-activity;sid:84185618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moes-banner-1-1.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322519/; classtype:trojan-activity;sid:84185619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-1.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322504/; classtype:trojan-activity;sid:84185604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322505)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/band-apple-watch-hermes-single-tour-45mm-deployment-buckle--074198cj34-worn-10-0-0-800-800_g.jpg.lnk"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322505/; classtype:trojan-activity;sid:84185605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit252525252525252525252525252525252525252525252525c3252525252525252525252525252525252525252525252525a0-a-4.pdf.lnk"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322506/; classtype:trojan-activity;sid:84185606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322507)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-2020-terminal-de-transporte-s.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322507/; classtype:trojan-activity;sid:84185607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-remo-bankstel-2-en-2.5-zits-11.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322508/; classtype:trojan-activity;sid:84185608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5251-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322509/; classtype:trojan-activity;sid:84185609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01-manual-nna.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322510/; classtype:trojan-activity;sid:84185610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-educational-material-2024-4-2-3.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322511/; classtype:trojan-activity;sid:84185611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gestion-y-resultados-ttsa-2023.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322512/; classtype:trojan-activity;sid:84185612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322503)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-governance-proposal-20243.2.4.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322503/; classtype:trojan-activity;sid:84185603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322502)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chicken-1-768x768.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322502/; classtype:trojan-activity;sid:84185602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322494)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bodakdev-admission-form.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322494/; classtype:trojan-activity;sid:84185594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322495)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-4.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322495/; classtype:trojan-activity;sid:84185595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322496)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/emg-samit.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322496/; classtype:trojan-activity;sid:84185596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322497)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/program-de-lucru-cu-publicul-28.11-02.12.2022-1.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322497/; classtype:trojan-activity;sid:84185597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322498)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fine-dining-food.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322498/; classtype:trojan-activity;sid:84185598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322499)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_0175_4.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322499/; classtype:trojan-activity;sid:84185599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322500)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7078476_1729693646653.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322500/; classtype:trojan-activity;sid:84185600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322501)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20211007224306_248a4484-scaled.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322501/; classtype:trojan-activity;sid:84185601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322492)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-521.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322492/; classtype:trojan-activity;sid:84185592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322493)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultado-integral-sept-2019.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322493/; classtype:trojan-activity;sid:84185593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322488)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermesevelynesizes.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322488/; classtype:trojan-activity;sid:84185588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-ppto-dic-2022.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322489/; classtype:trojan-activity;sid:84185589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322490)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fr005.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322490/; classtype:trojan-activity;sid:84185590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322491)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boosting-negotiation-skills-new-1.png.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322491/; classtype:trojan-activity;sid:84185591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322487)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-13-1200x800.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322487/; classtype:trojan-activity;sid:84185587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322482)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:244; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322482/; classtype:trojan-activity;sid:84185582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322483)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01_origin-soho-bkk_hero-shot_final-1.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322483/; classtype:trojan-activity;sid:84185583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322484)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20201102_150457.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322484/; classtype:trojan-activity;sid:84185584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322485)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-2.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322485/; classtype:trojan-activity;sid:84185585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322486)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_12.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322486/; classtype:trojan-activity;sid:84185586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322475)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-25-at-16.51.00_514f02c8.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322475/; classtype:trojan-activity;sid:84185575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322476)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-17.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322476/; classtype:trojan-activity;sid:84185576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322477)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/regulamin-zglaszania-naruszen-prawa-w-cm-krajmed.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322477/; classtype:trojan-activity;sid:84185577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322478)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-70.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322478/; classtype:trojan-activity;sid:84185578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322479)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xxx_800_11430830751.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322479/; classtype:trojan-activity;sid:84185579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322480)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/balloo-uai-258x194.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322480/; classtype:trojan-activity;sid:84185580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322481)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viaggio_antarctica-patagonia-argentina-classica_07-1.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322481/; classtype:trojan-activity;sid:84185581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322468)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full-naskah-wahyudiana-web.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322468/; classtype:trojan-activity;sid:84185568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322469)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp8983.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322469/; classtype:trojan-activity;sid:84185569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322470)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lista-seleccionados-cecyte-2022.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322470/; classtype:trojan-activity;sid:84185570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322471)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fachada-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322471/; classtype:trojan-activity;sid:84185571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322472)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lsf-ifc-01-render-transp-1024x560.png.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322472/; classtype:trojan-activity;sid:84185572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322473)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-developmen.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322473/; classtype:trojan-activity;sid:84185573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322474)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-2013-tecnificacio-arquers-base-lleida1.doc.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322474/; classtype:trojan-activity;sid:84185574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322464)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322464/; classtype:trojan-activity;sid:84185564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322465)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3355-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322465/; classtype:trojan-activity;sid:84185565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322466)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandeep-x-ankita-4-scaled.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322466/; classtype:trojan-activity;sid:84185566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322467)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-regulatory-compliance-guide-20245.2.6.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322467/; classtype:trojan-activity;sid:84185567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322459)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_congresoxvi.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322459/; classtype:trojan-activity;sid:84185559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322460)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55979_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322460/; classtype:trojan-activity;sid:84185560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322461)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landscapes-10.jpeg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322461/; classtype:trojan-activity;sid:84185561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322462)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pilar-2013-circular.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322462/; classtype:trojan-activity;sid:84185562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322463)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f4659458a2c94cd9ed4db093d43ff5cd.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322463/; classtype:trojan-activity;sid:84185563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322456)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ananda-school-brochure-pdf.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322456/; classtype:trojan-activity;sid:84185556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322457)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-audit-report-2024-2-1-8.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322457/; classtype:trojan-activity;sid:84185557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322458)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17314474055256571eebb178e0bf6ffa4a738bd992.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322458/; classtype:trojan-activity;sid:84185558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322452)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/geographic-atrophy2-23.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322452/; classtype:trojan-activity;sid:84185552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322453)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tummy-tuck.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322453/; classtype:trojan-activity;sid:84185553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322454)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/losrios_basescampamento_2022_v00.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322454/; classtype:trojan-activity;sid:84185554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322455)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/62064_0.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322455/; classtype:trojan-activity;sid:84185555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322448)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/your-name-4.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322448/; classtype:trojan-activity;sid:84185548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322449)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tupa_cayma_2015-2.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322449/; classtype:trojan-activity;sid:84185549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322450)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/projectshipment-general15.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322450/; classtype:trojan-activity;sid:84185550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322451)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ed55d7a5-2b69-4c63-b4d0-ac510bacc2e8.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322451/; classtype:trojan-activity;sid:84185551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322445)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro2008.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322445/; classtype:trojan-activity;sid:84185545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322446)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/alt-krei-plb.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322446/; classtype:trojan-activity;sid:84185546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322447)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc04905-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322447/; classtype:trojan-activity;sid:84185547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322438)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kpsh-aml-2024-1.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322438/; classtype:trojan-activity;sid:84185538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322439)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/298459003_5347106222009191_5817611449813447520_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322439/; classtype:trojan-activity;sid:84185539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322440)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/listado-de-inscritos.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322440/; classtype:trojan-activity;sid:84185540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscinas-16-elite.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322441/; classtype:trojan-activity;sid:84185541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322442)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cronograma-ppto-2023.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322442/; classtype:trojan-activity;sid:84185542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322443)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1565-done-for-gb.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322443/; classtype:trojan-activity;sid:84185543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322444)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731504771e6c7e6e07dbd400204e653eb06efc881.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322444/; classtype:trojan-activity;sid:84185544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322434)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rti-favicon.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322434/; classtype:trojan-activity;sid:84185534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322435)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58603_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322435/; classtype:trojan-activity;sid:84185535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322436)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17303116225abebc218ed577dc22d41ae8db1be747.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322436/; classtype:trojan-activity;sid:84185536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322437)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/il_570xn.3516708142_s4go.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322437/; classtype:trojan-activity;sid:84185537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/travisci-full-color.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322428/; classtype:trojan-activity;sid:84185528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322429)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-mola-curiosasmentes.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322429/; classtype:trojan-activity;sid:84185529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322430)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12-1.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322430/; classtype:trojan-activity;sid:84185530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322431)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.5.5237.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322431/; classtype:trojan-activity;sid:84185531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322432)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_campamento_profes_2020.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322432/; classtype:trojan-activity;sid:84185532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322433)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requirements-s.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:259; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322433/; classtype:trojan-activity;sid:84185533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322427)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anteprojeto_projeto-de-lei-_etica-e-transparencia-alteracao-lei-ordinaria.pdf.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322427/; classtype:trojan-activity;sid:84185527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322423)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mario-kart-characters-coloring-pages.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322423/; classtype:trojan-activity;sid:84185523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322424)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wykaz-soltysi_skawina.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322424/; classtype:trojan-activity;sid:84185524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322425)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nikhil-x-pakhi-2-scaled.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322425/; classtype:trojan-activity;sid:84185525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322426)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jamaicablue_kidsbuttermilkpancakes_hires.png.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322426/; classtype:trojan-activity;sid:84185526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322418)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20200213-wa0049-768x1024.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322418/; classtype:trojan-activity;sid:84185518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322419)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monero-trading-strategy-2024-4-0-5.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322419/; classtype:trojan-activity;sid:84185519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322420)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/olio-mct.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322420/; classtype:trojan-activity;sid:84185520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galala-cream-1-1.jpeg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322421/; classtype:trojan-activity;sid:84185521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322422)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lula-biden-milei-3yqdbl.jpeg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322422/; classtype:trojan-activity;sid:84185522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322417)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2018-informe-de-gestion-.docx-2.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322417/; classtype:trojan-activity;sid:84185517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322411)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/br_cnn_181124_360_clean_frame_165993-e1731963092279-kwngko.jpeg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322411/; classtype:trojan-activity;sid:84185511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322412)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/work-cube-brochure.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322412/; classtype:trojan-activity;sid:84185512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322413)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-bks-noer-ali-1.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322413/; classtype:trojan-activity;sid:84185513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322414)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oksijen-spor-kul252525252525252525c3252525252525252525bcb252525252525252525c3252525252525252525bc-kapal252525252525252525c4252525252525252525b1-havuz-4.jpg.lnk"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322414/; classtype:trojan-activity;sid:84185514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322415)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afis-ai-parte-ai-carte-funciara.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322415/; classtype:trojan-activity;sid:84185515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322416)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dept_history.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322416/; classtype:trojan-activity;sid:84185516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322407)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58457_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322407/; classtype:trojan-activity;sid:84185507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322408)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-1.png.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322408/; classtype:trojan-activity;sid:84185508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322409)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-no.220-2024-mpa-da-aprueba_pei-2024-2028.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322409/; classtype:trojan-activity;sid:84185509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322410)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2024-08-01_10-47-14-1030x728.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322410/; classtype:trojan-activity;sid:84185510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322403)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anunt-examen-promovare-in-grad-profesional.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322403/; classtype:trojan-activity;sid:84185503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322404)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/banana-choc-chip-angled-01-art-768x768.png.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322404/; classtype:trojan-activity;sid:84185504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322405)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/delito-asoc.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322405/; classtype:trojan-activity;sid:84185505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322406)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/frac31555_1fi1942.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322406/; classtype:trojan-activity;sid:84185506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322399)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-energy-saving-dne850v.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322399/; classtype:trojan-activity;sid:84185499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322400)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kshitij-x-harshita-4-scaled.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322400/; classtype:trojan-activity;sid:84185500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322401)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-2023-06-10t100339.621-150x150.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322401/; classtype:trojan-activity;sid:84185501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322402)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59463_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322402/; classtype:trojan-activity;sid:84185502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322391)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/raportul-final-nr.-977.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322391/; classtype:trojan-activity;sid:84185491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322392)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/magnetic-stirrer-with-hot-plate-mg600h.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322392/; classtype:trojan-activity;sid:84185492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322393)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55769_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322393/; classtype:trojan-activity;sid:84185493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322394)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-crecyt-2017-2.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322394/; classtype:trojan-activity;sid:84185494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322395)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bumdes2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322395/; classtype:trojan-activity;sid:84185495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322396)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60019_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322396/; classtype:trojan-activity;sid:84185496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322397)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57832_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322397/; classtype:trojan-activity;sid:84185497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322398)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-357-2023-fe-de-erratas-de-la-ordenanza-municipal-no-357-2023-mdc-de-fecha-28-de-diciembre-del-2023.pdf.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322398/; classtype:trojan-activity;sid:84185498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322389)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/duplex-icarai-2.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322389/; classtype:trojan-activity;sid:84185489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322390)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-junio-2024.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322390/; classtype:trojan-activity;sid:84185490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322386)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carhartt-103296-relaxed-fit-heavyweight-short-sleeve-k87-pocket-t-shirt-workwear-nation-ltd-3545_560x.gif.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322386/; classtype:trojan-activity;sid:84185486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322387)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp9565.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322387/; classtype:trojan-activity;sid:84185487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322388)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-modificacion-no-2-1-aprobado-2022-ttb.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322388/; classtype:trojan-activity;sid:84185488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322384)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thumbnail-thach-tao-bon-wilav-jelly.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322384/; classtype:trojan-activity;sid:84185484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322385)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-660-2021-declarar-la-capacidad-de-luis-daniel-gutierrez-aldecoa-y-pamela-campbell-fernandez-para-contraer-matrimonio-civil-en-la-mdc.pdf.lnk"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322385/; classtype:trojan-activity;sid:84185485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marcosandro.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322380/; classtype:trojan-activity;sid:84185480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4088.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322381/; classtype:trojan-activity;sid:84185481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322382)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52827999_6429.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322382/; classtype:trojan-activity;sid:84185482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57658_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322383/; classtype:trojan-activity;sid:84185483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322376)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie6.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322376/; classtype:trojan-activity;sid:84185476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322377)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-titulo-4.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322377/; classtype:trojan-activity;sid:84185477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322378)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fl-ba01at-u-rr-1080x1920-001-450x800.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322378/; classtype:trojan-activity;sid:84185478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322379)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/covid-con-el-guanaco-yastay.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322379/; classtype:trojan-activity;sid:84185479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322372)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-risk-assessment-report-20243.8.1.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322372/; classtype:trojan-activity;sid:84185472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322373)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-26-radicado-2436252024-nombre-peticionario-pedro-martinez.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322373/; classtype:trojan-activity;sid:84185473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322375)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requirements.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:257; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322375/; classtype:trojan-activity;sid:84185475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322369)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/python-logo.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322369/; classtype:trojan-activity;sid:84185469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322370)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin_2015_06.0.0.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322370/; classtype:trojan-activity;sid:84185470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322371)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img8.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322371/; classtype:trojan-activity;sid:84185471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322363)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/steel-metal-expo-2022-pdf-3.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322363/; classtype:trojan-activity;sid:84185463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322364)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tether-security-best-practices-2024-2-0-1.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322364/; classtype:trojan-activity;sid:84185464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322365)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1683903931780be00e936b51c2332a32a6b3ec7fd4.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322365/; classtype:trojan-activity;sid:84185465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322366)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/royal-palm-bay-overlay--scaled.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322366/; classtype:trojan-activity;sid:84185466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322367)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/104504146-most_expensive_handbag_in_the_world_sold_at_christies_hong_kong_on_31_may_2017.jpg.lnk"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322367/; classtype:trojan-activity;sid:84185467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322368)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politica-proteccion-de-datos-personales-4-1-1.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322368/; classtype:trojan-activity;sid:84185468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322356)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/annual-appeal-nov.-newsletter-2020-3.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322356/; classtype:trojan-activity;sid:84185456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322357)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fier.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322357/; classtype:trojan-activity;sid:84185457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322358)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8b769475-49d3-4b53-a8ba-8b0c7f6f9e16.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322358/; classtype:trojan-activity;sid:84185458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322359)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/group-1269.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322359/; classtype:trojan-activity;sid:84185459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322360)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/08-1.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322360/; classtype:trojan-activity;sid:84185460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322361)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3147.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322361/; classtype:trojan-activity;sid:84185461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322362)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/salle_de_bain1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322362/; classtype:trojan-activity;sid:84185462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322351)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_32.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322351/; classtype:trojan-activity;sid:84185451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322352)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731531392b5e3917b69ad989e284aeba0981db1b1.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322352/; classtype:trojan-activity;sid:84185452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322353)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322353/; classtype:trojan-activity;sid:84185453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322354)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/140026_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322354/; classtype:trojan-activity;sid:84185454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322355)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-02-19-at-20.21.34-3.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322355/; classtype:trojan-activity;sid:84185455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322347)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/front-bumber2-am.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322347/; classtype:trojan-activity;sid:84185447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322348)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b7fda126c4d0b9a3417400e2e44b8b1c10176766fbp19373685.pdf.html.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322348/; classtype:trojan-activity;sid:84185448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322349)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lab.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322349/; classtype:trojan-activity;sid:84185449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322350)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pilates1-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322350/; classtype:trojan-activity;sid:84185450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322342)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2022_03_presupuesto_planificacion_deportiva_2021.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322342/; classtype:trojan-activity;sid:84185442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/centrifuge-ultra-lpdp-2023.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322343/; classtype:trojan-activity;sid:84185443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322344)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/middle-sections-much-anticipated-annual-event-noir-et-blanc.jpeg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322344/; classtype:trojan-activity;sid:84185444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322345)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpk-jansen-rossignol-rsgl-tercera-capa-mujer-negro-4.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322345/; classtype:trojan-activity;sid:84185445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322346)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-07-at-19.42.19_59463336-1.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322346/; classtype:trojan-activity;sid:84185446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322335)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aakanksha-x-vivek-4-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322335/; classtype:trojan-activity;sid:84185435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322336)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chapa_anamatra.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322336/; classtype:trojan-activity;sid:84185436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322337)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-156-sinaloa-1105-col-roma-24.jpeg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322337/; classtype:trojan-activity;sid:84185437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322338)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/optovision-2020-ed-5-10-24-vol-173-en-esp-04-33-scaled.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322338/; classtype:trojan-activity;sid:84185438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322339)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23caf4d5-bd17-c796-fde2-023dc3b1a4b5.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322339/; classtype:trojan-activity;sid:84185439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322340)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/conferencia-2.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322340/; classtype:trojan-activity;sid:84185440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322341)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/semi-katun_4_11zon.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322341/; classtype:trojan-activity;sid:84185441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322334)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-11-21-at-10.48.24.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322334/; classtype:trojan-activity;sid:84185434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322332)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20220528_221853_0000-afri-septianingrini.png.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322332/; classtype:trojan-activity;sid:84185432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322333)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/despo_3_11zon.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322333/; classtype:trojan-activity;sid:84185433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322331)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asparagi-600x368.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322331/; classtype:trojan-activity;sid:84185431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322327)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comingtotown.mp3.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322327/; classtype:trojan-activity;sid:84185427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322328)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57658_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322328/; classtype:trojan-activity;sid:84185428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322329)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/info-final-terminal-transporte-89-r_compressed.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322329/; classtype:trojan-activity;sid:84185429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322330)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tu-parque-perspectiva-aerea.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322330/; classtype:trojan-activity;sid:84185430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322321)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/joilart-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322321/; classtype:trojan-activity;sid:84185421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/121220_map_soho-bangkok-01-scaled-1.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322322/; classtype:trojan-activity;sid:84185422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322323)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coll1.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322323/; classtype:trojan-activity;sid:84185423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322324)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hang22.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322324/; classtype:trojan-activity;sid:84185424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322325)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wibsaudi.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322325/; classtype:trojan-activity;sid:84185425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322326)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1585299503637.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322326/; classtype:trojan-activity;sid:84185426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322319)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/drapery_track_ceiling_mount.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322319/; classtype:trojan-activity;sid:84185419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322320)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-2.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322320/; classtype:trojan-activity;sid:84185420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322317)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchquerywww.ardayazilim.comcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:241; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322317/; classtype:trojan-activity;sid:84185417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322318)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/panasonic_digital_cordless_phone_kx-tg6711_1_1640606141.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322318/; classtype:trojan-activity;sid:84185418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322311)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56235_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322311/; classtype:trojan-activity;sid:84185411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322312)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-012.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322312/; classtype:trojan-activity;sid:84185412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322313)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/torres-de-enfriamiento-es.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322313/; classtype:trojan-activity;sid:84185413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322314)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-18-radicado-2074962024-nombre-peticionario-yolanda-sabogal.pdf.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322314/; classtype:trojan-activity;sid:84185414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322315)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-whitepaper-20243.4.8.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322315/; classtype:trojan-activity;sid:84185415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322316)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7012b-7019b-instrukcja-uzytkowania.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322316/; classtype:trojan-activity;sid:84185416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322310)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wo252525252525252525252525252525252525252525252525252525c525252525252525252525252525252525252525252525252525252582y252525252525252525252525252525252525252525252525252525c5252525252525252525252525252525252525252525252525252525842.jpg.lnk"; http_uri; depth:247; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322310/; classtype:trojan-activity;sid:84185410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322308)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap-blockchain-architecture-diagram-2024-3-8-4.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322308/; classtype:trojan-activity;sid:84185408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322309)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322309/; classtype:trojan-activity;sid:84185409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/redwing-authorization-letter.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322304/; classtype:trojan-activity;sid:84185404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322305)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56221_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322305/; classtype:trojan-activity;sid:84185405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322306)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59375_64.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322306/; classtype:trojan-activity;sid:84185406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322307)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ll04466_hermes_herbag_backpack_5.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322307/; classtype:trojan-activity;sid:84185407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322295)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/newsflash-15th-19th-june-2024.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322295/; classtype:trojan-activity;sid:84185395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322296)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/goretex_6_11zon.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322296/; classtype:trojan-activity;sid:84185396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322297)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/svaba-tralala.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322297/; classtype:trojan-activity;sid:84185397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322298)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/incendio.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322298/; classtype:trojan-activity;sid:84185398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322299)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20170214-wa0008.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322299/; classtype:trojan-activity;sid:84185399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322300)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sprawozdanie2011.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322300/; classtype:trojan-activity;sid:84185400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322301)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/daylux-premix-cp2-25ap-doc.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322301/; classtype:trojan-activity;sid:84185401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_0425.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322302/; classtype:trojan-activity;sid:84185402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-captura-de-pantalla-2024-10-02-a-las-12.17.202525252525252525252525252525252525e22525252525252525252525252525252525802525252525252525252525252525252525afp.-m.-1-32x32.png.lnk"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322303/; classtype:trojan-activity;sid:84185403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322292)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/complete-hair-care-herbal-shampoo.png.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322292/; classtype:trojan-activity;sid:84185392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322293)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3norte.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322293/; classtype:trojan-activity;sid:84185393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322294)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1708.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322294/; classtype:trojan-activity;sid:84185394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322290)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-25-rock-limited-edition-volupto-palladium-hardware-1.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322290/; classtype:trojan-activity;sid:84185390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322291)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47479_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322291/; classtype:trojan-activity;sid:84185391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-marvel-onyx-3.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322288/; classtype:trojan-activity;sid:84185388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9393-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322289/; classtype:trojan-activity;sid:84185389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322287)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322287/; classtype:trojan-activity;sid:84185387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preguntas-frecuentes-cupo-explora-unesco-admisi25252525252525252525252525252525252525c325252525252525252525252525252525252525b3n-2024.pdf.lnk"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322283/; classtype:trojan-activity;sid:84185383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54b21af5-3d17-0256-9a36-1f2f706c1cee.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322284/; classtype:trojan-activity;sid:84185384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322285)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toaleta-myjaca-majormaker-topaz-4701fw-1-scaled.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322285/; classtype:trojan-activity;sid:84185385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322286)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-risk-assessment-report-2024-2-9-0.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322286/; classtype:trojan-activity;sid:84185386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the-merrows-red-hat-preview.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322282/; classtype:trojan-activity;sid:84185382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322279)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-of-princess-peach.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322279/; classtype:trojan-activity;sid:84185379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322280)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gsm-dual-sim-land-phone-dlna-zt900g-pro-25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252540ido.lk_.jpg.lnk"; http_uri; depth:200; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322280/; classtype:trojan-activity;sid:84185380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baby-yoda-coloring-sheet-3.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322281/; classtype:trojan-activity;sid:84185381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322277)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/making_thai-uk_trade_cheaper_faster_simpler_-_march_2023.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322277/; classtype:trojan-activity;sid:84185377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322278)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sesion-noviembre-2019-4.jpeg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322278/; classtype:trojan-activity;sid:84185378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322272)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/captain-cook-fishing23.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322272/; classtype:trojan-activity;sid:84185372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322273)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pull-off.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322273/; classtype:trojan-activity;sid:84185373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322274)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pdp-work-cube-package-gray-70.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322274/; classtype:trojan-activity;sid:84185374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/multi-axis-vibration.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322275/; classtype:trojan-activity;sid:84185375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322276)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5.jpeg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322276/; classtype:trojan-activity;sid:84185376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322268)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-419-mdc-2020.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322268/; classtype:trojan-activity;sid:84185368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322269)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/siding.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322269/; classtype:trojan-activity;sid:84185369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322270)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-building-supply-absolute43-majolica-brown-pellet-stove.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322270/; classtype:trojan-activity;sid:84185370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322271)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-whitepaper-2024-2-653535353.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322271/; classtype:trojan-activity;sid:84185371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322266)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/favi-85x85.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322266/; classtype:trojan-activity;sid:84185366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322267)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58994_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322267/; classtype:trojan-activity;sid:84185367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322261)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/310653302_790961088909292_4521552657060089329_n-1.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322261/; classtype:trojan-activity;sid:84185361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322262)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/436878779_342763732137133_7808675087377990956_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322262/; classtype:trojan-activity;sid:84185362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322263)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/three-hermes-birkin-bags-singapore-bj-luxury-1.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322263/; classtype:trojan-activity;sid:84185363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322264)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pkl-sat-1-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322264/; classtype:trojan-activity;sid:84185364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322265)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a0009669-1024x768.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322265/; classtype:trojan-activity;sid:84185365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322253)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20200731_151558.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322253/; classtype:trojan-activity;sid:84185353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322254)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phan-mem-trinh-chieu-co-doc-v4-1-9.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322254/; classtype:trojan-activity;sid:84185354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322255)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52337_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322255/; classtype:trojan-activity;sid:84185355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322256)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a01_771-192.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322256/; classtype:trojan-activity;sid:84185356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322257)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/booby-tape-silicone-nipple-covers-ebi-boo-ncsil-228x228-1.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322257/; classtype:trojan-activity;sid:84185357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322258)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/02skindeep-span-superjumbo.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322258/; classtype:trojan-activity;sid:84185358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322259)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57199_8.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322259/; classtype:trojan-activity;sid:84185359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322260)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58897_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322260/; classtype:trojan-activity;sid:84185360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322251)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/42-scaled.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322251/; classtype:trojan-activity;sid:84185351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322252)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-ico-ido-ieo-guide-20242.8.7.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322252/; classtype:trojan-activity;sid:84185352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322248)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guide_installation_portefeuille_chainlink_20244.0.9.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322248/; classtype:trojan-activity;sid:84185348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322249)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resoluci252525252525252525252525252525c3252525252525252525252525252525b3n-admisibilidad-par-explora-2025-2026-1.pdf.lnk"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322249/; classtype:trojan-activity;sid:84185349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322250)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/smestaj3.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322250/; classtype:trojan-activity;sid:84185350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322244)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4092.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322244/; classtype:trojan-activity;sid:84185344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322245)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7_ws2-exposed-cable-merchandising-guide-vietnamese.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322245/; classtype:trojan-activity;sid:84185345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322246)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1728914030039cce1222dec9af301bd57fbd33c9b5.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322246/; classtype:trojan-activity;sid:84185346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322247)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8152.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322247/; classtype:trojan-activity;sid:84185347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322240)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cape-cod-e1474908990972.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322240/; classtype:trojan-activity;sid:84185340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322241)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-exit-tol-bawen.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322241/; classtype:trojan-activity;sid:84185341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322242)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-scaled.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322242/; classtype:trojan-activity;sid:84185342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322243)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aprobacion-de-criterios-de-priorizacion-2025-2027.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322243/; classtype:trojan-activity;sid:84185343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322235)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/438082003_840484204789219_4129106931994375600_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322235/; classtype:trojan-activity;sid:84185335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322236)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20171025_090554.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322236/; classtype:trojan-activity;sid:84185336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322237)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_00041-1.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322237/; classtype:trojan-activity;sid:84185337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322238)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cto-aragon-3d-2017.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322238/; classtype:trojan-activity;sid:84185338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322239)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rlm2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322239/; classtype:trojan-activity;sid:84185339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322231)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/classroom.google.com.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322231/; classtype:trojan-activity;sid:84185331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322232)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wioc-notice-of-dividend-payment-2024-scaled.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322232/; classtype:trojan-activity;sid:84185332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322233)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/staff-parties-img-3-725x544-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322233/; classtype:trojan-activity;sid:84185333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322234)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adag01.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322234/; classtype:trojan-activity;sid:84185334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322227)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1712-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322227/; classtype:trojan-activity;sid:84185327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322228)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/learner-engagement-administrator-job-description-1.docx.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322228/; classtype:trojan-activity;sid:84185328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322229)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-de-convocatoria-peal-2024-feria-del-mar_9mayo.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322229/; classtype:trojan-activity;sid:84185329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322230)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/news-flash-8th-12th-july-2024.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322230/; classtype:trojan-activity;sid:84185330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322219)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/product-9-1-1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322219/; classtype:trojan-activity;sid:84185319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322220)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unit-210-living-room-2-scaled.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322220/; classtype:trojan-activity;sid:84185320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322221)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/detail-recreational-sidewall-box.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322221/; classtype:trojan-activity;sid:84185321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322222)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/laufen_palomba_-16.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322222/; classtype:trojan-activity;sid:84185322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322223)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/american-public-power-association-aa5v6smcaly-unsplash.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322223/; classtype:trojan-activity;sid:84185323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322224)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinai-pearl-beige-5.jpeg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322224/; classtype:trojan-activity;sid:84185324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322225)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jht-j-485-hot-tub-porcelain-oh-ir.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322225/; classtype:trojan-activity;sid:84185325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322226)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boletim_anual-populacao-negra-ped-df-2024.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322226/; classtype:trojan-activity;sid:84185326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322213)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/odpowiedz_szamba_skawina.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322213/; classtype:trojan-activity;sid:84185313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322214)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-community-guidelines-2024-3.6.4.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322214/; classtype:trojan-activity;sid:84185314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322215)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_83f2264c8a9f981cec4a0955a1e76f83.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322215/; classtype:trojan-activity;sid:84185315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322216)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/property-4hatoon-gallery-img-3-1.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322216/; classtype:trojan-activity;sid:84185316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322217)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cultura_subventii_2022.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322217/; classtype:trojan-activity;sid:84185317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322218)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-ecosystem-report-2024-3-2-9.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322218/; classtype:trojan-activity;sid:84185318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322210)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formulario_postulacion_linea_valoracion_final.doc.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322210/; classtype:trojan-activity;sid:84185310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322211)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_683a8bddc281071bc7c1edd797829424.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322211/; classtype:trojan-activity;sid:84185311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322212)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9736.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322212/; classtype:trojan-activity;sid:84185312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322207)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3187d.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322207/; classtype:trojan-activity;sid:84185307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322208)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2.jpeg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322208/; classtype:trojan-activity;sid:84185308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322209)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/twisted-x-brewery_high-res-230.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322209/; classtype:trojan-activity;sid:84185309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322202)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thumbnail-gac-kho-ro-luoi-bicare.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322202/; classtype:trojan-activity;sid:84185302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322203)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-10-07-at-10.47.48-3.jpeg-min-min-scaled.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322203/; classtype:trojan-activity;sid:84185303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322204)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-84.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322204/; classtype:trojan-activity;sid:84185304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322205)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-submi.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322205/; classtype:trojan-activity;sid:84185305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322206)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/322738-55979.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322206/; classtype:trojan-activity;sid:84185306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322200)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain-roadmap-2024-1.4.0.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322200/; classtype:trojan-activity;sid:84185300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322201)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59426_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322201/; classtype:trojan-activity;sid:84185301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322196)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estades-ajuntament.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322196/; classtype:trojan-activity;sid:84185296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322197)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the-difference-between-hermes-birkin-and-kelly-bags-1.-cover-photo.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322197/; classtype:trojan-activity;sid:84185297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/does-kamagra-oral-jelly-make-you-last-longer.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322198/; classtype:trojan-activity;sid:84185298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322199)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-ed-parvularia-tus-competencias-en-ciencias-2018.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322199/; classtype:trojan-activity;sid:84185299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322193)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galala-cream-2-1.jpeg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322193/; classtype:trojan-activity;sid:84185293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322194)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_american-drill.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322194/; classtype:trojan-activity;sid:84185294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322195)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-12.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322195/; classtype:trojan-activity;sid:84185295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322184)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resume.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322184/; classtype:trojan-activity;sid:84185284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322185)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/marketingmango-7.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322185/; classtype:trojan-activity;sid:84185285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322186)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cinco-rios-fishing04.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322186/; classtype:trojan-activity;sid:84185286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322187)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oficio_atonormativo0001.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322187/; classtype:trojan-activity;sid:84185287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322188)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.-machu-picchu-peru.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322188/; classtype:trojan-activity;sid:84185288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322189)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-trading-strategy-2024-2.3.1.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322189/; classtype:trojan-activity;sid:84185289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322190)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/113004714867.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322190/; classtype:trojan-activity;sid:84185290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322191)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322191/; classtype:trojan-activity;sid:84185291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322192)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-3.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322192/; classtype:trojan-activity;sid:84185292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322178)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d794d7a6d7a2d7aa-d79cd7a4d7a2d799d79cd795d7aa-d791d790d799d7a0d7a1d799d799d793-d790d790d795d798.pdf.lnk"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322178/; classtype:trojan-activity;sid:84185278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322179)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apisonador-diesel.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322179/; classtype:trojan-activity;sid:84185279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322180)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lightning-mcqueen-coloring-page.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322180/; classtype:trojan-activity;sid:84185280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322181)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-litomedica-favicon-32x32.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322181/; classtype:trojan-activity;sid:84185281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322182)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunline-price-list-ply-gem-stone-products.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322182/; classtype:trojan-activity;sid:84185282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322183)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-blockchain-architecture-diagram-20245.6.0.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322183/; classtype:trojan-activity;sid:84185283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322171)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscinas-29-elite.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322171/; classtype:trojan-activity;sid:84185271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322172)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-submission.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322172/; classtype:trojan-activity;sid:84185272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322173)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iqac_16th_oct_2018.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322173/; classtype:trojan-activity;sid:84185273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322174)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/520-direccion-de-gestion-financiera.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322174/; classtype:trojan-activity;sid:84185274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322175)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/slava-keyzman-msjsgjxwcdc-unsplash-e1626452250680.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322175/; classtype:trojan-activity;sid:84185275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322176)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55769_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322176/; classtype:trojan-activity;sid:84185276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322177)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/254-zebar-school-for-children-thaltej-pro-order-abad-rural.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322177/; classtype:trojan-activity;sid:84185277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322168)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kylie-jenners-hermes-birkin-bags-1170x878.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322168/; classtype:trojan-activity;sid:84185268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322169)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m8a0605-back-copy-700x700-1.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322169/; classtype:trojan-activity;sid:84185269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322170)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/35452_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322170/; classtype:trojan-activity;sid:84185270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322164)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/drifit_3_11zon.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322164/; classtype:trojan-activity;sid:84185264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322165)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/06laboratorios-sophia-1.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322165/; classtype:trojan-activity;sid:84185265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322166)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/481-17-rex-aprueba-bases-concursales-concurso-xxi-vyd.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322166/; classtype:trojan-activity;sid:84185266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322167)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-staking-guide-20245.7.2.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322167/; classtype:trojan-activity;sid:84185267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322162)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hands-on-workshop-on-natural-holi-colours-15march2022.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322162/; classtype:trojan-activity;sid:84185262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322163)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p02_plantapiscina-scaled.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322163/; classtype:trojan-activity;sid:84185263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322159)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/notas-2022.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322159/; classtype:trojan-activity;sid:84185259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322160)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cua-nhom-xingfa-binh-duong-8-2.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322160/; classtype:trojan-activity;sid:84185260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322161)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tgd-101.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322161/; classtype:trojan-activity;sid:84185261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322155)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-3.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322155/; classtype:trojan-activity;sid:84185255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322156)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seleccionados-crecyt2017.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322156/; classtype:trojan-activity;sid:84185256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322157)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312645309442.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322157/; classtype:trojan-activity;sid:84185257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322158)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58097_15.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322158/; classtype:trojan-activity;sid:84185258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322148)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sherry-brookes-armada-avenue-7.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322148/; classtype:trojan-activity;sid:84185248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322149)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/staff-parties-img-5-408x544-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322149/; classtype:trojan-activity;sid:84185249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322150)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solution-700x700-1.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322150/; classtype:trojan-activity;sid:84185250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322151)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-006.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322151/; classtype:trojan-activity;sid:84185251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322152)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-07-30-11-32-11.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322152/; classtype:trojan-activity;sid:84185252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322153)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-kaos-konveksi-polo-buat-kaos-polo.jpg.lnk"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322153/; classtype:trojan-activity;sid:84185253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322154)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-425-gallery-1.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322154/; classtype:trojan-activity;sid:84185254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322141)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/armurariu-silimarina-silymarin.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322141/; classtype:trojan-activity;sid:84185241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322142)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.3.2644.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322142/; classtype:trojan-activity;sid:84185242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322143)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/452593353_1036607981801315_6305009473912079275_n-min-837x628.jpg.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322143/; classtype:trojan-activity;sid:84185243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322144)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/24-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322144/; classtype:trojan-activity;sid:84185244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322145)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fl-pl01dr-u-nn-1080x1920-001-450x800.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322145/; classtype:trojan-activity;sid:84185245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322146)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-26-1702381931411_e6d7ffe6-9260-402f-aa07-602c29b92c70_1200x.png.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322146/; classtype:trojan-activity;sid:84185246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322135)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/prospectus.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322135/; classtype:trojan-activity;sid:84185235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322136)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ_2310_4a_tirada_lliga_catalana_3d_rubi9711.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322136/; classtype:trojan-activity;sid:84185236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322137)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rti-on-safety_print.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322137/; classtype:trojan-activity;sid:84185237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322138)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-o0427353l318a-product-image-2-scaled.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322138/; classtype:trojan-activity;sid:84185238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322139)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requirements-sub.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:261; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322139/; classtype:trojan-activity;sid:84185239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322140)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/superman1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322140/; classtype:trojan-activity;sid:84185240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322130)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roller_shades_sunscreen6-scaled.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322130/; classtype:trojan-activity;sid:84185230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322131)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mapa-pousada-mata-atlantica.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322131/; classtype:trojan-activity;sid:84185231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322132)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/louis-vuitton-waterfront-mule-blue-watercolor.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322132/; classtype:trojan-activity;sid:84185232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322133)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fti-mn09-politica-de-tratamiento-de-datos-personales-v2.pdf.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322133/; classtype:trojan-activity;sid:84185233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322134)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/certificacion-de-tarifas-2020-en-formato-pdf.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322134/; classtype:trojan-activity;sid:84185234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322126)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/44e81003929777f199c7591d7a65f252.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322126/; classtype:trojan-activity;sid:84185226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322127)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro2010.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322127/; classtype:trojan-activity;sid:84185227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322128)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/266-ananda-global-school-vejalpur-pro.order-abad-city.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322128/; classtype:trojan-activity;sid:84185228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322129)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02552.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322129/; classtype:trojan-activity;sid:84185229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322120)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-ejecutado-2013-en-formato-pdf.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322120/; classtype:trojan-activity;sid:84185220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322121)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/texto_referencia_fabio.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322121/; classtype:trojan-activity;sid:84185221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322122)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jamaica-fav-icon-150x150.png.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322122/; classtype:trojan-activity;sid:84185222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322123)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17304737756855a1610ec96b144baa2133d72629eb.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322123/; classtype:trojan-activity;sid:84185223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322124)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/colorker-tangram-1.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322124/; classtype:trojan-activity;sid:84185224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322125)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standee-du-hoc-3.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322125/; classtype:trojan-activity;sid:84185225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322119)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-submission-e2.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322119/; classtype:trojan-activity;sid:84185219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322117)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-1.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322117/; classtype:trojan-activity;sid:84185217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322118)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/encuesta-los-lagos-revdege13042017.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322118/; classtype:trojan-activity;sid:84185218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322114)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/102-tvd_p2_depto-juridico.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322114/; classtype:trojan-activity;sid:84185214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322115)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flujo-de-efectivo-2021.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322115/; classtype:trojan-activity;sid:84185215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322116)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/binance-coin-ecosystem-report-20243-5-1.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322116/; classtype:trojan-activity;sid:84185216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322105)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-745.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322105/; classtype:trojan-activity;sid:84185205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322106)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01422-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322106/; classtype:trojan-activity;sid:84185206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322107)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0001.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322107/; classtype:trojan-activity;sid:84185207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322108)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2022_06_memoria_economica_del_ejercial_terminado_al_31_de_agosto_de_2021..pdf.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322108/; classtype:trojan-activity;sid:84185208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322109)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4508-2-scaled.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322109/; classtype:trojan-activity;sid:84185209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322110)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirement.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322110/; classtype:trojan-activity;sid:84185210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322111)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/i-4721-grey.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322111/; classtype:trojan-activity;sid:84185211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322112)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58119_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322112/; classtype:trojan-activity;sid:84185212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322113)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-aprobado-2013.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322113/; classtype:trojan-activity;sid:84185213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322096)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/black-hermes-birkin-bag-30cm-togo-women-s-handbag-33.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322096/; classtype:trojan-activity;sid:84185196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322097)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/notas-2019.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322097/; classtype:trojan-activity;sid:84185197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322098)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-sheer-12.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322098/; classtype:trojan-activity;sid:84185198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322099)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-18.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322099/; classtype:trojan-activity;sid:84185199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322100)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-titulo-2.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322100/; classtype:trojan-activity;sid:84185200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322101)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-diciembre-2019.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322101/; classtype:trojan-activity;sid:84185201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322102)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paginaweb-nota2-10-05-2023-oald.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322102/; classtype:trojan-activity;sid:84185202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322103)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-api-documentation-2024-4.2.9.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322103/; classtype:trojan-activity;sid:84185203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322091)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-legal-contract-20244-4-1.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322091/; classtype:trojan-activity;sid:84185191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322092)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe_temas_de_interes_regional_2024.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322092/; classtype:trojan-activity;sid:84185192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322093)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/conference-template-a4.docx.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322093/; classtype:trojan-activity;sid:84185193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322094)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/407x307-1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322094/; classtype:trojan-activity;sid:84185194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322095)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/balsa.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322095/; classtype:trojan-activity;sid:84185195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322088)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3de4794b-077a-4152-b2a6-d769ae4a13ac.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322088/; classtype:trojan-activity;sid:84185188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322089)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jonction-min-1024x768.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322089/; classtype:trojan-activity;sid:84185189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322090)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57529_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322090/; classtype:trojan-activity;sid:84185190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322083)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/disuport-anggota-dprd-sumedang-warga-desa-raharja-beberesih-jalan.jpeg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322083/; classtype:trojan-activity;sid:84185183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322084)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-32.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322084/; classtype:trojan-activity;sid:84185184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322085)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4776-vzyrjr.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322085/; classtype:trojan-activity;sid:84185185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322086)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20161206-wa0003.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322086/; classtype:trojan-activity;sid:84185186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322087)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-1561-trofeu-hivern-camp.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322087/; classtype:trojan-activity;sid:84185187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322078)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mous.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322078/; classtype:trojan-activity;sid:84185178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322079)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/terence_lee_birkin.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322079/; classtype:trojan-activity;sid:84185179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322080)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-310-mdc-2020-establecer-que-e-otorgan-dichas-facultades-para-poder-conciliar-unicamente-sobre-el-primer-punto-de-la-pretension-de-la-empresa.pdf.lnk"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322080/; classtype:trojan-activity;sid:84185180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322081)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_briefcase_1548096010_83ca6390.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322081/; classtype:trojan-activity;sid:84185181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322082)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-60.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322082/; classtype:trojan-activity;sid:84185182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322076)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-19-at-17.07.09-1-ohozqp.jpeg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322076/; classtype:trojan-activity;sid:84185176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322077)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp5969.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322077/; classtype:trojan-activity;sid:84185177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322073)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-terminal-de-trasnporte-agosto-2024.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322073/; classtype:trojan-activity;sid:84185173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322074)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/exam-notice-ty-2024-ug.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322074/; classtype:trojan-activity;sid:84185174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322075)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requirements-submis.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:264; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322075/; classtype:trojan-activity;sid:84185175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322069)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-25-rock-limited-edition-volupto-palladium-hardware-2.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322069/; classtype:trojan-activity;sid:84185169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322070)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asis-salud-visual-colombia-2016.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322070/; classtype:trojan-activity;sid:84185170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322071)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-building-supply-p42i-tc-pellet-insert-6.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322071/; classtype:trojan-activity;sid:84185171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322072)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/probatorio.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322072/; classtype:trojan-activity;sid:84185172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322062)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/astrum-the-youngest-and-the-fastest-to-break-top-20.pdf.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322062/; classtype:trojan-activity;sid:84185162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322063)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20241203_210447_canva-794x1030.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322063/; classtype:trojan-activity;sid:84185163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322064)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20220524-wa0025-kania-ramalda.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322064/; classtype:trojan-activity;sid:84185164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322065)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/designer-5.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322065/; classtype:trojan-activity;sid:84185165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322066)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/departdechasse3.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322066/; classtype:trojan-activity;sid:84185166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322067)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-eternity-2.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322067/; classtype:trojan-activity;sid:84185167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322068)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/legalitas3.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322068/; classtype:trojan-activity;sid:84185168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322059)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731598338b9c3350e7802f28d1f0301887f76393f.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322059/; classtype:trojan-activity;sid:84185159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322060)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0d7a1545-e1732149910308-siv5ci.jpeg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322060/; classtype:trojan-activity;sid:84185160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322061)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pnrr-reabilitare-si-modernizare-scoala-ion-creanga.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322061/; classtype:trojan-activity;sid:84185161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322053)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bole_sub_city.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322053/; classtype:trojan-activity;sid:84185153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322054)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/skf-lagd-tds.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322054/; classtype:trojan-activity;sid:84185154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afaterr26-1024x1024.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322055/; classtype:trojan-activity;sid:84185155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322056)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs2024_form_personnelgroup_0801_print.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322056/; classtype:trojan-activity;sid:84185156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322057)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-1.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322057/; classtype:trojan-activity;sid:84185157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322058)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b2.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322058/; classtype:trojan-activity;sid:84185158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322050)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9391-1024x683.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322050/; classtype:trojan-activity;sid:84185150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322051)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/projectshipment-ale1.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322051/; classtype:trojan-activity;sid:84185151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322052)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/handbook-2023-24.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322052/; classtype:trojan-activity;sid:84185152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322046)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/revista-bortes-cientificos.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322046/; classtype:trojan-activity;sid:84185146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322047)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/706163162_product1-15-286.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322047/; classtype:trojan-activity;sid:84185147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322048)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/botines_predator_18.3_fg_naranja_db2002.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322048/; classtype:trojan-activity;sid:84185148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322049)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2-royal-palm-baydji_0029-1.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322049/; classtype:trojan-activity;sid:84185149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322041)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-legal-contract-20245-4-3.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322041/; classtype:trojan-activity;sid:84185141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322042)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro2012.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322042/; classtype:trojan-activity;sid:84185142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322043)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/244498944_3021667977957510_5529058727899833239_n-1024x1024.jpg.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322043/; classtype:trojan-activity;sid:84185143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322044)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/broom-finish-1-1.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322044/; classtype:trojan-activity;sid:84185144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322045)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/powder_coating_process_final.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322045/; classtype:trojan-activity;sid:84185145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322035)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unknown1.jpeg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322035/; classtype:trojan-activity;sid:84185135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322036)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/princess-peach-coloring-page-pdf.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322036/; classtype:trojan-activity;sid:84185136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322037)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-81-e1603239847821.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322037/; classtype:trojan-activity;sid:84185137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322038)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmd-ltb-1-1.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322038/; classtype:trojan-activity;sid:84185138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322039)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/linkiq-cable-test-failed.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322039/; classtype:trojan-activity;sid:84185139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322040)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312356858136.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322040/; classtype:trojan-activity;sid:84185140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322026)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wwe-printable-coloring-pages.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322026/; classtype:trojan-activity;sid:84185126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322027)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52361834_6429.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322027/; classtype:trojan-activity;sid:84185127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322028)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/past-awards-2.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322028/; classtype:trojan-activity;sid:84185128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322029)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diagnostico-equidad-de-genero-en-cti-mesa-conicyt_2017.pdf.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322029/; classtype:trojan-activity;sid:84185129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322030)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-042.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322030/; classtype:trojan-activity;sid:84185130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322031)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/438095313_840484191455887_3740096108057751101_n-1.jpg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322031/; classtype:trojan-activity;sid:84185131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322032)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/product-data-sheet-rosemount-3051-pressure-products-en-73134.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322032/; classtype:trojan-activity;sid:84185132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322033)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1469-wr.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322033/; classtype:trojan-activity;sid:84185133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322034)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/77.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322034/; classtype:trojan-activity;sid:84185134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322022)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0005.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322022/; classtype:trojan-activity;sid:84185122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322023)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mobile-home-anchors-feature-img.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322023/; classtype:trojan-activity;sid:84185123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322024)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13062hermeskelly2022blackcrocodilecutclutchwgh_49_995_3_1400x.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322024/; classtype:trojan-activity;sid:84185124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322025)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/live-05-28abril2021-7.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322025/; classtype:trojan-activity;sid:84185125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322021)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20140910_123323.jpg.webp.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322021/; classtype:trojan-activity;sid:84185121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322014)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seema-bihe-poster-print.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322014/; classtype:trojan-activity;sid:84185114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322015)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo9.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322015/; classtype:trojan-activity;sid:84185115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322016)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-concurso-ojo-de-pez-2016.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322016/; classtype:trojan-activity;sid:84185116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322017)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diagnostic-lab-certi-3.png.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322017/; classtype:trojan-activity;sid:84185117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322018)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14597758_22587120_1000.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322018/; classtype:trojan-activity;sid:84185118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322019)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sidewall-standard-15-royal-blue.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322019/; classtype:trojan-activity;sid:84185119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322020)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin_taxation_guide_2024_4.8.6.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322020/; classtype:trojan-activity;sid:84185120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322012)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bole_.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322012/; classtype:trojan-activity;sid:84185112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322013)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-favicon_muffin-300x300.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322013/; classtype:trojan-activity;sid:84185113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322006)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc06507.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322006/; classtype:trojan-activity;sid:84185106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322007)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8a7b49b5-70dc-12cf-73fa-47d3043b71e5.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322007/; classtype:trojan-activity;sid:84185107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322008)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-355-2023-ordenanza-que-regula-la-presentacion-d-edeclaraciones-juradas-de-autoavaluo-y-pago-del-impuesto-predial-2024.pdf.lnk"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322008/; classtype:trojan-activity;sid:84185108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322009)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-10-18-at-10.15.00-3.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322009/; classtype:trojan-activity;sid:84185109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322010)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unnamed-10.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322010/; classtype:trojan-activity;sid:84185110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322011)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0923d584-8195-945e-e7a8-e23e8aca1892.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322011/; classtype:trojan-activity;sid:84185111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322004)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cape-lookout-e1474908984913.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322004/; classtype:trojan-activity;sid:84185104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322005)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standard-electric-furnace-fo510.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322005/; classtype:trojan-activity;sid:84185105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321997)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rti-case-study-superq-getting-back-to-optimal-mech-1-24-23.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321997/; classtype:trojan-activity;sid:84185097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321998)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vacuum-1024x338.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321998/; classtype:trojan-activity;sid:84185098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321999)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321999/; classtype:trojan-activity;sid:84185099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322000)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-52.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322000/; classtype:trojan-activity;sid:84185100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322001)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/z4237113118741_73920792d5db5041dafc728c5e5a62f8-649x1024.jpg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322001/; classtype:trojan-activity;sid:84185101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322002)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/discurso_posse_luciana_conforti.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322002/; classtype:trojan-activity;sid:84185102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3322003)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/513866373372.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3322003/; classtype:trojan-activity;sid:84185103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321991)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54456_11.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321991/; classtype:trojan-activity;sid:84185091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321992)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-tanpa-judul-95.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321992/; classtype:trojan-activity;sid:84185092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321993)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/big_villa_elia_bathroom_2.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321993/; classtype:trojan-activity;sid:84185093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321994)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ev93303_1.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321994/; classtype:trojan-activity;sid:84185094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321995)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2.png.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321995/; classtype:trojan-activity;sid:84185095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321996)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/strategia-podatkowavbartex-papier-firmowy.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321996/; classtype:trojan-activity;sid:84185096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321985)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-4.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321985/; classtype:trojan-activity;sid:84185085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321986)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-117-2022-declarar-la-capacidad-de-alberto-cervantes-zegarra-y-katherine-julissa-choco-paredes.pdf.lnk"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321986/; classtype:trojan-activity;sid:84185086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321987)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/x_____xv1rsjjnow-ox5tqj45zmbq..x_____x_ags_fb5d87d7-9bfe-11ed-9c9d-128668631e0d.png.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321987/; classtype:trojan-activity;sid:84185087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321988)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mapa_powiatu_legionowskiego.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321988/; classtype:trojan-activity;sid:84185088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321989)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/silvas-33-scaled.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321989/; classtype:trojan-activity;sid:84185089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321990)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sr-cara-de-papa-estructuracion.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321990/; classtype:trojan-activity;sid:84185090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321981)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paig-wj1464_v1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321981/; classtype:trojan-activity;sid:84185081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321982)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap_community_guidelines_20241.7.3.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321982/; classtype:trojan-activity;sid:84185082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321983)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fixedratio_20220520173158_nike_paidiko_sneaker_valiant_gia_agori_mple_cn8558_405.jpeg.lnk"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321983/; classtype:trojan-activity;sid:84185083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321984)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-01-26-at-21.36.58.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321984/; classtype:trojan-activity;sid:84185084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321976)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/daily-life-che-wrappo-protein-tortillas-320-gr-8-piade-da-40gr-low-carb-proteiche-keto-friendly.png.lnk"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321976/; classtype:trojan-activity;sid:84185076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321977)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-market-analysis-report-20245.8.6.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321977/; classtype:trojan-activity;sid:84185077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321978)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/premiere-pro-cracked.com.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321978/; classtype:trojan-activity;sid:84185078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321979)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56221_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321979/; classtype:trojan-activity;sid:84185079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321980)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ficha-tecnica-dumper-petrolero-con-cardan-6-ton-4x4-turbo.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321980/; classtype:trojan-activity;sid:84185080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321973)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a17i6520.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321973/; classtype:trojan-activity;sid:84185073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321974)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs2024_exhibitor_sponsor_invitation_20240604.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321974/; classtype:trojan-activity;sid:84185074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321975)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-485-midnight-brushed-gray.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321975/; classtype:trojan-activity;sid:84185075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321971)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cecos-college-newsletter-2023.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321971/; classtype:trojan-activity;sid:84185071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321972)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-tanpa-judul-94.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321972/; classtype:trojan-activity;sid:84185072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321967)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11-7.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321967/; classtype:trojan-activity;sid:84185067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321968)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/481ea88345ed4163ffc4699b9503c739.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321968/; classtype:trojan-activity;sid:84185068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321969)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cmcp700-accelerometers.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321969/; classtype:trojan-activity;sid:84185069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20221121_203659.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321970/; classtype:trojan-activity;sid:84185070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321958)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321958/; classtype:trojan-activity;sid:84185058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321959)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gp-header06.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321959/; classtype:trojan-activity;sid:84185059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321960)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/suspeito-de-matar-homem-em-situacao-de-rua-df-xe18ds.jpeg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321960/; classtype:trojan-activity;sid:84185060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321961)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/man.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321961/; classtype:trojan-activity;sid:84185061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321962)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/learn.skillnation.ai.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321962/; classtype:trojan-activity;sid:84185062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321963)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brochure-la-herencia.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321963/; classtype:trojan-activity;sid:84185063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321964)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/295697186_420421883436143_8405006576493188951_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321964/; classtype:trojan-activity;sid:84185064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321965)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/new-hair-oil-with-box.png.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321965/; classtype:trojan-activity;sid:84185065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321966)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oks-200.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321966/; classtype:trojan-activity;sid:84185066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321953)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59021_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321953/; classtype:trojan-activity;sid:84185053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321954)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informacion-alergenos-manjares_06-1030x728.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321954/; classtype:trojan-activity;sid:84185054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321955)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iqac_21st_feb_2019.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321955/; classtype:trojan-activity;sid:84185055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321956)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/24x31-garage-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321956/; classtype:trojan-activity;sid:84185056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321957)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/26-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321957/; classtype:trojan-activity;sid:84185057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321947)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dpt-2nd-nov.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321947/; classtype:trojan-activity;sid:84185047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321948)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/printable-wwe-coloring-pages.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321948/; classtype:trojan-activity;sid:84185048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321949)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-29-scaled.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321949/; classtype:trojan-activity;sid:84185049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321950)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/worksheet-introduction.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321950/; classtype:trojan-activity;sid:84185050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321951)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9.jpeg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321951/; classtype:trojan-activity;sid:84185051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321952)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59375_31.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321952/; classtype:trojan-activity;sid:84185052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1bac4d52-167a-446e-8514-3bfbfbde9110_1_105_c.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321945/; classtype:trojan-activity;sid:84185045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321946)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/received_1937655746457621.jpeg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321946/; classtype:trojan-activity;sid:84185046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321935)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-develo.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321935/; classtype:trojan-activity;sid:84185035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321936)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srbija.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321936/; classtype:trojan-activity;sid:84185036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321937)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/violine_1.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321937/; classtype:trojan-activity;sid:84185037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321938)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-terminal-de-trasnporte-abril-2024.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321938/; classtype:trojan-activity;sid:84185038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321939)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aqar-2017-18.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321939/; classtype:trojan-activity;sid:84185039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321940)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anunt-privind-programarea-pentru-depunerea-cererii-pentru-eliberarea-actului-de-identitate-3.pdf.lnk"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321940/; classtype:trojan-activity;sid:84185040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321941)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00197630160527____2__640x640.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321941/; classtype:trojan-activity;sid:84185041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321942)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lavagem-e-impermeabiliza25252525252525252525252525c325252525252525252525252525a725252525252525252525252525c325252525252525252525252525a3o-em-estofados.mp4.lnk"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321942/; classtype:trojan-activity;sid:84185042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321943)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/settlement-approval.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321943/; classtype:trojan-activity;sid:84185043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321944)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cl-too-much-news.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321944/; classtype:trojan-activity;sid:84185044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321931)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_15.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321931/; classtype:trojan-activity;sid:84185031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321932)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aluminum-color-chart.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321932/; classtype:trojan-activity;sid:84185032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321933)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kycra02.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321933/; classtype:trojan-activity;sid:84185033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321934)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sinplantas-1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321934/; classtype:trojan-activity;sid:84185034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321929)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mpt-fim-desconto-folha-contribuicao.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321929/; classtype:trojan-activity;sid:84185029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321930)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0077.jpeg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321930/; classtype:trojan-activity;sid:84185030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321922)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deska-sedesowa-z-funkcja-bidetu-majormaker-rubine-290b-1.jpg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321922/; classtype:trojan-activity;sid:84185022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321923)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/club-deportivo-malaga-1903-3.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321923/; classtype:trojan-activity;sid:84185023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321924)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-sac-a-bride-bag.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321924/; classtype:trojan-activity;sid:84185024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321925)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/conferencia-3.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321925/; classtype:trojan-activity;sid:84185025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321926)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modelo-18.03-citacion-reunion-eleccion-presidente.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321926/; classtype:trojan-activity;sid:84185026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321927)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-9.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321927/; classtype:trojan-activity;sid:84185027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321928)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/defining-the-persuables.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321928/; classtype:trojan-activity;sid:84185028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321918)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_16.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321918/; classtype:trojan-activity;sid:84185018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321919)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp8122.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321919/; classtype:trojan-activity;sid:84185019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321920)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capsicum.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321920/; classtype:trojan-activity;sid:84185020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321921)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spilebenk.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321921/; classtype:trojan-activity;sid:84185021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321911)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryp.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:227; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321911/; classtype:trojan-activity;sid:84185011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321912)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.-27.11.2024-per-portalin-24-25.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321912/; classtype:trojan-activity;sid:84185012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321913)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/st.-simons-681x1024.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321913/; classtype:trojan-activity;sid:84185013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321914)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zvap-fier-2024-id-1.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321914/; classtype:trojan-activity;sid:84185014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321915)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/copia-de-lucas_00004.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321915/; classtype:trojan-activity;sid:84185015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321916)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-roadmap-2024-2-6-4.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321916/; classtype:trojan-activity;sid:84185016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321917)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/343683473_967122571110867_4262691633603990226_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321917/; classtype:trojan-activity;sid:84185017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321908)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfin-top-20-list-of-stockholder.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321908/; classtype:trojan-activity;sid:84185008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321909)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/olive-health.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321909/; classtype:trojan-activity;sid:84185009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321910)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4090.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321910/; classtype:trojan-activity;sid:84185010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321902)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logos-07.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321902/; classtype:trojan-activity;sid:84185002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321903)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/113409984586.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321903/; classtype:trojan-activity;sid:84185003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321904)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sino1.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321904/; classtype:trojan-activity;sid:84185004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321905)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zebar-academic-calendar-2023-24-for-website.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321905/; classtype:trojan-activity;sid:84185005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321906)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/australia-2021.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321906/; classtype:trojan-activity;sid:84185006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321907)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/33029_0.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321907/; classtype:trojan-activity;sid:84185007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321899)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/age25252525252525252525252525252525252525252525252520corte.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321899/; classtype:trojan-activity;sid:84184999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321900)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-0113-lliga-catalana-camp1.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321900/; classtype:trojan-activity;sid:84185000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321901)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5864__6411.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321901/; classtype:trojan-activity;sid:84185001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321893)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img20240306201604288med-oteow9.jpeg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321893/; classtype:trojan-activity;sid:84184993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321894)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/239093181_106309135098913_5917803748630888145_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321894/; classtype:trojan-activity;sid:84184994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321895)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/474_resized_detail_800_0_0_1_1.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321895/; classtype:trojan-activity;sid:84184995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321896)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc08636-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321896/; classtype:trojan-activity;sid:84184996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321897)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/molde-lembrancinha-pequeno-principe.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321897/; classtype:trojan-activity;sid:84184997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321898)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/637278bb-4ff0-4a1d-a8b9-d7ff534efdc5.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321898/; classtype:trojan-activity;sid:84184998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321891)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9_e635cebe-48ee-4ec1-bb44-96cc45c78b07_1024x.png.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321891/; classtype:trojan-activity;sid:84184991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321892)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/esculturas-lego-mas-caro.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321892/; classtype:trojan-activity;sid:84184992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shchity.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321890/; classtype:trojan-activity;sid:84184990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321882)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_concurso_fotografico.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321882/; classtype:trojan-activity;sid:84184982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321883)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cel1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321883/; classtype:trojan-activity;sid:84184983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321884)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/714061271026.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321884/; classtype:trojan-activity;sid:84184984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321885)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321885/; classtype:trojan-activity;sid:84184985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321886)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-speed-shelter-punch-red-black.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321886/; classtype:trojan-activity;sid:84184986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321887)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rregullore-e-brendshme-zvap-fier-2023.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321887/; classtype:trojan-activity;sid:84184987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321888)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/139-armario-ropa-muneca-madera-abierto-completo.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321888/; classtype:trojan-activity;sid:84184988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321889)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59426_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321889/; classtype:trojan-activity;sid:84184989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321873)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/merlin_153075807_4ba34de9-e975-4d78-ae00-cfbee5c4468a-articlelarge.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321873/; classtype:trojan-activity;sid:84184973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321874)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731504820e78a2fbcbdf20c896675c0edf7cc4be0.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321874/; classtype:trojan-activity;sid:84184974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321875)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-pipe-par-explora-antofagasta.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321875/; classtype:trojan-activity;sid:84184975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321876)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-265.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321876/; classtype:trojan-activity;sid:84184976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321877)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ato-da-presidencia-no-02.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321877/; classtype:trojan-activity;sid:84184977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321879)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58119_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321879/; classtype:trojan-activity;sid:84184979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321880)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image00004-3.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321880/; classtype:trojan-activity;sid:84184980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321881)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-10.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321881/; classtype:trojan-activity;sid:84184981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321871)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_7757-4500-x-3000-2250-x-1500.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321871/; classtype:trojan-activity;sid:84184971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321872)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3473-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321872/; classtype:trojan-activity;sid:84184972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321865)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anunt-privind-programarea-pentru-depunerea-cererii-pentru-eliberarea-actului-de-identitate-2.pdf.lnk"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321865/; classtype:trojan-activity;sid:84184965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321866)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/30-07-20_webinar-munshi-premchand-ke-katha-sahitya-mein-samajik-sarokar.pdf.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321866/; classtype:trojan-activity;sid:84184966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321867)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6523-min-1-scaled.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321867/; classtype:trojan-activity;sid:84184967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321868)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55769_17.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321868/; classtype:trojan-activity;sid:84184968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321869)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/finish-colors.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321869/; classtype:trojan-activity;sid:84184969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321870)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20240229_150601-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321870/; classtype:trojan-activity;sid:84184970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321862)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-24-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321862/; classtype:trojan-activity;sid:84184962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321863)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-pipe-2023.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321863/; classtype:trojan-activity;sid:84184963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321864)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guia-de-impuestos-cardano-2024-1-6-2.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321864/; classtype:trojan-activity;sid:84184964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321858)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20160117_141729_1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321858/; classtype:trojan-activity;sid:84184958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321859)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21524987-0-105330-camry.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321859/; classtype:trojan-activity;sid:84184959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321860)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cars-lightning-mcqueen-coloring-pages.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321860/; classtype:trojan-activity;sid:84184960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321861)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11-1069x800.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321861/; classtype:trojan-activity;sid:84184961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321852)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc03154.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321852/; classtype:trojan-activity;sid:84184952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321853)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gullele_.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321853/; classtype:trojan-activity;sid:84184953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321854)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/riscolcd_lightsys.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321854/; classtype:trojan-activity;sid:84184954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321855)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/statistics-facts-2017.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321855/; classtype:trojan-activity;sid:84184955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321856)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/13.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321856/; classtype:trojan-activity;sid:84184956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321857)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e9d1b830-9df4-47a2-b4a3-b74e889b3ca5_1024x1024.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321857/; classtype:trojan-activity;sid:84184957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54456_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321848/; classtype:trojan-activity;sid:84184948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321849)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17304737959c610b087982f83dfd8e0072088d67fc.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321849/; classtype:trojan-activity;sid:84184949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321850)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59216_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321850/; classtype:trojan-activity;sid:84184950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321851)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hello.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321851/; classtype:trojan-activity;sid:84184951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321843)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-label-layer-system-03.png.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321843/; classtype:trojan-activity;sid:84184943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321844)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/your-name-1.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321844/; classtype:trojan-activity;sid:84184944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321845)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-dkn612.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321845/; classtype:trojan-activity;sid:84184945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321846)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/398427484_910177667499261_4826532386039866147_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321846/; classtype:trojan-activity;sid:84184946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321847)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h3a1482-wr-1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321847/; classtype:trojan-activity;sid:84184947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321840)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-02-derecho-de-preferencia.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321840/; classtype:trojan-activity;sid:84184940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321841)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1038.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321841/; classtype:trojan-activity;sid:84184941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321842)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pool.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321842/; classtype:trojan-activity;sid:84184942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321832)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estructuracion-espacio.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321832/; classtype:trojan-activity;sid:84184932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321833)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0249-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321833/; classtype:trojan-activity;sid:84184933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321834)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/smith-wesson-2.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321834/; classtype:trojan-activity;sid:84184934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321835)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oficio_atonormativo0002.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321835/; classtype:trojan-activity;sid:84184935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321836)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mixer-vacuum.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321836/; classtype:trojan-activity;sid:84184936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321837)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-435-gallery-1.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321837/; classtype:trojan-activity;sid:84184937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321838)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3432-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321838/; classtype:trojan-activity;sid:84184938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321839)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c21u6056.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321839/; classtype:trojan-activity;sid:84184939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321826)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iso14001-2.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321826/; classtype:trojan-activity;sid:84184926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321827)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238783512_106308851765608_1971888065596184737_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321827/; classtype:trojan-activity;sid:84184927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321828)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standee-hoi-cho-5.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321828/; classtype:trojan-activity;sid:84184928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321829)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/download-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321829/; classtype:trojan-activity;sid:84184929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321830)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8.-ws2-integrated-charging-exposed-cable-zw1002-vietnamese.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321830/; classtype:trojan-activity;sid:84184930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321831)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/junior-a-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321831/; classtype:trojan-activity;sid:84184931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321824)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/exclusive_right_to_sell.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321824/; classtype:trojan-activity;sid:84184924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321825)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cinco-rios-fishing05.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321825/; classtype:trojan-activity;sid:84184925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/servotech2.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321820/; classtype:trojan-activity;sid:84184920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321821)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pic-37-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321821/; classtype:trojan-activity;sid:84184921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321822)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/undangan-pkks.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321822/; classtype:trojan-activity;sid:84184922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321823)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02011-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321823/; classtype:trojan-activity;sid:84184923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321814)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa-in-vendita-n.-1-5.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321814/; classtype:trojan-activity;sid:84184914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321815)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/double-chamber-incubator-low-temp.-iq822.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321815/; classtype:trojan-activity;sid:84184915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321816)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/macaslang-1.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321816/; classtype:trojan-activity;sid:84184916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321817)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/635-1.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321817/; classtype:trojan-activity;sid:84184917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lightweight-football-boots.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321818/; classtype:trojan-activity;sid:84184918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321819)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/garden-to-table-10-communication-tips-to-change-the-climate-story.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321819/; classtype:trojan-activity;sid:84184919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321808)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20221016_113256.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321808/; classtype:trojan-activity;sid:84184908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321809)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55545_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321809/; classtype:trojan-activity;sid:84184909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321810)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dexfywhitepaper2.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321810/; classtype:trojan-activity;sid:84184910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321811)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ev-toner-box_1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321811/; classtype:trojan-activity;sid:84184911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321812)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/44486374202_b69e6cb584_z.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321812/; classtype:trojan-activity;sid:84184912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321813)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wwe-belt-coloring-pages.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321813/; classtype:trojan-activity;sid:84184913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321803)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso1-2019.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321803/; classtype:trojan-activity;sid:84184903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321804)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/institutional-distinctiveness-1.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321804/; classtype:trojan-activity;sid:84184904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321805)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/419a4364.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321805/; classtype:trojan-activity;sid:84184905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321806)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/btn-sat-2-300-rh-1.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321806/; classtype:trojan-activity;sid:84184906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321807)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cmcp7504ds.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321807/; classtype:trojan-activity;sid:84184907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321798)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59138_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321798/; classtype:trojan-activity;sid:84184898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321799)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deducerea-personala-extras-codul-fiscal.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321799/; classtype:trojan-activity;sid:84184899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321800)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/climbing-wall.jpeg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321800/; classtype:trojan-activity;sid:84184900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321801)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/305211642_477252251078155_1292740123795811122_n.png.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321801/; classtype:trojan-activity;sid:84184901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321802)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lightloft-decorativelightingguide2021.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321802/; classtype:trojan-activity;sid:84184902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321790)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/etyeki-furdoszobaszalon-3-1.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321790/; classtype:trojan-activity;sid:84184890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321791)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321791/; classtype:trojan-activity;sid:84184891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02514-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321792/; classtype:trojan-activity;sid:84184892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321793)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/recomendaciones-alojamiento-arcogptoledo19.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321793/; classtype:trojan-activity;sid:84184893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321794)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1673.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321794/; classtype:trojan-activity;sid:84184894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321795)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rizol-topgear-lithium-complex-240-tds.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321795/; classtype:trojan-activity;sid:84184895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321796)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/conversatorio-web-rdc.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321796/; classtype:trojan-activity;sid:84184896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321797)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/autorizaci2525252525252525252525252525c32525252525252525252525252525b3n-uso-de-datos.docx.lnk"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321797/; classtype:trojan-activity;sid:84184897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-neutra-4.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321786/; classtype:trojan-activity;sid:84184886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/afa-diciembre-1024x1024.png.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321787/; classtype:trojan-activity;sid:84184887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galleryimage6-1.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321788/; classtype:trojan-activity;sid:84184888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321789)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tcc-formulario-2018.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321789/; classtype:trojan-activity;sid:84184889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucion-14-2021-escala-honorarios-1.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321784/; classtype:trojan-activity;sid:84184884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/371-2.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321785/; classtype:trojan-activity;sid:84184885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phan-mem-trinh-chieu-co-doc-v4-1-1.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321783/; classtype:trojan-activity;sid:84184883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majocchi_modello231.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321780/; classtype:trojan-activity;sid:84184880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1503995576_node.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321781/; classtype:trojan-activity;sid:84184881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238723692_106311721765321_6537543260628622253_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321782/; classtype:trojan-activity;sid:84184882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1965.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321774/; classtype:trojan-activity;sid:84184874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugi.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321775/; classtype:trojan-activity;sid:84184875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estatutos-de-la-terminal-de-transporte-en-pdf.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321776/; classtype:trojan-activity;sid:84184876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-de-jane-birkin-en-robe-haute-couture.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321777/; classtype:trojan-activity;sid:84184877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mms-hi-protein-peanut-scatola-da-12-barrette-.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321778/; classtype:trojan-activity;sid:84184878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vantage-brochure.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321779/; classtype:trojan-activity;sid:84184879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iag-job-description.docx.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321764/; classtype:trojan-activity;sid:84184864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-kemeja-konveksi-baju-safety.jpg.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321765/; classtype:trojan-activity;sid:84184865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_2580_foto-1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321766/; classtype:trojan-activity;sid:84184866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-food-booth-sidewall-punch-red.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321767/; classtype:trojan-activity;sid:84184867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321768)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-lumina-2.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321768/; classtype:trojan-activity;sid:84184868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana_mining_setup_guide_2024_1.5.1.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321769/; classtype:trojan-activity;sid:84184869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1sur-poniente.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321770/; classtype:trojan-activity;sid:84184870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-building-supply-p42i-tc-pellet-insert-2.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321771/; classtype:trojan-activity;sid:84184871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/technical-background-report-climate-change-impacts-of-pharmaceutical-packaging.pdf.lnk"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321772/; classtype:trojan-activity;sid:84184872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321773)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1ef2e060bef14631afb3ac6b526faa58_lampiran_undangan_reksa_bandha_2023.pdf-1-copy.pdf.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321773/; classtype:trojan-activity;sid:84184873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321762/; classtype:trojan-activity;sid:84184862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321763/; classtype:trojan-activity;sid:84184863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/713004714878.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321753/; classtype:trojan-activity;sid:84184853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preguntas-ludo-aves-de-humedales.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321754/; classtype:trojan-activity;sid:84184854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321755)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ecp-diciembre-2022.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321755/; classtype:trojan-activity;sid:84184855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321756)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/536bbb6d69922719a54afc55320de410d978464a.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321756/; classtype:trojan-activity;sid:84184856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mailto2525252525252525252525253acv25252525252525252525252540aliphdeen.com.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321757/; classtype:trojan-activity;sid:84184857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-postulacion-capacitacion_2019.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321758/; classtype:trojan-activity;sid:84184858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_23.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321759/; classtype:trojan-activity;sid:84184859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-5.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321760/; classtype:trojan-activity;sid:84184860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/newsflash-jan-10th-14th-2024.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321761/; classtype:trojan-activity;sid:84184861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321750)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cch-robert15ngrih-rossignol-rsgl-segunda-capa-hombre-azul-2.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321750/; classtype:trojan-activity;sid:84184850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57334_13.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321751/; classtype:trojan-activity;sid:84184851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/organization_chart.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321752/; classtype:trojan-activity;sid:84184852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-submission-e.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:201; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321748/; classtype:trojan-activity;sid:84184848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-85-scaled.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321749/; classtype:trojan-activity;sid:84184849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/quychenoibocongty2021a.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321744/; classtype:trojan-activity;sid:84184844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/manipulator_dotykowy-prosys-rp128kp0100a-z-czytnikiem--1.jpg.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321745/; classtype:trojan-activity;sid:84184845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4dentronota-espacio4-vyo-07-05-2021-1.png.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321746/; classtype:trojan-activity;sid:84184846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aphmau-color-pages.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321747/; classtype:trojan-activity;sid:84184847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321741)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20200213-wa0055-768x1024.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321741/; classtype:trojan-activity;sid:84184841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aave-governance-proposal-20244.0.3.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321742/; classtype:trojan-activity;sid:84184842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informacion-alergenos-manjares_04-1030x728.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321743/; classtype:trojan-activity;sid:84184843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ps-min-1.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321735/; classtype:trojan-activity;sid:84184835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/18-signs-of-a-gifted-child-s-factor-of-intelligence.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321736/; classtype:trojan-activity;sid:84184836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55545_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321737/; classtype:trojan-activity;sid:84184837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321738)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery-img-2.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321738/; classtype:trojan-activity;sid:84184838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321739)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-11-21-at-10.48.18.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321739/; classtype:trojan-activity;sid:84184839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321740)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1730990563c2871b0573f3cad5009e2dd5de731025.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321740/; classtype:trojan-activity;sid:84184840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sop-for-students.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321730/; classtype:trojan-activity;sid:84184830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321731)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento-torneo-de-debates-2019-1.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321731/; classtype:trojan-activity;sid:84184831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321732)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/trofeo-navidad-sala-2019-2020.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321732/; classtype:trojan-activity;sid:84184832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/r5-planification-geospatiale-rapport-final-v12-annexe.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321733/; classtype:trojan-activity;sid:84184833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/princess-peach-coloring-page-printable.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321734/; classtype:trojan-activity;sid:84184834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321723)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jn2021-mod_12-maarten_vanden_abeele-11-copia.jpg.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321723/; classtype:trojan-activity;sid:84184823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anexo-3-campamento.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321724/; classtype:trojan-activity;sid:84184824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57127_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321725/; classtype:trojan-activity;sid:84184825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321726)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-1813-lliga-cat-v2-airelliure.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321726/; classtype:trojan-activity;sid:84184826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/yesh-2020-ed-5-10-24-vol-173-en-esp-04-41-scaled.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321727/; classtype:trojan-activity;sid:84184827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mod.-delega-ritiro.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321728/; classtype:trojan-activity;sid:84184828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-259.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321729/; classtype:trojan-activity;sid:84184829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galleryimage4-1.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321720/; classtype:trojan-activity;sid:84184820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-114-scaled.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321721/; classtype:trojan-activity;sid:84184821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-117-scaled.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321722/; classtype:trojan-activity;sid:84184822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_8316.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321715/; classtype:trojan-activity;sid:84184815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/himanshu-x-yogita-4-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321716/; classtype:trojan-activity;sid:84184816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321717)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170045_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321717/; classtype:trojan-activity;sid:84184817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/details-of-application-form.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321718/; classtype:trojan-activity;sid:84184818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ficha_inscricaodh2018.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321719/; classtype:trojan-activity;sid:84184819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321709)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/800x600-nota2-11-08-2022-oald.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321709/; classtype:trojan-activity;sid:84184809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321710)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/medidas-barrera-antiparking.png.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321710/; classtype:trojan-activity;sid:84184810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321711)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/guida-stellar-nft-20244.9.0.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321711/; classtype:trojan-activity;sid:84184811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321712)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-1420-uniformitat-esportistes-catalans4.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321712/; classtype:trojan-activity;sid:84184812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321713)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vt-13-24-imagen-bugambilia-col-jardin-nava.-miguel-cavazos-1500000.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321713/; classtype:trojan-activity;sid:84184813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/100-gerencia-general.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321714/; classtype:trojan-activity;sid:84184814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321705)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56973_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321705/; classtype:trojan-activity;sid:84184805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321706)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ebook_mentalidade_implacavel.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321706/; classtype:trojan-activity;sid:84184806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bannery_vizualni_dnc2.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321707/; classtype:trojan-activity;sid:84184807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321708)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59980_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321708/; classtype:trojan-activity;sid:84184808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321704)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plants-vs-zombies-printable-coloring-pages.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321704/; classtype:trojan-activity;sid:84184804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321700)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/victimologia-1.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321700/; classtype:trojan-activity;sid:84184800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321701)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plan-de-accion-2023-v1.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321701/; classtype:trojan-activity;sid:84184801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321702)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-53-radicado-4379372024-nombre-peticionario-anonimo.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321702/; classtype:trojan-activity;sid:84184802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321703)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321703/; classtype:trojan-activity;sid:84184803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321694)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/713981994640.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321694/; classtype:trojan-activity;sid:84184794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321695)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/us-1070s.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321695/; classtype:trojan-activity;sid:84184795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321696)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/custom-warbird-glock-19.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321696/; classtype:trojan-activity;sid:84184796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321697)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p1060603.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321697/; classtype:trojan-activity;sid:84184797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321698)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pyramid-brochure.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321698/; classtype:trojan-activity;sid:84184798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321699)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-wallet-setup-guide-2024-4-6-2.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321699/; classtype:trojan-activity;sid:84184799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321685)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3168f.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321685/; classtype:trojan-activity;sid:84184785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321686)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/blk-1-6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321686/; classtype:trojan-activity;sid:84184786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321687)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1603028530137.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321687/; classtype:trojan-activity;sid:84184787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321688)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/384884_951595_trofa_c_us1___zanoello_web_.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321688/; classtype:trojan-activity;sid:84184788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321690)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-210-scaled.jpeg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321690/; classtype:trojan-activity;sid:84184790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321691)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jardin-potager-mara-chage-en-milieu-aride.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321691/; classtype:trojan-activity;sid:84184791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321692)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/botas-chelsea-track-filipa-hagg-kuah--720x9002525252525252540mujerhoy.jpg.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321692/; classtype:trojan-activity;sid:84184792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/168262570017bfdb4d9780ee53d42a50b461a61c92.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321693/; classtype:trojan-activity;sid:84184793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321679)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bvc-rectificare-iulie-2023-hcl-nr.27.07.2023-1.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321679/; classtype:trojan-activity;sid:84184779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321680)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-103.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321680/; classtype:trojan-activity;sid:84184780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321681)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cecos-college.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321681/; classtype:trojan-activity;sid:84184781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321682)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ginastica-artistica-atletas-que-treinam-no-cem-setor-leste-disputarao-finais-por-aparelhos-foto-3-3p1ey8.jpeg.lnk"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321682/; classtype:trojan-activity;sid:84184782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321683)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-tbs-bb800-da-82-1.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321683/; classtype:trojan-activity;sid:84184783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321684)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thumbnail-xit-hong-bifenxe-1.png.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321684/; classtype:trojan-activity;sid:84184784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-bld-201r-1.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321675/; classtype:trojan-activity;sid:84184775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321676)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cua-nhom-thuy-luc-7-2.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321676/; classtype:trojan-activity;sid:84184776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321677)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/elc-picture.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321677/; classtype:trojan-activity;sid:84184777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321678)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zo-phualva-thupuak-vol-09-issue-06.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321678/; classtype:trojan-activity;sid:84184778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321666)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02588_f0d915aa-4aac-4845-8417-c0d4af3a7e0e_1024x.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321666/; classtype:trojan-activity;sid:84184766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321667)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-iie-rectificadas.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321667/; classtype:trojan-activity;sid:84184767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321668)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-30-at-14.55.12-1.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321668/; classtype:trojan-activity;sid:84184768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321669)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aulas4.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321669/; classtype:trojan-activity;sid:84184769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321670)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/psychology-course_outcome.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321670/; classtype:trojan-activity;sid:84184770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321671)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/revista-ciencia-explora_4.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321671/; classtype:trojan-activity;sid:84184771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321672)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-buy-a-birkin_1024x1024.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321672/; classtype:trojan-activity;sid:84184772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321673)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/62064_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321673/; classtype:trojan-activity;sid:84184773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321674)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6686.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321674/; classtype:trojan-activity;sid:84184774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-septiembre-2023.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321664/; classtype:trojan-activity;sid:84184764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3942fileminimizer.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321665/; classtype:trojan-activity;sid:84184765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brochure.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321663/; classtype:trojan-activity;sid:84184763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politica-seguridad-en-informacion.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321655/; classtype:trojan-activity;sid:84184755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.png.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321656/; classtype:trojan-activity;sid:84184756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2sur-oriente.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321657/; classtype:trojan-activity;sid:84184757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5006-scaled.jpeg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321658/; classtype:trojan-activity;sid:84184758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/condor-summer-bonanza-scratch-card-offer-english.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321659/; classtype:trojan-activity;sid:84184759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-156-presentacion-c.-sinaloa-1105-col.-roma-2.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321660/; classtype:trojan-activity;sid:84184760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321661)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-10.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321661/; classtype:trojan-activity;sid:84184761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0012.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321662/; classtype:trojan-activity;sid:84184762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/printable-aphmau-coloring-pages.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321645/; classtype:trojan-activity;sid:84184745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/08_june_prospectus_2024_25.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321646/; classtype:trojan-activity;sid:84184746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aakanksha-x-vivek-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321647/; classtype:trojan-activity;sid:84184747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cwreport2015-16.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321648/; classtype:trojan-activity;sid:84184748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-046.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321649/; classtype:trojan-activity;sid:84184749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryadobe-photoshop-crack.comcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:247; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321650/; classtype:trojan-activity;sid:84184750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ckkurumsal04b.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321651/; classtype:trojan-activity;sid:84184751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321652)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14607319028777.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321652/; classtype:trojan-activity;sid:84184752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cotton-farm-clothing-limited.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321653/; classtype:trojan-activity;sid:84184753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20141022_131211-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321654/; classtype:trojan-activity;sid:84184754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1664.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321641/; classtype:trojan-activity;sid:84184741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1676340965333-scaled.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321642/; classtype:trojan-activity;sid:84184742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/skf-lagd-msds.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321643/; classtype:trojan-activity;sid:84184743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/noi-that-nhat-ban-2.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321644/; classtype:trojan-activity;sid:84184744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eclipse-10x10-punch-red-black-featured.jpg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321635/; classtype:trojan-activity;sid:84184735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/prestan-manikin-warranty.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321636/; classtype:trojan-activity;sid:84184736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/arada_sub_city_map.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321637/; classtype:trojan-activity;sid:84184737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc03029.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321638/; classtype:trojan-activity;sid:84184738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-xix-trofeu-ciutat-de-lleida.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321639/; classtype:trojan-activity;sid:84184739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-integral-junio-2020.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321640/; classtype:trojan-activity;sid:84184740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carmel-society-registration.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321631/; classtype:trojan-activity;sid:84184731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/017_origin-soho-bkk_angle_type-a_c2_final.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321632/; classtype:trojan-activity;sid:84184732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/595_a.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321633/; classtype:trojan-activity;sid:84184733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6954-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321634/; classtype:trojan-activity;sid:84184734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/articles-118384_recurso_pdf.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321628/; classtype:trojan-activity;sid:84184728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2019rapportactivit252525252525252525252525252525252525c3252525252525252525252525252525252525a9s_reduce.pdf.lnk"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321629/; classtype:trojan-activity;sid:84184729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/301-tvd_p2_depto-operativo-seguridad.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321630/; classtype:trojan-activity;sid:84184730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/esclusas.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321625/; classtype:trojan-activity;sid:84184725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-congreso-regional.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321626/; classtype:trojan-activity;sid:84184726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kelly-rutherford-hermes-birkin-ostrich-2.jpg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321627/; classtype:trojan-activity;sid:84184727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/laufen_palomba_-4.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321619/; classtype:trojan-activity;sid:84184719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2b212a896345eb8408f68a1693449ab8.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321620/; classtype:trojan-activity;sid:84184720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/244268549_3016852238439084_4742505850624171181_n.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321621/; classtype:trojan-activity;sid:84184721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imag0034.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321622/; classtype:trojan-activity;sid:84184722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/schnell-robomaster-60-evo.png.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321623/; classtype:trojan-activity;sid:84184723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscn1762.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321624/; classtype:trojan-activity;sid:84184724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-produk-bandung-2-1.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321613/; classtype:trojan-activity;sid:84184713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-ppto-junio-30-2024.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321614/; classtype:trojan-activity;sid:84184714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resol.-exta.-114-adjudica-concurso-salud-mental_acta-evaluacio2525252525252525252525252525252525cc252525252525252525252525252525252581n.pdf.lnk"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321615/; classtype:trojan-activity;sid:84184715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321616)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lab-1024x338.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321616/; classtype:trojan-activity;sid:84184716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landaffidavit2019.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321617/; classtype:trojan-activity;sid:84184717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-12-20-at-09.13.55-2.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321618/; classtype:trojan-activity;sid:84184718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acer-aspire-5-a514-54-53s3-intel-core-i5-1135g7-front_5_1.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321601/; classtype:trojan-activity;sid:84184701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49700_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321602/; classtype:trojan-activity;sid:84184702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iml-curitiba-jyqols.jpeg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321603/; classtype:trojan-activity;sid:84184703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/30010659_001_357.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321604/; classtype:trojan-activity;sid:84184704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/newsletter-2024.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321605/; classtype:trojan-activity;sid:84184705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juegos-gratis-de-cocina.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321606/; classtype:trojan-activity;sid:84184706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-6.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321607/; classtype:trojan-activity;sid:84184707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20241116-wa0077.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321608/; classtype:trojan-activity;sid:84184708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/funci2525252525252525252525252525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525252525252525252525252525b3nfiscal-2.png.lnk"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321609/; classtype:trojan-activity;sid:84184709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/younger-2020-ed-5-10-24-vol-173-mx-03-39-scaled.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321610/; classtype:trojan-activity;sid:84184710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1112259768184.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321611/; classtype:trojan-activity;sid:84184711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mikko.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321612/; classtype:trojan-activity;sid:84184712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/i3ydluxfnf.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321596/; classtype:trojan-activity;sid:84184696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/08.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321597/; classtype:trojan-activity;sid:84184697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20241023_144112.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321598/; classtype:trojan-activity;sid:84184698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gpc-mn01-gestion-inmobiliaria.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321599/; classtype:trojan-activity;sid:84184699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-marzo-2023.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321600/; classtype:trojan-activity;sid:84184700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_b0e3b49d4d3493ef1491407514b69bbf.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321593/; classtype:trojan-activity;sid:84184693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rgm-021-2021-mdc-aprobar-la-directiva-sobre-recepcion-y-atencion-de-denuncias-en-contra-de-los-funcionarios-y-servidores-que-vulneren-las-normas-del-codigo-de-etica-en-la-mdc.pdf.lnk"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321594/; classtype:trojan-activity;sid:84184694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/in_house_alumni.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321595/; classtype:trojan-activity;sid:84184695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c__iqac_minutes_and_action_report_26th_sep_2019.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321590/; classtype:trojan-activity;sid:84184690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryecp-dic-2023-1.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321591/; classtype:trojan-activity;sid:84184691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1717398468_gelis__mekte_olan_pazarlar_bo__lgesi_smm_ve_sag__l__k_kurumlar___etkiles__im_direkto__ru___elif_diler_o__zsu__t-2.jpeg.lnk"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321592/; classtype:trojan-activity;sid:84184692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acte-necesare-pentru-acordarea-indemnizatiei-de-crestere-a-copilului-1.pdf.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321584/; classtype:trojan-activity;sid:84184684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/235011001-diciembre_2016-estado_de_cambios_en_el_patrimonio-16-02-2017_09-08-am.pdf.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321585/; classtype:trojan-activity;sid:84184685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0594-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321586/; classtype:trojan-activity;sid:84184686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-262-2022-declarar-la-capacidad-de-marco-antonio-aquino-mamani-y-leticia-benique-sarayasi.pdf.lnk"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321587/; classtype:trojan-activity;sid:84184687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6688.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321588/; classtype:trojan-activity;sid:84184688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-junio-2019.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321589/; classtype:trojan-activity;sid:84184689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo5.jpeg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321581/; classtype:trojan-activity;sid:84184681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2023-mes-a-mes-por-corredor.xlsx.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321582/; classtype:trojan-activity;sid:84184682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/171223_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321583/; classtype:trojan-activity;sid:84184683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-evelyne-review.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321570/; classtype:trojan-activity;sid:84184670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/listado-de-directivos-terminal-de-transporte-s-1.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321571/; classtype:trojan-activity;sid:84184671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rf201117-c.-oferta-parcial-monitor-valladolid-2017.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321572/; classtype:trojan-activity;sid:84184672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/college-handbook-20-21.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321573/; classtype:trojan-activity;sid:84184673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iqac18jan2018.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321574/; classtype:trojan-activity;sid:84184674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscinas-15-elite.png.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321575/; classtype:trojan-activity;sid:84184675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cdcmx-puebla1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321576/; classtype:trojan-activity;sid:84184676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-365-2024-otorga-beneficios-por-regularizar-la-instalacion-de-elementos-de-seguridad-en-el-distrito-de-cayma.pdf.lnk"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321577/; classtype:trojan-activity;sid:84184677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phan-mem-trinh-chieu-co-doc-v4-1-7.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321578/; classtype:trojan-activity;sid:84184678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-sol-logo.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321579/; classtype:trojan-activity;sid:84184679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunline-spec-sheet-for-one-coat-stucco-sanded.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321580/; classtype:trojan-activity;sid:84184680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adolescentes-programa-completo.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321561/; classtype:trojan-activity;sid:84184661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9_10_11zon.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321562/; classtype:trojan-activity;sid:84184662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/348447679_202225359317621_4839231213764857199_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321563/; classtype:trojan-activity;sid:84184663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f0eaba65-3f01-4121-8607-5003637d9835_f175ae64.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321564/; classtype:trojan-activity;sid:84184664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/301-4.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321565/; classtype:trojan-activity;sid:84184665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/btn-sat-1-300-lh-1.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321566/; classtype:trojan-activity;sid:84184666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-6.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321567/; classtype:trojan-activity;sid:84184667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/didem-ersoy-09.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321568/; classtype:trojan-activity;sid:84184668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logos-06.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321569/; classtype:trojan-activity;sid:84184669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/baby-yoda-coloring-sheet-8.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321556/; classtype:trojan-activity;sid:84184656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5_zips-single-port-alarm-unit-merchandising-guide.pdf.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321557/; classtype:trojan-activity;sid:84184657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_kelly_caleche_edp_100ml_1558581050_98606654_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321558/; classtype:trojan-activity;sid:84184658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60121_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321559/; classtype:trojan-activity;sid:84184659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56221_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321560/; classtype:trojan-activity;sid:84184660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bco-rza.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321554/; classtype:trojan-activity;sid:84184654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/consulte-la-matriz-normativa-de-la-terminal-de-transporte-s.a.-en-pdf-2023-1.pdf.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321555/; classtype:trojan-activity;sid:84184655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/programa-primera-jornada-iii-torneo-de-debates-explora-rm-norte.pdf.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321551/; classtype:trojan-activity;sid:84184651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/419a4375.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321552/; classtype:trojan-activity;sid:84184652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/85872_800.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321553/; classtype:trojan-activity;sid:84184653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/33-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321546/; classtype:trojan-activity;sid:84184646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reign-mask-user-instructions.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321547/; classtype:trojan-activity;sid:84184647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/640-1.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321548/; classtype:trojan-activity;sid:84184648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/flow-tshirt-002-640x800.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321549/; classtype:trojan-activity;sid:84184649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron252525252525252525252525252520risk252525252525252525252525252520assessment252525252525252525252525252520report25252525252525252525252525252020242525252525252525252525252525201.6.3.pdf.lnk"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321550/; classtype:trojan-activity;sid:84184650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321545)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eur-lex-31993r0793-en.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321545/; classtype:trojan-activity;sid:84184645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321538)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-2021-09-27-18-29-54.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321538/; classtype:trojan-activity;sid:84184638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requirements-.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321539/; classtype:trojan-activity;sid:84184639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/daylux-premix-cp2-25ap-kullanim-kilavuzu.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321540/; classtype:trojan-activity;sid:84184640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img3.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321541/; classtype:trojan-activity;sid:84184641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modelo-competencias.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321542/; classtype:trojan-activity;sid:84184642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/line_album_1-bed-plus-bp1-34-sq.m_230119_7.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321543/; classtype:trojan-activity;sid:84184643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321544)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/davido_ft_yg_marley_-_awuke.mp3.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321544/; classtype:trojan-activity;sid:84184644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mailto25252525252525253acv252525252525252540aliphdeen.com.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321526/; classtype:trojan-activity;sid:84184626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/27-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321527/; classtype:trojan-activity;sid:84184627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4994-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321528/; classtype:trojan-activity;sid:84184628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-33.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321529/; classtype:trojan-activity;sid:84184629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321530)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fitness-4.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321530/; classtype:trojan-activity;sid:84184630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oficio_anamatra_fev2011.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321531/; classtype:trojan-activity;sid:84184631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321533)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59421_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321533/; classtype:trojan-activity;sid:84184633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_a776aaa735e02951a1c61c63a90d72e7.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321534/; classtype:trojan-activity;sid:84184634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/best-gas-station-pill-to-stay-hard.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321535/; classtype:trojan-activity;sid:84184635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321536)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsheet.exe.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321536/; classtype:trojan-activity;sid:84184636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321537)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cosmos-atom-logo.png.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321537/; classtype:trojan-activity;sid:84184637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/after-ink-3-10-web-1.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321522/; classtype:trojan-activity;sid:84184622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/49700_18.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321523/; classtype:trojan-activity;sid:84184623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-da-inserire-sul-sito-9.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321524/; classtype:trojan-activity;sid:84184624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321525)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.ed_new_faculty.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321525/; classtype:trojan-activity;sid:84184625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circular-final-ii-gpe-toledo-2019.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321520/; classtype:trojan-activity;sid:84184620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ace-of-mice-scaled.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321521/; classtype:trojan-activity;sid:84184621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321514)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boletin-de-mayo.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321514/; classtype:trojan-activity;sid:84184614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321515/; classtype:trojan-activity;sid:84184615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/120.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321516/; classtype:trojan-activity;sid:84184616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170531_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321517/; classtype:trojan-activity;sid:84184617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/igk-crybaby-smoothing-serum-rig-igk-lcb01-228x228-2.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321518/; classtype:trojan-activity;sid:84184618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pmdf-explosivo-aguas-claras-1-txbwft.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321519/; classtype:trojan-activity;sid:84184619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3_817e81cc-7801-40fe-b28c-a4a76411052c_540x.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321512/; classtype:trojan-activity;sid:84184612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambios-en-el-patrimonio-2021.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321513/; classtype:trojan-activity;sid:84184613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fue-anexo-a.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321508/; classtype:trojan-activity;sid:84184608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9602-2.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321509/; classtype:trojan-activity;sid:84184609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-audit-report-2024-2.7.4.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321510/; classtype:trojan-activity;sid:84184610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-4-150x150.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321511/; classtype:trojan-activity;sid:84184611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321503)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3447-4500-x-3000.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321503/; classtype:trojan-activity;sid:84184603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/14-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321504/; classtype:trojan-activity;sid:84184604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321505)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dame.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321505/; classtype:trojan-activity;sid:84184605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56918_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321506/; classtype:trojan-activity;sid:84184606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321507)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20230624-wa0010.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321507/; classtype:trojan-activity;sid:84184607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321499)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321499/; classtype:trojan-activity;sid:84184599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321500)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tv-55.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321500/; classtype:trojan-activity;sid:84184600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321501)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/p1u7whaatdm71.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321501/; classtype:trojan-activity;sid:84184601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321502)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-terdekat.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321502/; classtype:trojan-activity;sid:84184602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321485)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/166200-mejores-juegos-cocina-android-iphone-ipad.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321485/; classtype:trojan-activity;sid:84184585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321486)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/312198291816.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321486/; classtype:trojan-activity;sid:84184586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321487)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acta-2020_01_24-reunion-extraordinaria.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321487/; classtype:trojan-activity;sid:84184587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321488)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie22.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321488/; classtype:trojan-activity;sid:84184588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/yamamoto-nutrition-protesamine252525252525252525252525252525252525c2252525252525252525252525252525252525ae-mcu-20252525252525252525252525252525252525c2252525252525252525252525252525252525ae-100-compresse.jpeg.lnk"; http_uri; depth:223; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321489/; classtype:trojan-activity;sid:84184589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321490)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa-12-pousada-piedade-mata-atlantica-ronco-do-bugio.png.png.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321490/; classtype:trojan-activity;sid:84184590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321491)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nirf-details-2022-23.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321491/; classtype:trojan-activity;sid:84184591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321492)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59021_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321492/; classtype:trojan-activity;sid:84184592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321493)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sige-pag-web-15.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321493/; classtype:trojan-activity;sid:84184593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321494)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requireme.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321494/; classtype:trojan-activity;sid:84184594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321495)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58285_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321495/; classtype:trojan-activity;sid:84184595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321496)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs2024_exhibitor_sponsor_presentation_form_20240717.pdf.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321496/; classtype:trojan-activity;sid:84184596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321497)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_15.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321497/; classtype:trojan-activity;sid:84184597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321498)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/712259768173.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321498/; classtype:trojan-activity;sid:84184598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321482)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/02-4.jpeg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321482/; classtype:trojan-activity;sid:84184582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321483)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f9fdfbd9b9fc7a2ed562f8c5a3f498ab.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321483/; classtype:trojan-activity;sid:84184583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321484)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m.a-in-psychology-course-outcomes.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321484/; classtype:trojan-activity;sid:84184584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321477)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/d7153b76-8a48-84b8-b31d-7bab685eb391.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321477/; classtype:trojan-activity;sid:84184577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321478)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formulaire-autoproduction.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321478/; classtype:trojan-activity;sid:84184578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321479)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viaggio_antarctica-patagonia-argentina-classica_06-1.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321479/; classtype:trojan-activity;sid:84184579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321480)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp4766.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321480/; classtype:trojan-activity;sid:84184580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321481)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unknown-2.jpeg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321481/; classtype:trojan-activity;sid:84184581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321474)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/635_b.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321474/; classtype:trojan-activity;sid:84184574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321475)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp-staking-guide-20241.3.6.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321475/; classtype:trojan-activity;sid:84184575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321476)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nagata-drill_8_11zon.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321476/; classtype:trojan-activity;sid:84184576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321469)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-6-1-725x544-1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321469/; classtype:trojan-activity;sid:84184569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321470)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-07-15-at-10.25.04-am.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321470/; classtype:trojan-activity;sid:84184570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321471)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/44.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321471/; classtype:trojan-activity;sid:84184571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321472)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/humayta-alfredo-osorio-int-estar_jantar-r00resultado-1.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321472/; classtype:trojan-activity;sid:84184572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321473)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2312198291840.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321473/; classtype:trojan-activity;sid:84184573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321465)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/master-plan-vision-2026.docx.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321465/; classtype:trojan-activity;sid:84184565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321466)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc07315-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321466/; classtype:trojan-activity;sid:84184566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321467)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-integral-junio-2021.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321467/; classtype:trojan-activity;sid:84184567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321468)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primera-capa-03.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321468/; classtype:trojan-activity;sid:84184568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321457)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-eureka.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321457/; classtype:trojan-activity;sid:84184557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321458)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7533a1.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321458/; classtype:trojan-activity;sid:84184558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321459)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/inserir-um-titulo-15-kifh5e.jpeg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321459/; classtype:trojan-activity;sid:84184559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321460)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0907.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321460/; classtype:trojan-activity;sid:84184560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321461)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-19-1200x800.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321461/; classtype:trojan-activity;sid:84184561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321462)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/res-544-2024.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321462/; classtype:trojan-activity;sid:84184562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321463)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-14-at-21.09.17-2.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321463/; classtype:trojan-activity;sid:84184563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321464)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2712678087238.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321464/; classtype:trojan-activity;sid:84184564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321451)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo_2024-08-01_10-48-05-1030x728.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321451/; classtype:trojan-activity;sid:84184551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321452)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc06445.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321452/; classtype:trojan-activity;sid:84184552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321453)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-1-1069x800.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321453/; classtype:trojan-activity;sid:84184553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321454)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/196_a.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321454/; classtype:trojan-activity;sid:84184554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321455)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/byd-dolphin-mini_lateral_foto.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321455/; classtype:trojan-activity;sid:84184555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321456)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nanopto-header.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321456/; classtype:trojan-activity;sid:84184556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321446)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gallery-img-1.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321446/; classtype:trojan-activity;sid:84184546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321447)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_constance_to_go_black_w_1690171643_d0cfd341_progressive.jpg.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321447/; classtype:trojan-activity;sid:84184547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321448)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/designer_exposed_bracket_roller_shade_colors.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321448/; classtype:trojan-activity;sid:84184548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321449)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6732.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321449/; classtype:trojan-activity;sid:84184549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321450)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60121_13.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321450/; classtype:trojan-activity;sid:84184550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321445)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cp-unc-dd40l3-d.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321445/; classtype:trojan-activity;sid:84184545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321440)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-energy-saving-dne601.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321440/; classtype:trojan-activity;sid:84184540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321441)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6add5120-c7ea-31cb-814e-1958bf8d6420.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321441/; classtype:trojan-activity;sid:84184541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321442)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-4-1.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321442/; classtype:trojan-activity;sid:84184542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321443)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59450_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321443/; classtype:trojan-activity;sid:84184543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321444)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/esplanada-fechada-13-c8kwnr.jpeg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321444/; classtype:trojan-activity;sid:84184544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321436)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-sat-b100-bar-1.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321436/; classtype:trojan-activity;sid:84184536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321437)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pic-50-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321437/; classtype:trojan-activity;sid:84184537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321438)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17.-compactador-doble-rodillo-operador-a-pie-ft.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321438/; classtype:trojan-activity;sid:84184538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321439)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/google-1.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321439/; classtype:trojan-activity;sid:84184539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321430)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/321.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321430/; classtype:trojan-activity;sid:84184530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321432)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jht-j275-porcelain-oh.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321432/; classtype:trojan-activity;sid:84184532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321433)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/new8.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321433/; classtype:trojan-activity;sid:84184533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321434)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anti-ragging-rules.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321434/; classtype:trojan-activity;sid:84184534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321435)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9e808d10ad9b0112809030149550c8ee_2048x2048.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321435/; classtype:trojan-activity;sid:84184535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321420)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galleryimage5-1.png.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321420/; classtype:trojan-activity;sid:84184520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jasa-foto-prewedding-bandung-9-1200x800.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321421/; classtype:trojan-activity;sid:84184521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321422)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zero-gravity-2.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321422/; classtype:trojan-activity;sid:84184522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321423)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mapa_pl2.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321423/; classtype:trojan-activity;sid:84184523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321424)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-257.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321424/; classtype:trojan-activity;sid:84184524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321425)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1721027816rfp_for_hiring_of_agency_for_gender_audit_of_solar_policies.pdf.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321425/; classtype:trojan-activity;sid:84184525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321426)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57786_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321426/; classtype:trojan-activity;sid:84184526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321427)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-int-diciembre-2019.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321427/; classtype:trojan-activity;sid:84184527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321428)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fe-de-erratas-02.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321428/; classtype:trojan-activity;sid:84184528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321429)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-3-150x150.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321429/; classtype:trojan-activity;sid:84184529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321415)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boletin-junio-2015.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321415/; classtype:trojan-activity;sid:84184515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321416)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/events-for-edm-1.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321416/; classtype:trojan-activity;sid:84184516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321417)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/54456_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321417/; classtype:trojan-activity;sid:84184517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321418)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc06175.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321418/; classtype:trojan-activity;sid:84184518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321419)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot_20241119_185006_canva-811x1030.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321419/; classtype:trojan-activity;sid:84184519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321410)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ital-lent2020-ed-5-10-24-vol-173-en-esp-04-2-scaled.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321410/; classtype:trojan-activity;sid:84184510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321411)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kvkk-acik-riza.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321411/; classtype:trojan-activity;sid:84184511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321412)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1923_kellyhhsdepeche_34_plomb_l_1m-768x983.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321412/; classtype:trojan-activity;sid:84184512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321413)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_0864.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321413/; classtype:trojan-activity;sid:84184513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321414)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/salidavehipas2018.xlsx.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321414/; classtype:trojan-activity;sid:84184514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321408)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/130_ingegnium_201717-21_chimica_verde_per_oliveiri.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321408/; classtype:trojan-activity;sid:84184508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321409)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos-roadmap-2024-4-9-6.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321409/; classtype:trojan-activity;sid:84184509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321402)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/phan-mem-trinh-chieu-co-doc-v4-1-8.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321402/; classtype:trojan-activity;sid:84184502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321403)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/015_origin-soho-bkk_amphitheater-view_final-1.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321403/; classtype:trojan-activity;sid:84184503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321404)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/crcompta2019.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321404/; classtype:trojan-activity;sid:84184504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321405)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-73.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321405/; classtype:trojan-activity;sid:84184505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321406)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cua-nhom-xingfa-binh-duong-12.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321406/; classtype:trojan-activity;sid:84184506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321407)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6953-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321407/; classtype:trojan-activity;sid:84184507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321397)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-3.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321397/; classtype:trojan-activity;sid:84184497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321398)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-wonderspace-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321398/; classtype:trojan-activity;sid:84184498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321399)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/instructivo-1d1c-2017_rmso.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321399/; classtype:trojan-activity;sid:84184499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321400)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/03-modelo-10.01-papeletas-votacion-deportistas.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321400/; classtype:trojan-activity;sid:84184500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321401)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/71l7kaia8al._ac_uf894252c1000_ql80_.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321401/; classtype:trojan-activity;sid:84184501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321391)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321391/; classtype:trojan-activity;sid:84184491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321392)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pernambuco-malia-ext-fachada-e-r02resultado-1.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321392/; classtype:trojan-activity;sid:84184492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321393)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunnylight-project.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321393/; classtype:trojan-activity;sid:84184493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321394)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-3-derecho-de-preferencia2016.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321394/; classtype:trojan-activity;sid:84184494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321395)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7dbb81_420fd0223beb47f69c976772d54ad061.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321395/; classtype:trojan-activity;sid:84184495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321396)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20141010_123301-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321396/; classtype:trojan-activity;sid:84184496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321388)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/thumbnail.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321388/; classtype:trojan-activity;sid:84184488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321389)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hasil-pengujian-rectal-swab-2021.jpeg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321389/; classtype:trojan-activity;sid:84184489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321390)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/molde-2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321390/; classtype:trojan-activity;sid:84184490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731679194678871d8a9e451a372d1bf570236e428.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321383/; classtype:trojan-activity;sid:84184483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321384)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/336.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321384/; classtype:trojan-activity;sid:84184484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321385)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roller_100_wall_mount.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321385/; classtype:trojan-activity;sid:84184485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321386)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b.com_course_outcomes1.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321386/; classtype:trojan-activity;sid:84184486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321387)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carciogi-600x400.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321387/; classtype:trojan-activity;sid:84184487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321378)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20341-1-1.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321378/; classtype:trojan-activity;sid:84184478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321379)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar-smart-contract-tutorial-2024-2.7.0.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321379/; classtype:trojan-activity;sid:84184479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paris-france-lou-doillon-and-jane-birkin-arrive-for-the-yves-saint-laurent-ready-to-wear.jpg.lnk"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321380/; classtype:trojan-activity;sid:84184480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-marvel-onyx-5.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321381/; classtype:trojan-activity;sid:84184481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321382)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vr-9-rancho-el-pozo-zaragoza-coahuila-43.jpeg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321382/; classtype:trojan-activity;sid:84184482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321372)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/catalogo-esterilizador-de-plasma-1.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321372/; classtype:trojan-activity;sid:84184472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321373)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55979_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321373/; classtype:trojan-activity;sid:84184473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321374)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_0428.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321374/; classtype:trojan-activity;sid:84184474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321375)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-21-at-13.59.23.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321375/; classtype:trojan-activity;sid:84184475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321376)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-ii-olimpiada-de-ciencias.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321376/; classtype:trojan-activity;sid:84184476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321377)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gu2525252525252525252525252525252525252525c32525252525252525252525252525252525252525ada-exploradores-del-desierto-comprimido.pdf.lnk"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321377/; classtype:trojan-activity;sid:84184477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321367)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/236561-2_20hermes_20steve_20messenger_20bag_20clemence_2035_2d_0002_336x336.jpg.lnk"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321367/; classtype:trojan-activity;sid:84184467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321368)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-legal-contract-2024-1-8-6.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321368/; classtype:trojan-activity;sid:84184468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321369)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.5.5737.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321369/; classtype:trojan-activity;sid:84184469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321370)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bwk-sat-1-300-1.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321370/; classtype:trojan-activity;sid:84184470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321371)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01230-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321371/; classtype:trojan-activity;sid:84184471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321362)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultados-2011.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321362/; classtype:trojan-activity;sid:84184462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321363)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kizz_daniel_ft_adekunle_gold_-_pano_tona.mp3.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321363/; classtype:trojan-activity;sid:84184463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321364)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ_2231_formatcompeticionssala2022-20236422.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321364/; classtype:trojan-activity;sid:84184464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321365)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/triangular-roller-shade2.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321365/; classtype:trojan-activity;sid:84184465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321366)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/913004714878.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321366/; classtype:trojan-activity;sid:84184466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321359)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements-submissi.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:197; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321359/; classtype:trojan-activity;sid:84184459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321360)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bottom-basics-07.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321360/; classtype:trojan-activity;sid:84184460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321361)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sige-pag-web_torre-alacena-inf.-plus-2-sige.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321361/; classtype:trojan-activity;sid:84184461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321353)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_birkin_25_rose_shocking_matte_alligator_palladium_hardware_3_840x_12_master.jpg.lnk"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321353/; classtype:trojan-activity;sid:84184453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321354)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerywww.ardayazilim.comcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321354/; classtype:trojan-activity;sid:84184454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321355)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/en.pdf.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321355/; classtype:trojan-activity;sid:84184455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321356)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adag03.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321356/; classtype:trojan-activity;sid:84184456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321357)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-lego-2.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321357/; classtype:trojan-activity;sid:84184457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321358)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/regulamin-zawierania-umow-2.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321358/; classtype:trojan-activity;sid:84184458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321347)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/google-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321347/; classtype:trojan-activity;sid:84184447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321348)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ital-lent-2020-ed-5-10-24-vol-173-en-esp-04-3-scaled.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321348/; classtype:trojan-activity;sid:84184448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321349)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/regulamin252525252525252525252525252525252525252525252525252525252520wynajmu252525252525252525252525252525252525252525252525252525252520swietlicy.pdf.lnk"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321349/; classtype:trojan-activity;sid:84184449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321350)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10956.png.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321350/; classtype:trojan-activity;sid:84184450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321351)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-12-24-imagen-c.-piedras-negras-105-ote.-villa-de-fuente-2395000-14.jpg.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321351/; classtype:trojan-activity;sid:84184451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321352)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-thermae-7.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321352/; classtype:trojan-activity;sid:84184452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321342)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/snacks-nips.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321342/; classtype:trojan-activity;sid:84184442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321343)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20220326_133227-removebg-preview1.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321343/; classtype:trojan-activity;sid:84184443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321344)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fca-powertrain-warranty-order.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321344/; classtype:trojan-activity;sid:84184444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321345)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/billionaire-dubai-image-02.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321345/; classtype:trojan-activity;sid:84184445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321346)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/april-1990-calendar.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321346/; classtype:trojan-activity;sid:84184446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321336)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-tundra-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321336/; classtype:trojan-activity;sid:84184436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321337)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-tundra-16.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321337/; classtype:trojan-activity;sid:84184437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321338)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vanderbilt-university-logo-1024x876.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321338/; classtype:trojan-activity;sid:84184438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321339)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57852_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321339/; classtype:trojan-activity;sid:84184439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321340)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/principios_23-de-febrero.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321340/; classtype:trojan-activity;sid:84184440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321341)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/publications-vaccaro.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321341/; classtype:trojan-activity;sid:84184441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321333)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-travertin-10.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321333/; classtype:trojan-activity;sid:84184433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321334)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-terminal-de-trasnporte-febrero-2024.pdf.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321334/; classtype:trojan-activity;sid:84184434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321335)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lunch-menu-1920-nips.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321335/; classtype:trojan-activity;sid:84184435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321324)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/brochure2023_digital.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321324/; classtype:trojan-activity;sid:84184424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321325)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryp.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321325/; classtype:trojan-activity;sid:84184425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321326)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/herme2525cc252580s-mini-kelly-bag-yellow_streetstyle-800x1024.webp.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321326/; classtype:trojan-activity;sid:84184426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321327)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryplugin-development-requirements-subm.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321327/; classtype:trojan-activity;sid:84184427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321328)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nomina-de-estudiantes.xlsx.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321328/; classtype:trojan-activity;sid:84184428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321329)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/viaggio_antarctica-patagonia-argentina-classica_03.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321329/; classtype:trojan-activity;sid:84184429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321330)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-43-radicado-3158372024-nombre-peticionario-anonimo.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321330/; classtype:trojan-activity;sid:84184430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321331)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/640_a.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321331/; classtype:trojan-activity;sid:84184431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321332)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/64670194_1123584071159700_5958535376736878592_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321332/; classtype:trojan-activity;sid:84184432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sprawozdanie2014.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321322/; classtype:trojan-activity;sid:84184422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321323)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/118779642_3598257830218487_6752415666817330956_o.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321323/; classtype:trojan-activity;sid:84184423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321316)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nazrahotel04.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321316/; classtype:trojan-activity;sid:84184416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321317)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57319_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321317/; classtype:trojan-activity;sid:84184417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321318)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sc0ee8fb64bd04c84883251626fc1ccb8f.jpg_640x640q90.jpg_.webp.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321318/; classtype:trojan-activity;sid:84184418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321319)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3925-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321319/; classtype:trojan-activity;sid:84184419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321320)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eatpro-focaccina-da-55-gr.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321320/; classtype:trojan-activity;sid:84184420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321321)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7_ws2-exposed-cable-merchandising-guide-thai-translation.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321321/; classtype:trojan-activity;sid:84184421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321310)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01524-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321310/; classtype:trojan-activity;sid:84184410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321311)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/005.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321311/; classtype:trojan-activity;sid:84184411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321312)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estados-cambios-en-el-patrimonio-2017.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321312/; classtype:trojan-activity;sid:84184412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321313)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/v1-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321313/; classtype:trojan-activity;sid:84184413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321314)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321314/; classtype:trojan-activity;sid:84184414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321315)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5092.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321315/; classtype:trojan-activity;sid:84184415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321305)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-1620x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321305/; classtype:trojan-activity;sid:84184405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321306)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20-1.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321306/; classtype:trojan-activity;sid:84184406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321307)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ngdd-versus-optical-diode-table.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321307/; classtype:trojan-activity;sid:84184407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321308)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55876_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321308/; classtype:trojan-activity;sid:84184408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321309)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/26-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321309/; classtype:trojan-activity;sid:84184409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321296)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6357.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321296/; classtype:trojan-activity;sid:84184396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321297)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/view-ben-ngoai-3.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321297/; classtype:trojan-activity;sid:84184397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321298)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_0993.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321298/; classtype:trojan-activity;sid:84184398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321299)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/verandapera_07.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321299/; classtype:trojan-activity;sid:84184399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321300)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryp.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321300/; classtype:trojan-activity;sid:84184400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321301)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58897_22.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321301/; classtype:trojan-activity;sid:84184401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/daftar-nominatif-pantarlih-pemilu-tahun-2024-kecamatan-curug-bitung.pdf.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321302/; classtype:trojan-activity;sid:84184402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/boitier-porte.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321303/; classtype:trojan-activity;sid:84184403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultado-integral-septiembre-2021.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321304/; classtype:trojan-activity;sid:84184404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321293)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-no-008-2024-st-codisec-cayma.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321293/; classtype:trojan-activity;sid:84184393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321294)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/023.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321294/; classtype:trojan-activity;sid:84184394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321295)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ethereum-governance-proposal-2024-4-9-9.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321295/; classtype:trojan-activity;sid:84184395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321292)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m500303_0004053_p.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321292/; classtype:trojan-activity;sid:84184392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321283)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/psychology.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321283/; classtype:trojan-activity;sid:84184383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321284)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dossier2020rmsp.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321284/; classtype:trojan-activity;sid:84184384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321285)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solana-security-best-practices-20245.3.8.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321285/; classtype:trojan-activity;sid:84184385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321286)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-1620x1080.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321286/; classtype:trojan-activity;sid:84184386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321287)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/416f425c61e6f8e86b0dfb604ae82f5c.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321287/; classtype:trojan-activity;sid:84184387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321288)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ham-tom.png.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321288/; classtype:trojan-activity;sid:84184388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321289)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/linkiq-cable-test-no-remote.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321289/; classtype:trojan-activity;sid:84184389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321290)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16775449_33226197_600.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321290/; classtype:trojan-activity;sid:84184390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321291)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58078_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321291/; classtype:trojan-activity;sid:84184391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321281)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formulario_estudiantes_-_postulaci252525252525252525252525252525c3252525252525252525252525252525b3n_fpecyt_choapa_2018.docx.lnk"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321281/; classtype:trojan-activity;sid:84184381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321282)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysearchqueryplugin-development-requirements-submi.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:263; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321282/; classtype:trojan-activity;sid:84184382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321277)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3d-latvanyterv-atlas-concorde-marvel-gala-burkolattal-1.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321277/; classtype:trojan-activity;sid:84184377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321278)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-064.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321278/; classtype:trojan-activity;sid:84184378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321280)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paris-1st-1.jpeg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321280/; classtype:trojan-activity;sid:84184380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321268)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/banie2525252525252525252525252525252525cc252525252525252525252525252525252580re-48h-au-izards-1.jpg.lnk"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321268/; classtype:trojan-activity;sid:84184368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321269)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/disk396-00405.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321269/; classtype:trojan-activity;sid:84184369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321270)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/smartmeter2.png.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321270/; classtype:trojan-activity;sid:84184370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321271)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/file-sample_150kb.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321271/; classtype:trojan-activity;sid:84184371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321272)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fiche-technique-cloture-best-beton.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321272/; classtype:trojan-activity;sid:84184372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321273)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/documento-de-practicas-de-seguridad-de-bitcoin-20244.5.4.pdf.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321273/; classtype:trojan-activity;sid:84184373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321274)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/510xnjxtgvl._ac_sx466_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321274/; classtype:trojan-activity;sid:84184374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321275)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/266ee20e-da36-4df7-aa4f-25f581c7a8a7.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321275/; classtype:trojan-activity;sid:84184375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321276)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190119_151024.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321276/; classtype:trojan-activity;sid:84184376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321264)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/verandapera_16.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321264/; classtype:trojan-activity;sid:84184364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321265)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b085f16c-7871-fae8-4b5f-601e48d59693.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321265/; classtype:trojan-activity;sid:84184365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321266)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tron-ecosystem-report-2024-5-2-5.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321266/; classtype:trojan-activity;sid:84184366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321267)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultado-integral-dic-2018.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321267/; classtype:trojan-activity;sid:84184367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321257)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/princess-peach-color-page.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321257/; classtype:trojan-activity;sid:84184357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321258)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-concurso-explora-el-cine-en-tu-casa-2020.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321258/; classtype:trojan-activity;sid:84184358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321259)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kubota-svl-front-windshield-500.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321259/; classtype:trojan-activity;sid:84184359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321260)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/foto-da-inserire-sul-sito-6-1.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321260/; classtype:trojan-activity;sid:84184360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321261)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0657.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321261/; classtype:trojan-activity;sid:84184361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321262)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sluzbeni_list_21_2024-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321262/; classtype:trojan-activity;sid:84184362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321263)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ejecucion-presupuestal-junio-2021_0-1.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321263/; classtype:trojan-activity;sid:84184363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321252)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cuota-anual-club-2021-1.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321252/; classtype:trojan-activity;sid:84184352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321253)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc01874-1620x1080.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321253/; classtype:trojan-activity;sid:84184353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321254)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dscf1169.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321254/; classtype:trojan-activity;sid:84184354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321255)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urdher-per-miratimin-e-periudhes-se-aplikimeve-me-formularin-a1z-per-msh-2024-3.pdf.lnk"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321255/; classtype:trojan-activity;sid:84184355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321256)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/forced-convection-oven-energy-saving-dne650v.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321256/; classtype:trojan-activity;sid:84184356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321245)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msbk3206207_1.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321245/; classtype:trojan-activity;sid:84184345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321246)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zzz_4682-532x800.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321246/; classtype:trojan-activity;sid:84184346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321247)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60121_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321247/; classtype:trojan-activity;sid:84184347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321248)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/noopur-x-deep-1-1-scaled.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321248/; classtype:trojan-activity;sid:84184348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321249)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estadosfinancieros2009.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321249/; classtype:trojan-activity;sid:84184349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321250)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coordinadoras-y-coordinadores-red-territorial-explora.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321250/; classtype:trojan-activity;sid:84184350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321251)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5b396eea-endooikogeneiaki-via-u51.jpg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321251/; classtype:trojan-activity;sid:84184351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321243)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deska-sedesowa-z-funkcja-bidetu-majormaker-crystal-290a-3-1.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321243/; classtype:trojan-activity;sid:84184343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321244)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/top-load-washer-wa80cg4240bwnq-5.png.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321244/; classtype:trojan-activity;sid:84184344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321239)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/icosep-1024x456.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321239/; classtype:trojan-activity;sid:84184339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321240)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/konkani-learning-outcomes.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321240/; classtype:trojan-activity;sid:84184340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321241)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img20180908150937.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321241/; classtype:trojan-activity;sid:84184341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321242)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/131_wiley_vch_2017_book_sust_chem_flow_165-192.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321242/; classtype:trojan-activity;sid:84184342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321232)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mario-princess-peach-coloring-pages.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321232/; classtype:trojan-activity;sid:84184332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321233)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/loctite-lb-771-msds.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321233/; classtype:trojan-activity;sid:84184333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321234)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/personalized-gifts-banner-2-1024x352.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321234/; classtype:trojan-activity;sid:84184334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321235)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-04-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321235/; classtype:trojan-activity;sid:84184335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321236)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1585299032462.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321236/; classtype:trojan-activity;sid:84184336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321237)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321237/; classtype:trojan-activity;sid:84184337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321238)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m_63cc2692c9a228500c51d5d4.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321238/; classtype:trojan-activity;sid:84184338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321224)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9-1.jpeg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321224/; classtype:trojan-activity;sid:84184324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321225)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/info.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321225/; classtype:trojan-activity;sid:84184325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321226)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/monroe-nights-at-billionaire-mansion-dubai.png.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321226/; classtype:trojan-activity;sid:84184326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321227)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/optimus-prime-color-page.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321227/; classtype:trojan-activity;sid:84184327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321228)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0013.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321228/; classtype:trojan-activity;sid:84184328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321229)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-2-1-725x544-1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321229/; classtype:trojan-activity;sid:84184329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321230)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro-2018-v3.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321230/; classtype:trojan-activity;sid:84184330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321231)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j16-poweractive-specsheet.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321231/; classtype:trojan-activity;sid:84184331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321218)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucion-03-enero-9-de-2018-trd-1.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321218/; classtype:trojan-activity;sid:84184318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321219)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hardanger-villmark.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321219/; classtype:trojan-activity;sid:84184319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321220)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchquerysunglasses-gast-astro-as05-matte-gold-rectangular-shape-by-kambio-eyewear-front.pngcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:236; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321220/; classtype:trojan-activity;sid:84184320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321221)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-28-scaled.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321221/; classtype:trojan-activity;sid:84184321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321222)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/executive-summary-survey-ppsyt-2016.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321222/; classtype:trojan-activity;sid:84184322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321223)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-345-gallery-4.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321223/; classtype:trojan-activity;sid:84184323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321213)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfc-1st-aoi-23feb1966-full.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321213/; classtype:trojan-activity;sid:84184313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321214)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cambios-en-el-patrimonio-2013.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321214/; classtype:trojan-activity;sid:84184314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321215)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cake-and-pastries-online-shopping-1.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321215/; classtype:trojan-activity;sid:84184315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321216)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/seleccionadosiie2021.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321216/; classtype:trojan-activity;sid:84184316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321217)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/celex-31993l0067-ro-txt.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321217/; classtype:trojan-activity;sid:84184317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321208)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/primary-section-annual-function-9.jpeg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321208/; classtype:trojan-activity;sid:84184308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321209)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/woman-field.jpeg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321209/; classtype:trojan-activity;sid:84184309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321210)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases_concurso_2022_cuentos_con_ciencia.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321210/; classtype:trojan-activity;sid:84184310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321211)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_20.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321211/; classtype:trojan-activity;sid:84184311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321212)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56221_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321212/; classtype:trojan-activity;sid:84184312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321203)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jsp-authorization-letter.png.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321203/; classtype:trojan-activity;sid:84184303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321204)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politica-de-transito-vehicular-2019-2020.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321204/; classtype:trojan-activity;sid:84184304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321205)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170530_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321205/; classtype:trojan-activity;sid:84184305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321206)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/81dezefnql._ac_sl1500_.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321206/; classtype:trojan-activity;sid:84184306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321207)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4510-2-scaled.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321207/; classtype:trojan-activity;sid:84184307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-25-at-10.33.01_d8cc84ee-1024x768.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321198/; classtype:trojan-activity;sid:84184298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321199)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-trading-strategy-2024-v3.8.5.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321199/; classtype:trojan-activity;sid:84184299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321200)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lounacerame-gallerie27.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321200/; classtype:trojan-activity;sid:84184300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321201)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-klampok-brebes.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321201/; classtype:trojan-activity;sid:84184301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321202)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/an252525c3252525a1lise-de-mercado-eos-20244.9.4.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321202/; classtype:trojan-activity;sid:84184302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321192)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17315982832788de646dcd27870f42705d307cb3ac.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321192/; classtype:trojan-activity;sid:84184292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321193)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-sheer-11.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321193/; classtype:trojan-activity;sid:84184293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321194)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mailto252525252525253acv2525252525252540aliphdeen.com.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321194/; classtype:trojan-activity;sid:84184294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321195)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/backdrop-chia-tay-4.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321195/; classtype:trojan-activity;sid:84184295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321196)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/suprh.com.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321196/; classtype:trojan-activity;sid:84184296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321197)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-arveja-quantum.pdf.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321197/; classtype:trojan-activity;sid:84184297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321187)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5c3e5-39-47.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321187/; classtype:trojan-activity;sid:84184287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321188)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/86dacc70-6108-4c97-812b-367424ace2e5.jpeg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321188/; classtype:trojan-activity;sid:84184288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321189)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/carmelex-executive-committee.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321189/; classtype:trojan-activity;sid:84184289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321190)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fachada-01.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321190/; classtype:trojan-activity;sid:84184290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321191)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kafcz3pxuze_e97b78-4k4763.jpeg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321191/; classtype:trojan-activity;sid:84184291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321183)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0073-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321183/; classtype:trojan-activity;sid:84184283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321184)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/101-tvd_p3_departament.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321184/; classtype:trojan-activity;sid:84184284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321185)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/31m5jtt9kll.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321185/; classtype:trojan-activity;sid:84184285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321179)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lec-2-408x544-2-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321179/; classtype:trojan-activity;sid:84184279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321180)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sandeep-x-ankita-5.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321180/; classtype:trojan-activity;sid:84184280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321181)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/47479_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321181/; classtype:trojan-activity;sid:84184281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321182)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/karen-souza-sesli-yemek-1.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321182/; classtype:trojan-activity;sid:84184282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321173)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ete09.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321173/; classtype:trojan-activity;sid:84184273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321174)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dovada-ilegalitatii.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321174/; classtype:trojan-activity;sid:84184274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321175)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/powercard-form.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321175/; classtype:trojan-activity;sid:84184275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321176)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/52337_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321176/; classtype:trojan-activity;sid:84184276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321177)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/standee-su-kien-7.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321177/; classtype:trojan-activity;sid:84184277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321178)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1513341156467.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321178/; classtype:trojan-activity;sid:84184278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321165)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6.png.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321165/; classtype:trojan-activity;sid:84184265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321166)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/full_b32c0859993a2fb2591cbdc1313c7889.jpg.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321166/; classtype:trojan-activity;sid:84184266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321167)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51ai3mokpel._sr60025252c315_piwhitestrip25252cbottomleft25252c025252c35_pistarratingthree25252cbottomleft25252c36025252c-6_sr60025252c315_sclzzzzzzz_fmpng_bg25525252c25525252c255.jpg.lnk"; http_uri; depth:197; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321167/; classtype:trojan-activity;sid:84184267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321168)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a-realistic-teenage-sitting-with-the-back-on-the-street-with-a-vodka-bottle-on-his-side-1-1024x585.jpg.lnk"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321168/; classtype:trojan-activity;sid:84184268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321169)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/booklist.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321169/; classtype:trojan-activity;sid:84184269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321170)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majotech-label-invisible-performance-03.png.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321170/; classtype:trojan-activity;sid:84184270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321171)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fcrm-2022-boletin-inscripcion-campeonato-regional-de-palomos-de-raza.pdf.lnk"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321171/; classtype:trojan-activity;sid:84184271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321172)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/edessa231.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321172/; classtype:trojan-activity;sid:84184272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321161)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sig-p-320-7.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321161/; classtype:trojan-activity;sid:84184261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321162)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acpu_petrobras.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321162/; classtype:trojan-activity;sid:84184262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321163)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-04-at-12.51.48.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321163/; classtype:trojan-activity;sid:84184263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321164)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cms27429-873x432.jpg1_.webp.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321164/; classtype:trojan-activity;sid:84184264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321150)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-399.png.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321150/; classtype:trojan-activity;sid:84184250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321151)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a0009661-1024x768.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321151/; classtype:trojan-activity;sid:84184251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321152)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/om-263-establecer-el-horario-para-la-ejecucion-de-obras-de-edificacion-u-obras-conexas-en-via-publica-trato-la-propuesta-de-ordenanza-municiapl-mdc.pdf.lnk"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321152/; classtype:trojan-activity;sid:84184252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321153)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anteprojeto_projeto-de-lei-complementar_criacao-do-conselho-de-etica-e-transparencia.pdf.lnk"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321153/; classtype:trojan-activity;sid:84184253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321154)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60019_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321154/; classtype:trojan-activity;sid:84184254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321155)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_17.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321155/; classtype:trojan-activity;sid:84184255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321156)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-scaled.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321156/; classtype:trojan-activity;sid:84184256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321157)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-req.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321157/; classtype:trojan-activity;sid:84184257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321158)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap-trading-strategy-20244.5.7.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321158/; classtype:trojan-activity;sid:84184258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321159)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/calificati_franceza_2023_v3.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321159/; classtype:trojan-activity;sid:84184259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321160)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/be_2b_780.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321160/; classtype:trojan-activity;sid:84184260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321148)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplug.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321148/; classtype:trojan-activity;sid:84184248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321149)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-21-at-14.46.58-xbt6kk.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321149/; classtype:trojan-activity;sid:84184249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321145)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plataforma-estrategica-ttsa-2023-1.pdf.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321145/; classtype:trojan-activity;sid:84184245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321146)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deska-sedesowa-z-funkcja-bidetu-majormaker-crystal-290a-1.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321146/; classtype:trojan-activity;sid:84184246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321147)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chupachupssparklingmeloncream.jpeg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321147/; classtype:trojan-activity;sid:84184247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321144)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sige-pag-web_columna-extraible-600-inf.-plus-2-sige.jpg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321144/; classtype:trojan-activity;sid:84184244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321139)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-wonderspace-3-1.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321139/; classtype:trojan-activity;sid:84184239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321140)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mof.pdf.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321140/; classtype:trojan-activity;sid:84184240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321141)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/437528251_840484198122553_5857203353821777158_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321141/; classtype:trojan-activity;sid:84184241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321142)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-herbag-backpack-backpack-in-beige-canvas-and-natural-leather.jpg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321142/; classtype:trojan-activity;sid:84184242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321143)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-pipe-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321143/; classtype:trojan-activity;sid:84184243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321132)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/urb-sat-b330.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321132/; classtype:trojan-activity;sid:84184232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321133)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shambor.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321133/; classtype:trojan-activity;sid:84184233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321134)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731598337631f9b851395121059f2afc2e09fdd7a.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321134/; classtype:trojan-activity;sid:84184234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321135)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/interior9.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321135/; classtype:trojan-activity;sid:84184235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321136)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solicitud-retiro-p.-de-acuerdo-armonizacion.pdf.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321136/; classtype:trojan-activity;sid:84184236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321137)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bankaccount.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321137/; classtype:trojan-activity;sid:84184237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321138)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zadig-voltaire-this-is-us-eau-de-toilette-50ml-spray.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321138/; classtype:trojan-activity;sid:84184238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321124)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/landscapes-5.jpeg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321124/; classtype:trojan-activity;sid:84184224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321125)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resolucion-43-2023-manual-operativo-1.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321125/; classtype:trojan-activity;sid:84184225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321126)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gyuerpmxeaaofnn-1024x683.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321126/; classtype:trojan-activity;sid:84184226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321127)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/oreskonveksiseragamcom-konveksi-seragam-konveksi-jaket1.jpg.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321127/; classtype:trojan-activity;sid:84184227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321128)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/joshua-sorkar-interschool-chess-tournamnet-.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321128/; classtype:trojan-activity;sid:84184228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321129)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/formulario-persona-juridica-libertador.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321129/; classtype:trojan-activity;sid:84184229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321130)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bristol-spekkast-met-manden-100-cm-4-scaled.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321130/; classtype:trojan-activity;sid:84184230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321131)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/typ6-c1.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321131/; classtype:trojan-activity;sid:84184231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321121)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/conferencia-5.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321121/; classtype:trojan-activity;sid:84184221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321122)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/telecom.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321122/; classtype:trojan-activity;sid:84184222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321123)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galala-cream-3.jpeg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321123/; classtype:trojan-activity;sid:84184223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321115)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sorteo-dianas-2-np-xii-j.c.-mallorqui-2-tirada-lliga-catala1.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321115/; classtype:trojan-activity;sid:84184215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321116)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/modern-pool-house-gallery-img-02.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321116/; classtype:trojan-activity;sid:84184216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321117)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-777-2023-aprobar-el-plan-anual-de-trabajo-archivistico-2024-de-la-municipalidad-distrital-de-cayma.pdf.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321117/; classtype:trojan-activity;sid:84184217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321118)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5426_8864_k87-pocket-s-s-t-shirt-oiled-walnut-heather_1280x1280-ed.jpg.lnk"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321118/; classtype:trojan-activity;sid:84184218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321119)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/am-046-autorizar-la-presentacion-de-la-propuesta-de-plan-especifico-patrimonio-agricola-para-el-pueblo-tradicional-de-carmen-alto.pdf.lnk"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321119/; classtype:trojan-activity;sid:84184219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321120)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/precision-03.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321120/; classtype:trojan-activity;sid:84184220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321107)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0101-scaled.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321107/; classtype:trojan-activity;sid:84184207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321108)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preeti-x-anupam-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321108/; classtype:trojan-activity;sid:84184208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321109)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59138_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321109/; classtype:trojan-activity;sid:84184209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321110)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_7.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321110/; classtype:trojan-activity;sid:84184210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321111)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos_wallet_setup_guide_2024_1.2.4.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321111/; classtype:trojan-activity;sid:84184211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321112)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/quychehoatdongbks2021a.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321112/; classtype:trojan-activity;sid:84184212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321113)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4ba7ca37d2d12a278677f51f05a9eb58a014d937_1598458099-1.jpg.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321113/; classtype:trojan-activity;sid:84184213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321114)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/jacuzzi-hot-tubs-j-355-porcelain-oh.jpeg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321114/; classtype:trojan-activity;sid:84184214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321104)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/logo.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321104/; classtype:trojan-activity;sid:84184204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321105)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/303-tvd_p3_-depto-bienes-cartera.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321105/; classtype:trojan-activity;sid:84184205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321106)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/57199_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321106/; classtype:trojan-activity;sid:84184206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321102)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cardano-tokenomics-report-2024-4-9-5.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321102/; classtype:trojan-activity;sid:84184202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321103)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321103/; classtype:trojan-activity;sid:84184203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321096)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/02laboratorios-sophia-1.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321096/; classtype:trojan-activity;sid:84184196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321097)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321097/; classtype:trojan-activity;sid:84184197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321098)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/clinical-studies-polyfenols-january-29th-2019.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321098/; classtype:trojan-activity;sid:84184198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321099)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bolet252525252525252525252525252525c3252525252525252525252525252525adn-par-explora-rmsp-marzo-mayo-2024.pdf.lnk"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321099/; classtype:trojan-activity;sid:84184199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321100)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/597_modificacion-no-2-presupuesto-2021-1.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321100/; classtype:trojan-activity;sid:84184200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321101)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/presupuesto-modificacion-no-1-aprobado-2022-ttb-en-formato-pdf.pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321101/; classtype:trojan-activity;sid:84184201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321089)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mild-shampoo.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321089/; classtype:trojan-activity;sid:84184189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321090)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20171020_acta_extraordinaria.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321090/; classtype:trojan-activity;sid:84184190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321091)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9728-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321091/; classtype:trojan-activity;sid:84184191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321092)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-tip-solicitari-diverse-compartiment-patrimoniu-si-asociatii-de-proprietari.docx.lnk"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321092/; classtype:trojan-activity;sid:84184192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321093)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_9.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321093/; classtype:trojan-activity;sid:84184193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321094)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preeti-x-anupam-4.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321094/; classtype:trojan-activity;sid:84184194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321095)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/170311_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321095/; classtype:trojan-activity;sid:84184195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321081)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1729785997e8753dd9304d7dc31c0a95a69eefcd21.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321081/; classtype:trojan-activity;sid:84184181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321082)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-02-19-at-20.21.33-2.jpeg.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321082/; classtype:trojan-activity;sid:84184182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321083)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321083/; classtype:trojan-activity;sid:84184183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321084)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscina-elite-1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321084/; classtype:trojan-activity;sid:84184184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321085)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/san-remo-bankstel-2-en-2.5-zits-12.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321085/; classtype:trojan-activity;sid:84184185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321086)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-tip-compartiment-urbanism-solicitari-diverse.docx.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321086/; classtype:trojan-activity;sid:84184186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321087)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apto-prohetado-venda-vila-real_apto-8.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321087/; classtype:trojan-activity;sid:84184187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321088)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vechain-nft-guide-2024-4.9.8.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321088/; classtype:trojan-activity;sid:84184188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321080)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/verdy-for-stairs.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321080/; classtype:trojan-activity;sid:84184180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321074)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/srvbca-new-logo_noborder-e1527186214810.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321074/; classtype:trojan-activity;sid:84184174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321075)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/23cc-13.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321075/; classtype:trojan-activity;sid:84184175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321076)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/olive-oil.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321076/; classtype:trojan-activity;sid:84184176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321077)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-oxford15-rossignol-rsgl-top-camisa-hombre-blanca-4.jpg.lnk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321077/; classtype:trojan-activity;sid:84184177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321078)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-lechuga-cartagonova.pdf.lnk"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321078/; classtype:trojan-activity;sid:84184178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321079)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/466324027_440556918775787_2468882734019610696_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321079/; classtype:trojan-activity;sid:84184179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321067)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/joss_stone_252525252525252525252525252525252525252525252525252540_salumeria_della_musica_08.jpg.lnk"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321067/; classtype:trojan-activity;sid:84184167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321068)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deska-sedesowa-z-funkcja-bidetu-majormaker-crystal-290a-1-1.jpg.lnk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321068/; classtype:trojan-activity;sid:84184168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321069)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ata-da-assembleia-01-out-2015-corrigida.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321069/; classtype:trojan-activity;sid:84184169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321070)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-herramientas-ficha-tecnica-tijera-corte-recto-ag-4930-ss.pdf.lnk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321070/; classtype:trojan-activity;sid:84184170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321071)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2023-11-21-at-10.48.23.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321071/; classtype:trojan-activity;sid:84184171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321072)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731597625a2804e57e36ac600c8f650bb17b51f60.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321072/; classtype:trojan-activity;sid:84184172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321073)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nidhi-x-mohit-01.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321073/; classtype:trojan-activity;sid:84184173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321064)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/310999386_609422587574772_7666149958146016690_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321064/; classtype:trojan-activity;sid:84184164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321065)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/balance-general-2013.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321065/; classtype:trojan-activity;sid:84184165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321066)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc02548.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321066/; classtype:trojan-activity;sid:84184166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321061)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4-4.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321061/; classtype:trojan-activity;sid:84184161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321062)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1-1-1024x613.png.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321062/; classtype:trojan-activity;sid:84184162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321063)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1731531392db537b2763dccfb389e7e14bfe409f4d.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321063/; classtype:trojan-activity;sid:84184163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321052)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/website-disclaimer-template.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321052/; classtype:trojan-activity;sid:84184152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321053)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/live-05-01_09-20h.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321053/; classtype:trojan-activity;sid:84184153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321054)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/slider3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321054/; classtype:trojan-activity;sid:84184154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/noc-from-state-education-office-pg_1-converted.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321055/; classtype:trojan-activity;sid:84184155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321056)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-marvel-onyx-8.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321056/; classtype:trojan-activity;sid:84184156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321057)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stairway-letter-for-aug-20151.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321057/; classtype:trojan-activity;sid:84184157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321058)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7418248895.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321058/; classtype:trojan-activity;sid:84184158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321059)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59463_5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321059/; classtype:trojan-activity;sid:84184159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321060)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-herbag-backpack-in-black-canvas-and-black-leather.jpg.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321060/; classtype:trojan-activity;sid:84184160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321041)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gyuerwyxoaaljlr-1024x575.jpeg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321041/; classtype:trojan-activity;sid:84184141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321042)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-page-princess-peach.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321042/; classtype:trojan-activity;sid:84184142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321043)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cne-2022-n2525252525252525252525252525252525c32525252525252525252525252525252525b3mina-representantes-regionales-original.docx.pdf.lnk"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321043/; classtype:trojan-activity;sid:84184143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321044)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2021-01-14-acta-reunion-suspension-competicion..pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321044/; classtype:trojan-activity;sid:84184144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321045)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rnc-21.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321045/; classtype:trojan-activity;sid:84184145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321046)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rumah-de-kost-4.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321046/; classtype:trojan-activity;sid:84184146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321047)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-marvel-onyx-2.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321047/; classtype:trojan-activity;sid:84184147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321048)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/06.jpeg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321048/; classtype:trojan-activity;sid:84184148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321049)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/racis-bibir_6_11zon.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321049/; classtype:trojan-activity;sid:84184149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321050)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/41j7o0l-95l_large.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321050/; classtype:trojan-activity;sid:84184150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321051)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/chainlink-api-documentation-2024-2.8.6.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321051/; classtype:trojan-activity;sid:84184151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321040)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/novabell-extra-2.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321040/; classtype:trojan-activity;sid:84184140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321036)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/95441498_10157667290623743_18396942656602112_n.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321036/; classtype:trojan-activity;sid:84184136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321037)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plugin-development-requireme.pdf.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321037/; classtype:trojan-activity;sid:84184137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321038)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/welcometoafrica.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321038/; classtype:trojan-activity;sid:84184138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321039)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aulas2.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321039/; classtype:trojan-activity;sid:84184139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321030)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1512259768184.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321030/; classtype:trojan-activity;sid:84184130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321031)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rajeet-r-sinha-pr-03-august.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321031/; classtype:trojan-activity;sid:84184131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321032)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55769_22.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321032/; classtype:trojan-activity;sid:84184132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321033)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/100-tvd_p1_gerencia-general.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321033/; classtype:trojan-activity;sid:84184133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321034)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mario-kart-printable-coloring-pages.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321034/; classtype:trojan-activity;sid:84184134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321035)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-l600.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321035/; classtype:trojan-activity;sid:84184135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321025)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reglamento-emision-y-colocacion-de-acciones-pdf-2017.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321025/; classtype:trojan-activity;sid:84184125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321026)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a01_771-189-hdr.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321026/; classtype:trojan-activity;sid:84184126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321027)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro-actividades-2014.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321027/; classtype:trojan-activity;sid:84184127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321028)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cca-outnva17-rossignol-rsgl-top-mujer-blanca-4.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321028/; classtype:trojan-activity;sid:84184128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321029)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cli_0600-1-scaled.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321029/; classtype:trojan-activity;sid:84184129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321021)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-c-230726-1-15_1024x1024.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321021/; classtype:trojan-activity;sid:84184121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321022)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/karta-katalogowa-bcs-dvr0401-0801-1601qea-ii.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321022/; classtype:trojan-activity;sid:84184122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321023)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5-5.jpg.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321023/; classtype:trojan-activity;sid:84184123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321024)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-036.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321024/; classtype:trojan-activity;sid:84184124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321017)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-5.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321017/; classtype:trojan-activity;sid:84184117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321018)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-17.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321018/; classtype:trojan-activity;sid:84184118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321019)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eminem.mp3.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321019/; classtype:trojan-activity;sid:84184119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321020)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-2-5.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321020/; classtype:trojan-activity;sid:84184120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321006)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/typ4-a24.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321006/; classtype:trojan-activity;sid:84184106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321007)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc03777.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321007/; classtype:trojan-activity;sid:84184107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321008)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56221_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321008/; classtype:trojan-activity;sid:84184108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321009)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nazrahotel05.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321009/; classtype:trojan-activity;sid:84184109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321010)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-productos-explora-2024-1.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321010/; classtype:trojan-activity;sid:84184110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321011)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2113341156478.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321011/; classtype:trojan-activity;sid:84184111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321012)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-jagorawi-km-18-450.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321012/; classtype:trojan-activity;sid:84184112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321013)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1721405421e60519ebef90cd4c496615ff577910e7.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321013/; classtype:trojan-activity;sid:84184113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321014)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/typ6-a13.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321014/; classtype:trojan-activity;sid:84184114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321015)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8.-ws2-integrated-charging-exposed-cable-zw1002-english.pdf.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321015/; classtype:trojan-activity;sid:84184115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321016)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ecc6148c-6533-4c1b-4bf3-46dfd625f75b.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321016/; classtype:trojan-activity;sid:84184116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321001)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59463_4.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321001/; classtype:trojan-activity;sid:84184101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321002)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot-blockchain-architecture-diagram-20244.2.2.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321002/; classtype:trojan-activity;sid:84184102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321003)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/persian-singers-6.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321003/; classtype:trojan-activity;sid:84184103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321004)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bannery_vizualni_identity_diamond3.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321004/; classtype:trojan-activity;sid:84184104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321005)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/passwords.txt.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321005/; classtype:trojan-activity;sid:84184105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320999)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e13dbca9d085e8b0564bec15df57b0fe.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320999/; classtype:trojan-activity;sid:84184099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3321000)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1411d_cp-unc-vh4k12zl5-vm.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3321000/; classtype:trojan-activity;sid:84184100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320994)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/55968_13.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320994/; classtype:trojan-activity;sid:84184094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320995)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/comingtotown.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320995/; classtype:trojan-activity;sid:84184095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320996)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/72048d2f-d64b-d228-8249-1423fe88d6f7.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320996/; classtype:trojan-activity;sid:84184096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320997)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/530-direccion-de-gestion-recursos-fisicos-y-negocios.pdf.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320997/; classtype:trojan-activity;sid:84184097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320998)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17314455247bc1a885bb2153c011ddf13a7ffec16a.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320998/; classtype:trojan-activity;sid:84184098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320987)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/anshoot-pdf2017.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320987/; classtype:trojan-activity;sid:84184087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320988)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/stellar_ecosystem_report_2024_3.2.9.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320988/; classtype:trojan-activity;sid:84184088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320989)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/justicia-3.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320989/; classtype:trojan-activity;sid:84184089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320990)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/encuesta-coquimbo-1-revdege10042017.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320990/; classtype:trojan-activity;sid:84184090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320991)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/atlas-concorde-marvel-gala-12.jpg.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320991/; classtype:trojan-activity;sid:84184091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320992)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/travesias_bases_final.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320992/; classtype:trojan-activity;sid:84184092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320993)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7078505_1729693706521.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320993/; classtype:trojan-activity;sid:84184093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320984)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-11-20-at-13.50.28-exxy8g.jpeg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320984/; classtype:trojan-activity;sid:84184084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320985)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/poweractive_lifestyle.jpg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320985/; classtype:trojan-activity;sid:84184085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320986)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12-2.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320986/; classtype:trojan-activity;sid:84184086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320983)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_fleece-katun.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320983/; classtype:trojan-activity;sid:84184083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320977)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/texto-unico-de-procedimientos-administrativos-tupa.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320977/; classtype:trojan-activity;sid:84184077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320978)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aakanksha-x-vivek-9-compressed-1-scaled.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320978/; classtype:trojan-activity;sid:84184078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320979)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/195-60-r16-c-tl-99-97t-6pr-wintide-1520.png.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320979/; classtype:trojan-activity;sid:84184079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320980)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hcl-nr.114-si-anexe-anulare-accesorii-og-107-din-2024.pdf.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320980/; classtype:trojan-activity;sid:84184080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320981)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4_ws2-w2000-apple-watch-flex-tray-sensors-merchandising-guide-vietnamese.pdf.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320981/; classtype:trojan-activity;sid:84184081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320982)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/printable-my-melody-coloring-pages.jpg.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320982/; classtype:trojan-activity;sid:84184082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320965)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5576-823x1024.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320965/; classtype:trojan-activity;sid:84184065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320966)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xuong-san-xuat-cua-nhom-xingfa-binh-duong.jpg.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320966/; classtype:trojan-activity;sid:84184066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320967)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informe-pqrs-terminal-de-transporte-julio-2024.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320967/; classtype:trojan-activity;sid:84184067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320968)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/free-online-levitra-sample-pack.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320968/; classtype:trojan-activity;sid:84184068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320969)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hnh037-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320969/; classtype:trojan-activity;sid:84184069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-recreational-sidewall-royal-blue-angle.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320970/; classtype:trojan-activity;sid:84184070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320971)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/979703820230615-1-v4s7x2.jpg.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320971/; classtype:trojan-activity;sid:84184071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320972)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/majormaker-porownanie-modeli-toalet-myjacych-majormaker-modele-laczone.pdf.lnk"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320972/; classtype:trojan-activity;sid:84184072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320973)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20241023_144050.png.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320973/; classtype:trojan-activity;sid:84184073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320974)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/42.jpg.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320974/; classtype:trojan-activity;sid:84184074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320975)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1724188464f564c40b923b863f6f4bb1d94a90626f.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320975/; classtype:trojan-activity;sid:84184075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320976)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-07-04-at-14.30.07.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320976/; classtype:trojan-activity;sid:84184076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320963)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/203-club-nautica-65.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320963/; classtype:trojan-activity;sid:84184063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320964)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-c-230626-1-02_1024x1024.jpg.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320964/; classtype:trojan-activity;sid:84184064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320961)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/libro2000.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320961/; classtype:trojan-activity;sid:84184061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320962)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20240229_150853-scaled.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320962/; classtype:trojan-activity;sid:84184062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320955)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eau-jeu-methodes-economie.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320955/; classtype:trojan-activity;sid:84184055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320956)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bl.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320956/; classtype:trojan-activity;sid:84184056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320957)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/valentine-img8-725x544.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320957/; classtype:trojan-activity;sid:84184057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320958)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/305876626_814398022900684_3118269872212197958_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320958/; classtype:trojan-activity;sid:84184058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320959)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-convocatoria-abierta-pipe-2023.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320959/; classtype:trojan-activity;sid:84184059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320960)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kdenlive-logo.png.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320960/; classtype:trojan-activity;sid:84184060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320946)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-gato-con-botas-logo-2-32x32.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320946/; classtype:trojan-activity;sid:84184046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320947)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/giyim.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320947/; classtype:trojan-activity;sid:84184047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320948)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/strategia-anuala-de-achizitie-publica-pe-anul-2024.pdf.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320948/; classtype:trojan-activity;sid:84184048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320949)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cenone-2024.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320949/; classtype:trojan-activity;sid:84184049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320950)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plants-vs-zombie-coloring-pages.jpg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320950/; classtype:trojan-activity;sid:84184050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320951)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ext-2.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320951/; classtype:trojan-activity;sid:84184051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320952)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/michelada.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320952/; classtype:trojan-activity;sid:84184052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320953)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_9835.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320953/; classtype:trojan-activity;sid:84184053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320954)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/22gb-water-shot-2.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320954/; classtype:trojan-activity;sid:84184054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320943)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/funil-com-tela-para-tratores-1-1.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320943/; classtype:trojan-activity;sid:84184043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320944)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spanish-cay-51.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320944/; classtype:trojan-activity;sid:84184044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320945)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ba-hons-4yr.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320945/; classtype:trojan-activity;sid:84184045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320942)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3077a.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320942/; classtype:trojan-activity;sid:84184042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320934)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-situacion-financiera-sept-2019.pdf.lnk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320934/; classtype:trojan-activity;sid:84184034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320935)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/728-publicacion-de-resultados-728-ok-2.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320935/; classtype:trojan-activity;sid:84184035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320936)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bricket-2.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320936/; classtype:trojan-activity;sid:84184036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320937)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/asset-1-1.png.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320937/; classtype:trojan-activity;sid:84184037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320938)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/enkapsulasi-ekstrak-daun-serai-dapur-dengan-kitosan-sebagai-alternatif-dalam-perawatan-luka-dan-potensinya-sebagai-antikanker.jpg.lnk"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320938/; classtype:trojan-activity;sid:84184038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320939)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ttsa-informe-de-empalme-1-diagnostico.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320939/; classtype:trojan-activity;sid:84184039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320940)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/co_depart_of_psych_22_23.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320940/; classtype:trojan-activity;sid:84184040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320941)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unknown-9.jpeg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320941/; classtype:trojan-activity;sid:84184041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320927)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j19_lifestyle_v2.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320927/; classtype:trojan-activity;sid:84184027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320928)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sherry-brookes-armada-avenue.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320928/; classtype:trojan-activity;sid:84184028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320929)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/piscina-10-elite.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320929/; classtype:trojan-activity;sid:84184029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320930)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-buy-an-hermes-bag-285810-1704685732644-main.700x0c.jpg.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320930/; classtype:trojan-activity;sid:84184030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320931)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_6158-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320931/; classtype:trojan-activity;sid:84184031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320932)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/67672796_1152694148248692_5659746162790367232_o.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320932/; classtype:trojan-activity;sid:84184032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320933)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/46-725x544-1.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320933/; classtype:trojan-activity;sid:84184033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320924)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vertical3fullrunning.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320924/; classtype:trojan-activity;sid:84184024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320925)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58998_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320925/; classtype:trojan-activity;sid:84184025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320926)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tmk-tirto-pekalongan.jpg.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320926/; classtype:trojan-activity;sid:84184026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320920)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/legalitas9.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320920/; classtype:trojan-activity;sid:84184020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320921)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/iqac_19th_july_2018.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320921/; classtype:trojan-activity;sid:84184021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320922)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adag04.png.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320922/; classtype:trojan-activity;sid:84184022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320923)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0480-e1732142660453-3agu0o.jpeg.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320923/; classtype:trojan-activity;sid:84184023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320914)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/system_guide.en_ver2nd.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320914/; classtype:trojan-activity;sid:84184014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320915)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dji_0033-2.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320915/; classtype:trojan-activity;sid:84184015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320916)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bci06.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320916/; classtype:trojan-activity;sid:84184016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320917)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imgp0478.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320917/; classtype:trojan-activity;sid:84184017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320918)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-mining-setup-guide-2024-4.4.3.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320918/; classtype:trojan-activity;sid:84184018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320919)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin-governance-proposal-20241.1.8.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320919/; classtype:trojan-activity;sid:84184019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320909)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-1245235162.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320909/; classtype:trojan-activity;sid:84184009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320910)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zafer-gazetesi.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320910/; classtype:trojan-activity;sid:84184010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320911)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/children.png.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320911/; classtype:trojan-activity;sid:84184011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320912)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aviso-no.-64-de-2024.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320912/; classtype:trojan-activity;sid:84184012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320913)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59138_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320913/; classtype:trojan-activity;sid:84184013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320906)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/421474991_902340828561365_758402894944487617_n-min.jpg.lnk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320906/; classtype:trojan-activity;sid:84184006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320907)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20221015_083312.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320907/; classtype:trojan-activity;sid:84184007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320908)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_8n_var.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320908/; classtype:trojan-activity;sid:84184008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320902)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/estado-de-resultado-integral-marzo-2019.pdf.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320902/; classtype:trojan-activity;sid:84184002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320903)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/118732058_3598257820218488_7878762588414938281_o.jpg.lnk"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320903/; classtype:trojan-activity;sid:84184003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320904)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2022-09-03-at-13.00.37.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320904/; classtype:trojan-activity;sid:84184004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320905)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gebze-yetkili-servis-luxell.jpg.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320905/; classtype:trojan-activity;sid:84184005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320898)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58994_3.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320898/; classtype:trojan-activity;sid:84183998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320899)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-neutra-17.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320899/; classtype:trojan-activity;sid:84183999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320901)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2525252525252525255bdocumentnameandversion2525252525252525255d.pdf.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320901/; classtype:trojan-activity;sid:84184001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sickle-cell-scholarship-application-2024-2.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320890/; classtype:trojan-activity;sid:84183990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320891)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5843__6411.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320891/; classtype:trojan-activity;sid:84183991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320892)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1562346733_04.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320892/; classtype:trojan-activity;sid:84183992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320893)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/satinalin4.png.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320893/; classtype:trojan-activity;sid:84183993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320894)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kate-middleton-camel-outfit-lancashire-1.jpg.webp.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320894/; classtype:trojan-activity;sid:84183994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320895)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juz-18.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320895/; classtype:trojan-activity;sid:84183995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320896)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2019_easo_coi_report_methodology.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320896/; classtype:trojan-activity;sid:84183996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320897)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ccv-cortaviento-calvin-rossignol-rsgl-tercera-capa-azul-hombre-5.jpg.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320897/; classtype:trojan-activity;sid:84183997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320886)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/167646649679eb7b9d5db43db4d390cc0e6e7cf38e.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320886/; classtype:trojan-activity;sid:84183986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320887)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/160083_transfer.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320887/; classtype:trojan-activity;sid:84183987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320888)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mg_6165.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320888/; classtype:trojan-activity;sid:84183988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320889)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/juego-de-cocinar-pasteles-divertidos.jpg.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320889/; classtype:trojan-activity;sid:84183989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320877)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cpk-jansen-rossignol-rsgl-tercera-capa-mujer-negro-5.jpg.lnk"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320877/; classtype:trojan-activity;sid:84183977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320878)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/preview-replacement-top-endeavor-10-punch-red.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320878/; classtype:trojan-activity;sid:84183978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320879)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1_ws2-apple-watch-tray-sensors-zw1051-52-install-guide-vietnamese.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320879/; classtype:trojan-activity;sid:84183979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320880)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sem-t2525252525252525252525252525252525252525252525252525c32525252525252525252525252525252525252525252525252525adtulo-1-5.jpg.lnk"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320880/; classtype:trojan-activity;sid:84183980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320881)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/diving-e-immersioni-1024x686.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320881/; classtype:trojan-activity;sid:84183981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320882)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10.-protocolo-situaciones-relacionadas-hechos-de-agresion-o-connotacion-sexual.pdf.lnk"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320882/; classtype:trojan-activity;sid:84183982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320883)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/layout-tricon-with-name.jpg.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320883/; classtype:trojan-activity;sid:84183983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320884)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desain-tanpa-judul-93-1.png.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320884/; classtype:trojan-activity;sid:84183984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320885)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/giant_1989771.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320885/; classtype:trojan-activity;sid:84183985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320873)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5150-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320873/; classtype:trojan-activity;sid:84183973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320874)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.10.10.2024-per-portalin-24-25.pdf.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320874/; classtype:trojan-activity;sid:84183974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320875)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/balance-general-31-de-diciembre-2015.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320875/; classtype:trojan-activity;sid:84183975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320876)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0389-2.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320876/; classtype:trojan-activity;sid:84183976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320867)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/109e_c_600x.jpeg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320867/; classtype:trojan-activity;sid:84183967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320868)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fb_img_1610216524392-1.jpg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320868/; classtype:trojan-activity;sid:84183968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320869)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/snapinsta.app_358552768_808937360871179_923873322666951698_n_1080-e1697828626861-zuvsck.jpeg.lnk"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320869/; classtype:trojan-activity;sid:84183969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320870)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sascrs2024_exhibitors_congress_factsheet_24055.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320870/; classtype:trojan-activity;sid:84183970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320871)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/litecoin2525252525252525252525252520audit2525252525252525252525252520report2525252525252525252525252520202425252525252525252525252525205.1.2.pdf.lnk"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320871/; classtype:trojan-activity;sid:84183971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320872)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2024-10-25-at-16.51.04_54935f0f.jpg.lnk"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320872/; classtype:trojan-activity;sid:84183972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320861)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rela-negros-negras-no-poder-judiciario-150921.pdf.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320861/; classtype:trojan-activity;sid:84183961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320862)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/polkadot_roadmap_2024_4.3.6.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320862/; classtype:trojan-activity;sid:84183962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320863)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-esparrago-uc-115.pdf.lnk"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320863/; classtype:trojan-activity;sid:84183963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320864)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20211007193927_248a4382-scaled.jpg.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320864/; classtype:trojan-activity;sid:84183964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320866)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/roza-7.jpg.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320866/; classtype:trojan-activity;sid:84183966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320858)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/precision-04.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320858/; classtype:trojan-activity;sid:84183958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320859)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/circ-1571-4a-tirada-lliga-sala-constant25252525252525252525252525252525252525252525252525252525252525c325252525252525252525252525252525252525252525252525252525252525ad-23320661.pdf.lnk"; http_uri; depth:195; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320859/; classtype:trojan-activity;sid:84183959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320860)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled-design-52.png.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320860/; classtype:trojan-activity;sid:84183960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320854)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/aa0c5c3a5227c1bc041a311c88e8a229.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320854/; classtype:trojan-activity;sid:84183954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320855)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/01_exterior_frontal-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320855/; classtype:trojan-activity;sid:84183955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320856)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-86-scaled.jpeg.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320856/; classtype:trojan-activity;sid:84183956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320857)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/c8a4cafe-5588-4a53-afd5-e8191aebd129_1.f5ad5ae24e5578903a2c2a30e9af238b.jpeg.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320857/; classtype:trojan-activity;sid:84183957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320850)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1676466495f059f32579229ec16d764792c7b8fc41.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320850/; classtype:trojan-activity;sid:84183950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320851)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/g.jpg.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320851/; classtype:trojan-activity;sid:84183951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320852)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/informacion-alergenos-manjares_07-1030x728.jpg.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320852/; classtype:trojan-activity;sid:84183952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320853)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitcoin-market-analysis-report-2024-5.6.1.pdf.lnk"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320853/; classtype:trojan-activity;sid:84183953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320839)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gb-top-veiw.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320839/; classtype:trojan-activity;sid:84183939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320840)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nopull-web-2.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320840/; classtype:trojan-activity;sid:84183940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320841)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/safeguarding-policy-and-procedures-including-the-prevention-of-radicalisation-and-extremism.pdf.lnk"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320841/; classtype:trojan-activity;sid:84183941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320842)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/6-po.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320842/; classtype:trojan-activity;sid:84183942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320843)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e6db1979-6d74-7332-d991-c98412726287.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320843/; classtype:trojan-activity;sid:84183943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320844)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51357_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320844/; classtype:trojan-activity;sid:84183944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320845)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/publicatie-delimitare-sectii-votare-alegeri-locale-2024.docx.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320845/; classtype:trojan-activity;sid:84183945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320846)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-lightning-mcqueen.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320846/; classtype:trojan-activity;sid:84183946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320847)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/huffy-6v-chevy-silverado-truck-ride-on-toy-quad-para-nios-rojo--.jpeg.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320847/; classtype:trojan-activity;sid:84183947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320848)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mfin_annual-report_2023_r.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320848/; classtype:trojan-activity;sid:84183948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320849)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barrera-instalada-4-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320849/; classtype:trojan-activity;sid:84183949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320833)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uniswap-regulatory-compliance-guide-2024-438.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320833/; classtype:trojan-activity;sid:84183933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320834)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fap-roma-gold-1.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320834/; classtype:trojan-activity;sid:84183934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320835)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryplugin-development-requirements.pdfcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320835/; classtype:trojan-activity;sid:84183935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320836)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58017-768x1024.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320836/; classtype:trojan-activity;sid:84183936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320837)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pic-45-1.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320837/; classtype:trojan-activity;sid:84183937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320838)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pebd.png.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320838/; classtype:trojan-activity;sid:84183938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320824)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320824/; classtype:trojan-activity;sid:84183924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320825)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m_5815e5ae4e95a3a82a0007db.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320825/; classtype:trojan-activity;sid:84183925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320826)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/harrods-battersea-shoulder-tote-bag.jpg"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320826/; classtype:trojan-activity;sid:84183926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320827)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/deska-sedesowa-z-funkcja-bidetu-majormaker-crystal-290a-1.jpg"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320827/; classtype:trojan-activity;sid:84183927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320828)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/briefcase--103620825252010-front-1-300-0-1000-1000_g.jpg"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320828/; classtype:trojan-activity;sid:84183928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320829)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lot-3664_js274_1_shot-1.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320829/; classtype:trojan-activity;sid:84183929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320830)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bher00001_1.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320830/; classtype:trojan-activity;sid:84183930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320831)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-c-230922-1-01_1024x1024.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320831/; classtype:trojan-activity;sid:84183931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320832)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kellysizechart.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320832/; classtype:trojan-activity;sid:84183932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320815)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3246_a541dc3c44-231183723-10-original.jpg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320815/; classtype:trojan-activity;sid:84183915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320816)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/v_20840922_1699188493199_bg_processed.jpg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320816/; classtype:trojan-activity;sid:84183916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320817)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/41a6sx46utl._ac_uf894252c1000_ql80_.jpg"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320817/; classtype:trojan-activity;sid:84183917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m_606a78f96e2846c636f53582.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320818/; classtype:trojan-activity;sid:84183918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320819)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-evelyne-amazone-clemence-gold-16-mini-tpm-noir.jpg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320819/; classtype:trojan-activity;sid:84183919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8bf25f4989ab0fc61f7d37d6d5fcdd1c.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320820/; classtype:trojan-activity;sid:84183920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320821)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/122943-fv_800x800_crop_center.jpg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320821/; classtype:trojan-activity;sid:84183921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320822)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0207evelynbag-articlelarge.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320822/; classtype:trojan-activity;sid:84183922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320823)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-cityback-27-backpack-in-etoupe-swift-leather.jpg"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320823/; classtype:trojan-activity;sid:84183923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20221013171641_8048.jpg"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320792/; classtype:trojan-activity;sid:84183892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320793)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sss-2105015280831-1_e47aa675-c064-4996-a47b-d0fba7801b68.jpg"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320793/; classtype:trojan-activity;sid:84183893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320794)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_mini_evelyne_16_tpm_noir_clemence_palladium_hw_z-1__87710.1629012846.1280.1280__50677.1640496353.jpg"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320794/; classtype:trojan-activity;sid:84183894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320795)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-kelly-28-black-togo-gold-hardware_set_013-675x675.jpg"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320795/; classtype:trojan-activity;sid:84183895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320796)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lindy-mini-bag--079086cc37-worn-3-0-0-800-800_g.jpg"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320796/; classtype:trojan-activity;sid:84183896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320797)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-2.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320797/; classtype:trojan-activity;sid:84183897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320798)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320798/; classtype:trojan-activity;sid:84183898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320799)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8489_master-1024x683.jpg"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320799/; classtype:trojan-activity;sid:84183899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320800)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3246_aa46294696-231183723-1-original.jpg"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320800/; classtype:trojan-activity;sid:84183900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320801)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin-1440x1800.jpg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320801/; classtype:trojan-activity;sid:84183901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320802)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barbie-and-the-mermaid-tale-coloring-pages.jpg"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320802/; classtype:trojan-activity;sid:84183902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320803)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/luxury-women-hermes-used-handbags-p294779-002.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320803/; classtype:trojan-activity;sid:84183903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320804)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/maximus_21_side_black_800x.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320804/; classtype:trojan-activity;sid:84183904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320805)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/375x500.67667.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320805/; classtype:trojan-activity;sid:84183905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320806)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-evelyne-16-crossbody-bag-thalassa-clemence-64650_1.jpg"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320806/; classtype:trojan-activity;sid:84183906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320807)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-gold-togo-green-2.jpg"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320807/; classtype:trojan-activity;sid:84183907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320808)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20953791_51029116_600.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320808/; classtype:trojan-activity;sid:84183908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320809)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/magiceraser_231112_165734_800x.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320809/; classtype:trojan-activity;sid:84183909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320810)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a200afb2fed485ad4b5b9677e08c9083.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320810/; classtype:trojan-activity;sid:84183910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320811)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin-bag-prices-265459-1605866814660-square.700x0c.jpg"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320811/; classtype:trojan-activity;sid:84183911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320812)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_gift_packaging_boxes_and_paper_bags_3d_model_c4d_max_obj_fbx_ma_lwo_3ds_3dm_stl_3360373_o.jpg"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320812/; classtype:trojan-activity;sid:84183912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320813)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin_vs_kelly_bloghero.jpg"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320813/; classtype:trojan-activity;sid:84183913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320814)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/e1f3ef52b133b42e645902d6005a0f7c.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320814/; classtype:trojan-activity;sid:84183914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/barbie-mermaid-printable-coloring-pages.jpg"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320788/; classtype:trojan-activity;sid:84183888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320789)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lusbk1800609_1.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320789/; classtype:trojan-activity;sid:84183889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320790)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msbk3417310_3.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320790/; classtype:trojan-activity;sid:84183890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320791)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-fbslg-111522-1-fs-01_500x.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320791/; classtype:trojan-activity;sid:84183891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-constance-mini-bamboo-new-front_1024x1024.jpg"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320787/; classtype:trojan-activity;sid:84183887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/21669b6c-64bb-40cc-a743-638bb9f45f9f.jpg"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320786/; classtype:trojan-activity;sid:84183886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/091415-birkin-bag-lead-fc644be14e054a738370542ca41bc44f.jpg"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320785/; classtype:trojan-activity;sid:84183885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-once-upon-a-bag-doha-exhibition-new.jpg"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320781/; classtype:trojan-activity;sid:84183881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51anksgvghl.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320782/; classtype:trojan-activity;sid:84183882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-k-121522-3-02_500x.jpg"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320783/; classtype:trojan-activity;sid:84183883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rd4328255b0255d.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320784/; classtype:trojan-activity;sid:84183884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-buy-a-birkin-bag.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320761/; classtype:trojan-activity;sid:84183861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cb28f82b1d51424f9f224f160961b3d2.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320762/; classtype:trojan-activity;sid:84183862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-buy-an-hermes-bag-285810-1704685732644-main.700x0c.jpg"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320763/; classtype:trojan-activity;sid:84183863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1748_hermes_birkin_20fabourg_white-beton-orangeh-brume-craie_s_1f_s.jpg"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320764/; classtype:trojan-activity;sid:84183864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-c-110722-1-01_grande.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320765/; classtype:trojan-activity;sid:84183865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-2002-bag-20-gray.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320766/; classtype:trojan-activity;sid:84183866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4037709056.jpg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320767/; classtype:trojan-activity;sid:84183867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320768)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61m8dbyxupl._ac_uf894252c1000_ql80_.jpg"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320768/; classtype:trojan-activity;sid:84183868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m_582bb2d6291a35677201bc3d.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320769/; classtype:trojan-activity;sid:84183869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-in-the-loop-belt-bag.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320770/; classtype:trojan-activity;sid:84183870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2e5691b4bfc65a2bd5152b1d28d76cde.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320771/; classtype:trojan-activity;sid:84183871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/112525202525287252529.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320772/; classtype:trojan-activity;sid:84183872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320773)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-k-121522-2-01_500x.jpg"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320773/; classtype:trojan-activity;sid:84183873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320774/; classtype:trojan-activity;sid:84183874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/197455-19_20hermes_20victoria_20travel_20bag_20toile_2043_2d_0002_1024x1024.jpg"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320775/; classtype:trojan-activity;sid:84183875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/31snzmskz2l._ac_uf894252c1000_ql80_.jpg"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320776/; classtype:trojan-activity;sid:84183876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-fbslg-092221-3-5_1024x1024.jpg"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320777/; classtype:trojan-activity;sid:84183877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cf3.jpg"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320778/; classtype:trojan-activity;sid:84183878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_shopping_bag_1651413621_2e007f6e_progressive.jpg"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320779/; classtype:trojan-activity;sid:84183879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/26182768-1_1.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320780/; classtype:trojan-activity;sid:84183880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-picotine-lock-bag-2.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320748/; classtype:trojan-activity;sid:84183848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s2107600615301_01.jpg"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320749/; classtype:trojan-activity;sid:84183849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320750)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hp22cltr.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320750/; classtype:trojan-activity;sid:84183850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sss-2105015260819-1_7f2e163e-d5a7-4115-a4d3-bf6ca3e4a70e.jpg"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320751/; classtype:trojan-activity;sid:84183851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin_vs_kelly_blogsuppport_2.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320752/; classtype:trojan-activity;sid:84183852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/liny-mini-bag.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320753/; classtype:trojan-activity;sid:84183853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7623741_master.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320754/; classtype:trojan-activity;sid:84183854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320755)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/peek-of-red.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320755/; classtype:trojan-activity;sid:84183855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320756)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/social.5520.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320756/; classtype:trojan-activity;sid:84183856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/social.83963.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320757/; classtype:trojan-activity;sid:84183857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m1003_10531095_0.jpg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320758/; classtype:trojan-activity;sid:84183858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/_a2x0016.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320759/; classtype:trojan-activity;sid:84183859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/56640764-1_1000x1000.jpg"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320760/; classtype:trojan-activity;sid:84183860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-ouab_doha-exhibition_4_2525c22525a9xavier-ansart-1024x768.jpg"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320746/; classtype:trojan-activity;sid:84183846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3346131501823.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320747/; classtype:trojan-activity;sid:84183847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-evelyne-iii-29-7463821.jpg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320745/; classtype:trojan-activity;sid:84183845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wka54913_1_enlarged.jpg"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320743/; classtype:trojan-activity;sid:84183843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cf1b8323d5a269c4a32ae9aefb09c035.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320744/; classtype:trojan-activity;sid:84183844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s2101215825544_01.jpg"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320725/; classtype:trojan-activity;sid:84183825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320726)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_gift_packaging_boxes_and_paper_bags_3d_model_c4d_max_obj_fbx_ma_lwo_3ds_3dm_stl_3360373.jpg"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320726/; classtype:trojan-activity;sid:84183826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1459651712.jpg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320727/; classtype:trojan-activity;sid:84183827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ws7yhckyijuhvuytg2tnofpwy4227hzv3nhylyot.jpg"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320728/; classtype:trojan-activity;sid:84183828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-constance-bag-green-leather-3d-model-low-poly-max-obj-3ds-fbx-dae.jpg"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320729/; classtype:trojan-activity;sid:84183829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-a-good-bag-but-even-better-investment.jpg"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320730/; classtype:trojan-activity;sid:84183830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320731)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3762_hermes_picotin_22_rosetexas_m_1m.jpg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320731/; classtype:trojan-activity;sid:84183831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320732)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_8262-1200x900.jpg"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320732/; classtype:trojan-activity;sid:84183832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10073805_01.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320733/; classtype:trojan-activity;sid:84183833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/41zvcijhfos._ac_sy780_.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320734/; classtype:trojan-activity;sid:84183834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_3307-1-768x1024.jpg"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320735/; classtype:trojan-activity;sid:84183835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61uyxcxgzql._ac_uf894252c1000_ql80_.jpg"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320736/; classtype:trojan-activity;sid:84183836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kris-jenner-hermes-crocodile-birkin.jpg"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320737/; classtype:trojan-activity;sid:84183837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320738)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/untitled_artwork-11.jpg"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320738/; classtype:trojan-activity;sid:84183838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320739)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hq720.jpg"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320739/; classtype:trojan-activity;sid:84183839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320740)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-crocodile-oxer-bag-fall-winter-2014.jpg"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320740/; classtype:trojan-activity;sid:84183840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320741)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-874924862.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320741/; classtype:trojan-activity;sid:84183841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/constance-crossbody.jpg"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320742/; classtype:trojan-activity;sid:84183842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320709)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/orange-bag-charm--079065caaa-front-1-300-0-800-800_g.jpg"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320709/; classtype:trojan-activity;sid:84183809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320710)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msl3323810_1.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320710/; classtype:trojan-activity;sid:84183810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320711)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10b6d78d574f5aa5f914959298dabf77.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320711/; classtype:trojan-activity;sid:84183811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320712)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-grooming-bag-its-big-v0-q12roykd4l7b1.jpg"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320712/; classtype:trojan-activity;sid:84183812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320713)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gc_-__01.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320713/; classtype:trojan-activity;sid:84183813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-silk-shopping-bag-9.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320714/; classtype:trojan-activity;sid:84183814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fubpkrlxoaai7nf.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320715/; classtype:trojan-activity;sid:84183815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/side.jpg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320716/; classtype:trojan-activity;sid:84183816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320717)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ic0020099_230724102902055.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320717/; classtype:trojan-activity;sid:84183817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/perfume-hermes-kelly-caleche-eau-de-toilette-50-ml-spray.jpg"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320718/; classtype:trojan-activity;sid:84183818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/best-hermes-bags-luxe-digital.jpg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320719/; classtype:trojan-activity;sid:84183819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/different-hermes-kelly-prices-and-sizes.jpg"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320720/; classtype:trojan-activity;sid:84183820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/45da728e-6020-437a-afa2-4e6223e92ec9_82998dc0.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320721/; classtype:trojan-activity;sid:84183821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/how-to-buy-a-kelly-bag-in-store.jpg"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320722/; classtype:trojan-activity;sid:84183822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320723)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/qhyhy3dgvzf2pcbnkvhvtp5y6e.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320723/; classtype:trojan-activity;sid:84183823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hellodarling.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320724/; classtype:trojan-activity;sid:84183824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320706)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bd66f001e37738db819ac2f298d3c4f7.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320706/; classtype:trojan-activity;sid:84183806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_4886.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320707/; classtype:trojan-activity;sid:84183807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320708)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_evelyne-16-amazone-bag1.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320708/; classtype:trojan-activity;sid:84183808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320705)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_5134.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320705/; classtype:trojan-activity;sid:84183805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320704)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/banner-5-beg-tangan-hermes-birkin-paling-mahal-di-dunia-6509.jpg"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320704/; classtype:trojan-activity;sid:84183804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320699)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-1429634068.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320699/; classtype:trojan-activity;sid:84183799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320700)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/88e88b2bd79fc0b75876cbe4b46b1213.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320700/; classtype:trojan-activity;sid:84183800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320701)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5021cd414b9773e6f4b7ada827bd46c8.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320701/; classtype:trojan-activity;sid:84183801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320702)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/qgb2xl331b000_2.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320702/; classtype:trojan-activity;sid:84183802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320703)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2022-07-20-at-3.28.22-pm.jpg"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320703/; classtype:trojan-activity;sid:84183803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320692)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-c-230428-2-ly-01_500x.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320692/; classtype:trojan-activity;sid:84183792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320693)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/constance-18-noir-epsom-rghw-2-scaled.jpg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320693/; classtype:trojan-activity;sid:84183793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320694)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/goldfield_banks_ingenious_ginger_perfume_1.jpg"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320694/; classtype:trojan-activity;sid:84183794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320695)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_gift_bag_1577861940_f17c3f99_progressive.jpg"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320695/; classtype:trojan-activity;sid:84183795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320696)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-fbslg-080522-1-02_500x.jpg"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320696/; classtype:trojan-activity;sid:84183796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320697)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/etriviere-pocket-35-bag--082768ckab-worn-3-0-0-320-320_g.jpg"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320697/; classtype:trojan-activity;sid:84183797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320698)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-k-231116-1-yw-01_500x.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320698/; classtype:trojan-activity;sid:84183798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320670)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20200627_203143.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320670/; classtype:trojan-activity;sid:84183770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320671)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bc4f32399c00d3d16099cf150b9c6eef.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320671/; classtype:trojan-activity;sid:84183771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320672)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/19220040_42063046_600.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320672/; classtype:trojan-activity;sid:84183772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320673)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320673/; classtype:trojan-activity;sid:84183773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320674)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eau-de-parfum-person-reflection-ginger-elemi-vetiver-1-1.jpg"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320674/; classtype:trojan-activity;sid:84183774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2022-02-13-at-8.09.48-am.jpg"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320675/; classtype:trojan-activity;sid:84183775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320676)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/75397780_773287386510034_9019871986875001534_n.jpg"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320676/; classtype:trojan-activity;sid:84183776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320677)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2000_245a16b2-71e9-4752-8200-9f00d9c2588e.jpg"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320677/; classtype:trojan-activity;sid:84183777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320678)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/992525202525289252529.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320678/; classtype:trojan-activity;sid:84183778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320679)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2600062836913_7_b.jpg"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320679/; classtype:trojan-activity;sid:84183779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320680)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ghwme_800x.jpg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320680/; classtype:trojan-activity;sid:84183780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320681)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51lom9brsks._ac_sy350_.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320681/; classtype:trojan-activity;sid:84183781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320682)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-picotin-22-etain-for-sale-on-mightychic.jpg"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320682/; classtype:trojan-activity;sid:84183782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320683)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1514.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320683/; classtype:trojan-activity;sid:84183783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320684)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/luxe_21_front_rosegold_800x.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320684/; classtype:trojan-activity;sid:84183784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320685)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/shanher981193_1_xl.jpg"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320685/; classtype:trojan-activity;sid:84183785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320686)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lindy26.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320686/; classtype:trojan-activity;sid:84183786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320687)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20f7a9a1db3652dc0645b70fe135b567.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320687/; classtype:trojan-activity;sid:84183787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320688)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-2002-shoulder-bag-evercolor-20.jpg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320688/; classtype:trojan-activity;sid:84183788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320689)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320689/; classtype:trojan-activity;sid:84183789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320690)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4638261_master.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320690/; classtype:trojan-activity;sid:84183790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320691)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tamara-ecclestone-street-style-celebrity-hermes-black-35cm-birkin-bag-fashion-style-photos-pictures.jpg"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320691/; classtype:trojan-activity;sid:84183791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320667)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-jane-birkin_124002949396.jpg"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320667/; classtype:trojan-activity;sid:84183767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320668)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1616c7dbf50d208c98c057e21354c56a.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320668/; classtype:trojan-activity;sid:84183768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320669)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bc4b4d5560d401fcb4b3eb501a01b542.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320669/; classtype:trojan-activity;sid:84183769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320666)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11238422_master.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320666/; classtype:trojan-activity;sid:84183766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/v4-460px-buy-a-birkin-bag-step-11.jpg"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320657/; classtype:trojan-activity;sid:84183757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320658)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2021_mini_evelyne_in_etoupe_wi_1619093087_fdff26c8_progressive.jpg"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320658/; classtype:trojan-activity;sid:84183758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320659)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/org.jpg"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320659/; classtype:trojan-activity;sid:84183759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320660)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2022-07-20-at-3.14.22-pm.jpg"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320660/; classtype:trojan-activity;sid:84183760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320662)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00692770717981.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320662/; classtype:trojan-activity;sid:84183762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320663)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msl3402402_1.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320663/; classtype:trojan-activity;sid:84183763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320664)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61ndetkgc2l._ac_uf894252c1000_ql80_.jpg"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320664/; classtype:trojan-activity;sid:84183764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320665)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4fd880127f13c14c15a5ef5f5a2413aa.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320665/; classtype:trojan-activity;sid:84183765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320650)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-2002-bag.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320650/; classtype:trojan-activity;sid:84183750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320651)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-1331744984.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320651/; classtype:trojan-activity;sid:84183751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320653)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/17.jpg"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320653/; classtype:trojan-activity;sid:84183753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320654)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_kelly_vs_birkin_bag_aesthetics.jpg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320654/; classtype:trojan-activity;sid:84183754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320655)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-vegetable-bag-3.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320655/; classtype:trojan-activity;sid:84183755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320656)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/211311d5db5eb21786f035ce6bea1775dbd5d2b2_3346131501823.jpg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320656/; classtype:trojan-activity;sid:84183756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_0642.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320632/; classtype:trojan-activity;sid:84183732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/victoria-beckham-hermes-birkin-red.jpg"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320633/; classtype:trojan-activity;sid:84183733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-price-update-2023.jpg"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320634/; classtype:trojan-activity;sid:84183734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320635)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61hx4q7k1el._ac_ul600_sr600252c600_.jpg"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320635/; classtype:trojan-activity;sid:84183735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320636)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/81252b1sblbhul._ac_uf894252c1000_ql80_.jpg"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320636/; classtype:trojan-activity;sid:84183736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320637)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b8bce8d847e352154cd7253b39c683df.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320637/; classtype:trojan-activity;sid:84183737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320638)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/victoria-beckhams-bags-vi-007.jpg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320638/; classtype:trojan-activity;sid:84183738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320639)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/https25253a25252f25252fcdn.cnn.com25252fcnnnext25252fdam25252fassets25252f210507160736-02-birkin-hermes-new-record.jpg"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320639/; classtype:trojan-activity;sid:84183739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320640)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-constance-18-vs-24-pdf.jpg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320640/; classtype:trojan-activity;sid:84183740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320641)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3060_hermes_constance_24_black_m_1m.jpg"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320641/; classtype:trojan-activity;sid:84183741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320642)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-cargo-blue-brown-christies-hero.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320642/; classtype:trojan-activity;sid:84183742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320643)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/597ec8003263373ba6a2f8ea99975c3e.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320643/; classtype:trojan-activity;sid:84183743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320644)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/719g3uutqil.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320644/; classtype:trojan-activity;sid:84183744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320645)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ll09566.44_hermes_beige_travel_bag_victoria_travel_bag-2.jpg"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320645/; classtype:trojan-activity;sid:84183745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320646)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_2793-811x1024.jpg"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320646/; classtype:trojan-activity;sid:84183746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320647)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/91azie3aajl._ac_uy1000_.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320647/; classtype:trojan-activity;sid:84183747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320648)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/photo-de-jane-birkin-en-robe-haute-couture.jpg"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320648/; classtype:trojan-activity;sid:84183748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320649)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51jty3ilfpl.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320649/; classtype:trojan-activity;sid:84183749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/black-hermes-birkin-bag-30-togo-women-s-handbag-24.jpg"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320626/; classtype:trojan-activity;sid:84183726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/284745_001_601.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320627/; classtype:trojan-activity;sid:84183727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-1345961429.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320628/; classtype:trojan-activity;sid:84183728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10083710_002_441.jpg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320629/; classtype:trojan-activity;sid:84183729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_2558_cf10923d-cb76-443a-aa71-ebd0a073b481.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320630/; classtype:trojan-activity;sid:84183730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/blackandcraiek20large-1_1024x1024.jpg"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320631/; classtype:trojan-activity;sid:84183731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320618)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msco3400301_1.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320618/; classtype:trojan-activity;sid:84183718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320619)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/original_hermes_paper_bag_1681349174_015c7f92_progressive.jpg"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320619/; classtype:trojan-activity;sid:84183719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320620)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4f4a97268f66d08008243a98c928bb98ea-29-hermes-twilly.2x.h473.w710.jpg"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320620/; classtype:trojan-activity;sid:84183720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320621)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/michael-mack-president-ceo-max-73346608.jpg"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320621/; classtype:trojan-activity;sid:84183721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320622)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h21131-l192896387.jpg"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320622/; classtype:trojan-activity;sid:84183722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320623)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-etrivie2525cc252580re-shopping-bag.jpg"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320623/; classtype:trojan-activity;sid:84183723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320624)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/115002-crb00-otb-08.jpg"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320624/; classtype:trojan-activity;sid:84183724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12310802_50e138917edd1.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320625/; classtype:trojan-activity;sid:84183725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320614)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-constance-palladium-alligator-green-2.jpg"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320614/; classtype:trojan-activity;sid:84183714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320615)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/harrods-mini-battersea-shoulder-bag_16162244_31908743_2048.jpg"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320615/; classtype:trojan-activity;sid:84183715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320616)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-constance-24-blue-electrique-epsom-gold-hardware.jpg"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320616/; classtype:trojan-activity;sid:84183716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320617)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-fbslg-231208-1-gp-01_1024x1024.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320617/; classtype:trojan-activity;sid:84183717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320606)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/il_fullxfull.750350960_cx31.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320606/; classtype:trojan-activity;sid:84183706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320607)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/64527c2d500cd_538_6558a.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320607/; classtype:trojan-activity;sid:84183707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320608)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-c-110722-1-02_1024x1024.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320608/; classtype:trojan-activity;sid:84183708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ac6b16b110f69cbd5481a5120f6b384c.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320609/; classtype:trojan-activity;sid:84183709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320610)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/61negmijsgl._ac_uf894252c1000_ql80_.jpg"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320610/; classtype:trojan-activity;sid:84183710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320611)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/herbag-zip-cabine-bag--082835ckac-worn-1-0-0-1000-1000_g.jpg"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320611/; classtype:trojan-activity;sid:84183711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320612)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cabbage2.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320612/; classtype:trojan-activity;sid:84183712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320613)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1222_hermes_lindy_20mini_nata_s_5sf_s.jpg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320613/; classtype:trojan-activity;sid:84183713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320596)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/etriviere-shopping-bag--062304ckao-worn-9-0-0-800-800_g.jpg"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320596/; classtype:trojan-activity;sid:84183696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320597)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a84f9325-fda3-4708-830e-9244be8da79b.jpg"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320597/; classtype:trojan-activity;sid:84183697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320598)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a7159f05bba93f2b3de20c7e18f8117e.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320598/; classtype:trojan-activity;sid:84183698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320599)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-bag-35-togo-black-women-s-handbag-69.jpg"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320599/; classtype:trojan-activity;sid:84183699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msco3515502_3.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320600/; classtype:trojan-activity;sid:84183700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mqdefault.jpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320601/; classtype:trojan-activity;sid:84183701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_cityback_backpack_1567471137_88ac1785.jpg"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320602/; classtype:trojan-activity;sid:84183702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_trim_31_1678498534_901fd955.jpg"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320603/; classtype:trojan-activity;sid:84183703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320604)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-sac-de-pansage-groom-shopping-bag-in-grey-felt-lined-whool-and-brown-canvas.jpg"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320604/; classtype:trojan-activity;sid:84183704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320605)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-mini-lindy-lady-bag-9590-moi-outfit-809831.jpg"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320605/; classtype:trojan-activity;sid:84183705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320587)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-1245235032-649ef03757e37.jpg"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320587/; classtype:trojan-activity;sid:84183687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320588)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/size_en.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320588/; classtype:trojan-activity;sid:84183688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320589)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/best252520designer252520bags.jpg"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320589/; classtype:trojan-activity;sid:84183689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320590)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screenshot-2022-03-10-at-9.46.01-am.jpg"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320590/; classtype:trojan-activity;sid:84183690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320591)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1200px-pink_birkin_bag.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320591/; classtype:trojan-activity;sid:84183691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320592)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pursangle-tote-bag--083663caaf-worn-3-0-0-800-800_g.jpg"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320592/; classtype:trojan-activity;sid:84183692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320593)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3226_hermes_kelly_togo_etain_s_1m.jpg"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320593/; classtype:trojan-activity;sid:84183693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320594)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/15259307_26586216_1000.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320594/; classtype:trojan-activity;sid:84183694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320595)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sac-birkin35-hermes-2303-29-hermes-vintega-seconde-main-luxe-maroquinerie-occasion_002.jpg"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320595/; classtype:trojan-activity;sid:84183695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320586)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/il_570xn.3739469557_ol7i.jpg"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320586/; classtype:trojan-activity;sid:84183686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320581)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3881799-6711_01.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320581/; classtype:trojan-activity;sid:84183681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320582)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/luxury-women-hermes-used-handbags-p103307-002.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320582/; classtype:trojan-activity;sid:84183682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320583)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/19467987_43455513_1000.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320583/; classtype:trojan-activity;sid:84183683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320584)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/the-hardest-bags-to-get-from-hermes1.jpg"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320584/; classtype:trojan-activity;sid:84183684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320585)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/l-4-e1599756985263.jpg"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320585/; classtype:trojan-activity;sid:84183685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320579)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1701859833-1473afc75a30beae140ae598a07bc449.jpg"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320579/; classtype:trojan-activity;sid:84183679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320580)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/qgbaea12eb000_1.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320580/; classtype:trojan-activity;sid:84183680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320573)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/victoria-beckhams-bags-vi-009.jpg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320573/; classtype:trojan-activity;sid:84183673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320574)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-jonathan-birkin.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320574/; classtype:trojan-activity;sid:84183674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320575)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/dsc_9525_90577e95-6cbd-4df9-ae43-e1e028cb014f.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320575/; classtype:trojan-activity;sid:84183675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320576)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin_rock_25_1673278520_0899596d_progressive.jpg"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320576/; classtype:trojan-activity;sid:84183676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320577)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/nintchdbpict000411647531.jpg"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320577/; classtype:trojan-activity;sid:84183677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320578)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60149_3-.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320578/; classtype:trojan-activity;sid:84183678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320565)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-kelly-breakdown.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320565/; classtype:trojan-activity;sid:84183665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320566)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/7c9ad8c874554e86336ad64fab0b4e87.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320566/; classtype:trojan-activity;sid:84183666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320567)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/screen-shot-2019-03-02-at-9.00.58-pm.jpg"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320567/; classtype:trojan-activity;sid:84183667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320568)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermeschocolatebrownconstanceshoulderbag_33940_2400x.jpg"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320568/; classtype:trojan-activity;sid:84183668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320569)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/v_19379782_1684855917335_bg_processed.jpg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320569/; classtype:trojan-activity;sid:84183669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320570)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-35-2540janefinds.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320570/; classtype:trojan-activity;sid:84183670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320571)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/social.75676.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320571/; classtype:trojan-activity;sid:84183671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320572)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/97ce1d7d-e390-4c7a-af0f-9108aeb59755_c894d4f2.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320572/; classtype:trojan-activity;sid:84183672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320556)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kelly-depeches-36-briefcase--083315ck46-worn-1-0-0-1000-1000_g.jpg"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320556/; classtype:trojan-activity;sid:84183656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin-bag-sizes-birkin-35-2540pernilleteisbaek.jpg"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320557/; classtype:trojan-activity;sid:84183657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/93938a05b5842f839948ba11f9b8701a.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320558/; classtype:trojan-activity;sid:84183658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-picotine-lock-bag.jpg"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320559/; classtype:trojan-activity;sid:84183659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/luxury-women-hermes-used-handbags-p542810-012.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320560/; classtype:trojan-activity;sid:84183660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320561)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/model-walking-with-a-birkin-40cm-in-rouge_1024x1024.jpg"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320561/; classtype:trojan-activity;sid:84183661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320562)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/h-c-042122-2-01_500x.jpg"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320562/; classtype:trojan-activity;sid:84183662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320563)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/1bc777b512038a974708aefcb9ecad9e.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320563/; classtype:trojan-activity;sid:84183663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320564)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coloring-pages-barbie-mermaid.jpg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320564/; classtype:trojan-activity;sid:84183664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320546)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/luxury-women-hermes-used-handbags-p899622-005.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320546/; classtype:trojan-activity;sid:84183646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320547)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-vs-kelly.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320547/; classtype:trojan-activity;sid:84183647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320548)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5_large.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320548/; classtype:trojan-activity;sid:84183648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320549)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msl3418306_1.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320549/; classtype:trojan-activity;sid:84183649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320550)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/763_hermes_kelly_32_veau_charmonix_natural_l_5sf_s.jpg"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320550/; classtype:trojan-activity;sid:84183650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320551)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_picotin_bloghero.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320551/; classtype:trojan-activity;sid:84183651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8162020143910_1200x.jpg"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320552/; classtype:trojan-activity;sid:84183652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2_large.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320553/; classtype:trojan-activity;sid:84183653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320554)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-insert-2-christies.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320554/; classtype:trojan-activity;sid:84183654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/51-dgv3tndl._ac_uy1000_.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320555/; classtype:trojan-activity;sid:84183655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320545)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_kelly_25_sellier_gris_m_1655213974_78542788.jpg"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320545/; classtype:trojan-activity;sid:84183645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320540)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/12908932_master.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320540/; classtype:trojan-activity;sid:84183640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320541)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/11989g2010525-hermes-rugby.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320541/; classtype:trojan-activity;sid:84183641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320542)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image_2_294019717291_3.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320542/; classtype:trojan-activity;sid:84183642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320543)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-sapphire-blue-victoria-ii-35cm-bag.jpg"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320543/; classtype:trojan-activity;sid:84183643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320544)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/00pp-hermes-sac-de-pansage-groom-shopping-bag-in-khaki-and-brown-canvas.jpg"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320544/; classtype:trojan-activity;sid:84183644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320538)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/41zwghbvm1s._ac_uf894252c1000_ql80_.jpg"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320538/; classtype:trojan-activity;sid:84183638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320539)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes_briefcase_1548096010_83ca6390.jpg"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320539/; classtype:trojan-activity;sid:84183639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320533)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/birkin-20.jpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320533/; classtype:trojan-activity;sid:84183633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320534)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9ee3ddca87bd1c1aa5c5793554e852d5.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320534/; classtype:trojan-activity;sid:84183634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320535)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/20198890_50256886_300.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320535/; classtype:trojan-activity;sid:84183635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320536)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/paig-wj1550_v1.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320536/; classtype:trojan-activity;sid:84183636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320537)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-introduces-the-rock-mens-birkin-bag2.jpg"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320537/; classtype:trojan-activity;sid:84183637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320514)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/image-of-hermes-birkin-25-in-gold-sitting-on-a-shelf_1024x1024.jpg"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320514/; classtype:trojan-activity;sid:84183614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320515)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-parts-diagram_1024x1024.jpg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320515/; classtype:trojan-activity;sid:84183615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320516)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tas-hermes-wp-768x545.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320516/; classtype:trojan-activity;sid:84183616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320517)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/acb2b7e6b46adfb2e4943125e5327204.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320517/; classtype:trojan-activity;sid:84183617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320518)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/19467987_43454816_300.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320518/; classtype:trojan-activity;sid:84183618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320519)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-bag-parts-feature-cover_01_1024x1024.jpg"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320519/; classtype:trojan-activity;sid:84183619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320520)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/g3-w.jpg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320520/; classtype:trojan-activity;sid:84183620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320521)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/165207987849679.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320521/; classtype:trojan-activity;sid:84183621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320522)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/david-herme2525cc252580s-barenia-breifcase-downtownuptowngeneve-scaled.jpg"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320522/; classtype:trojan-activity;sid:84183622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320523)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10058992_001.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320523/; classtype:trojan-activity;sid:84183623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320524)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2248_hermes_lindy_20mini_feu_s_1m.jpg"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320524/; classtype:trojan-activity;sid:84183624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320525)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/0c8a9199510079e1f43e45f5e9a38df8.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320525/; classtype:trojan-activity;sid:84183625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320526)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-constance-black-ostrich.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320526/; classtype:trojan-activity;sid:84183626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320527)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/msbk3310405_4.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320527/; classtype:trojan-activity;sid:84183627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320528)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_2687.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320528/; classtype:trojan-activity;sid:84183628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320529)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/10080788_001_912.jpg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320529/; classtype:trojan-activity;sid:84183629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320530)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hermes-birkin-bag-real-vegetables-designboom-04.jpg"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320530/; classtype:trojan-activity;sid:84183630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320531)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/many-hermes-bags-and-boxes-770x823-1.jpg"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320531/; classtype:trojan-activity;sid:84183631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320532)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/molde-2.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320532/; classtype:trojan-activity;sid:84183632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320506)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/derby_graphite-181788-1_512x.jpg"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320506/; classtype:trojan-activity;sid:84183606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320507)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/f0c6c554-3803-4684-80e1-21676564065c.jpg"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320507/; classtype:trojan-activity;sid:84183607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320508)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/harrods-mini-battersea-shoulder-bag_16162244_31908762_2048.jpg"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320508/; classtype:trojan-activity;sid:84183608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320509)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/4217793_master.jpg"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320509/; classtype:trojan-activity;sid:84183609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320510)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320510/; classtype:trojan-activity;sid:84183610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320511)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/s-l640.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320511/; classtype:trojan-activity;sid:84183611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320512)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/her126983_1_enlarged.jpg"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320512/; classtype:trojan-activity;sid:84183612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320513)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gettyimages-1398815520-699x1024.jpg"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3320513/; classtype:trojan-activity;sid:84183613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320489)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/energy-product-catalogue-2020.pdf.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320489/; classtype:trojan-activity;sid:84183589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320485)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/taka-menu-2024.pdf.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320485/; classtype:trojan-activity;sid:84183585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320246)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320246/; classtype:trojan-activity;sid:84183346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320075)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/ttok18.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320075/; classtype:trojan-activity;sid:84183175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320071)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/jtkhikadjthsad.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320071/; classtype:trojan-activity;sid:84183171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320073)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/fukjsefsdfh.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320073/; classtype:trojan-activity;sid:84183173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320068)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/vorpgkadeg.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320068/; classtype:trojan-activity;sid:84183168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320069)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/piotjhjadkaw.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320069/; classtype:trojan-activity;sid:84183169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320070)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/fhjsfryjaspyjga.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320070/; classtype:trojan-activity;sid:84183170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"27.102.129.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320066/; classtype:trojan-activity;sid:84183166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"27.102.129.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320064/; classtype:trojan-activity;sid:84183164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.102.129.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320060/; classtype:trojan-activity;sid:84183160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.102.129.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320061/; classtype:trojan-activity;sid:84183161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"27.102.129.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320062/; classtype:trojan-activity;sid:84183162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.102.129.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320063/; classtype:trojan-activity;sid:84183163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"27.102.129.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320056/; classtype:trojan-activity;sid:84183156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320057)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"27.102.129.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320057/; classtype:trojan-activity;sid:84183157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.102.129.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320058/; classtype:trojan-activity;sid:84183158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3320059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.102.129.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3320059/; classtype:trojan-activity;sid:84183159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319977)"; flow:established,from_client; content:"GET"; http_method; content:"/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319977/; classtype:trojan-activity;sid:84183077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319976)"; flow:established,from_client; content:"GET"; http_method; content:"/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319976/; classtype:trojan-activity;sid:84183076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319975)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/bothg/releases/download/das/start.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319975/; classtype:trojan-activity;sid:84183075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319973)"; flow:established,from_client; content:"GET"; http_method; content:"/vipek1990/napewnonievoiderhook/raw/main/seksiak.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319973/; classtype:trojan-activity;sid:84183073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319950)"; flow:established,from_client; content:"GET"; http_method; content:"/file/312.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"drdavidfishbein.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319950/; classtype:trojan-activity;sid:84183050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319951)"; flow:established,from_client; content:"GET"; http_method; content:"/file/369.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"drdavidfishbein.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319951/; classtype:trojan-activity;sid:84183051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319949)"; flow:established,from_client; content:"GET"; http_method; content:"/x67h2024knworm.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"masclauxtoitures.fr"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319949/; classtype:trojan-activity;sid:84183049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319948)"; flow:established,from_client; content:"GET"; http_method; content:"/rem58jdt2024bcos.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"maisonetcites.fr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319948/; classtype:trojan-activity;sid:84183048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319947)"; flow:established,from_client; content:"GET"; http_method; content:"/richie213/jj/refs/heads/main/npacraa.txt"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319947/; classtype:trojan-activity;sid:84183047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319939)"; flow:established,from_client; content:"GET"; http_method; content:"/file/312.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"drdavidfishbein.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319939/; classtype:trojan-activity;sid:84183039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319940)"; flow:established,from_client; content:"GET"; http_method; content:"/file/369.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"drdavidfishbein.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319940/; classtype:trojan-activity;sid:84183040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319906)"; flow:established,from_client; content:"GET"; http_method; content:"/instrumental/basx.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.113.115.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319906/; classtype:trojan-activity;sid:84183006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319826/; classtype:trojan-activity;sid:84182926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.102.129.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319702/; classtype:trojan-activity;sid:84182802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319696)"; flow:established,from_client; content:"GET"; http_method; content:"/497fe80867084741/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.45.47.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319696/; classtype:trojan-activity;sid:84182796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319679)"; flow:established,from_client; content:"GET"; http_method; content:"/497fe80867084741/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"147.45.47.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319679/; classtype:trojan-activity;sid:84182779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319675)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.36.117.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319675/; classtype:trojan-activity;sid:84182775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319667)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319667/; classtype:trojan-activity;sid:84182767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319668)"; flow:established,from_client; content:"GET"; http_method; content:"/497fe80867084741/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"147.45.47.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319668/; classtype:trojan-activity;sid:84182768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319665)"; flow:established,from_client; content:"GET"; http_method; content:"/497fe80867084741/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"147.45.47.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319665/; classtype:trojan-activity;sid:84182765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319656)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319656/; classtype:trojan-activity;sid:84182756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319659)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319659/; classtype:trojan-activity;sid:84182759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319655)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.215.113.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319655/; classtype:trojan-activity;sid:84182755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319651)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319651/; classtype:trojan-activity;sid:84182751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319641)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.26.166.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319641/; classtype:trojan-activity;sid:84182741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319642)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.114.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319642/; classtype:trojan-activity;sid:84182742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319636)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319636/; classtype:trojan-activity;sid:84182736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319640)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.57.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319640/; classtype:trojan-activity;sid:84182740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319624)"; flow:established,from_client; content:"GET"; http_method; content:"/497fe80867084741/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"147.45.47.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319624/; classtype:trojan-activity;sid:84182724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319617)"; flow:established,from_client; content:"GET"; http_method; content:"/497fe80867084741/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"147.45.47.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319617/; classtype:trojan-activity;sid:84182717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319621)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319621/; classtype:trojan-activity;sid:84182721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319622)"; flow:established,from_client; content:"GET"; http_method; content:"/497fe80867084741/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"147.45.47.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319622/; classtype:trojan-activity;sid:84182722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319601)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/e/refs/heads/main/powershell.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319601/; classtype:trojan-activity;sid:84182701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm|3f|ddos"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319566/; classtype:trojan-activity;sid:84182666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.221.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319525/; classtype:trojan-activity;sid:84182625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319481)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/pockket/raw/refs/heads/main/mthimskef.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319481/; classtype:trojan-activity;sid:84182581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.23.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319056/; classtype:trojan-activity;sid:84182156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319055)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.23.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319055/; classtype:trojan-activity;sid:84182155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.23.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319052/; classtype:trojan-activity;sid:84182152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.23.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319053/; classtype:trojan-activity;sid:84182153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319050)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.23.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319050/; classtype:trojan-activity;sid:84182150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319045)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.23.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319045/; classtype:trojan-activity;sid:84182145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319046)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.23.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319046/; classtype:trojan-activity;sid:84182146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.23.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319047/; classtype:trojan-activity;sid:84182147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319048)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.23.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319048/; classtype:trojan-activity;sid:84182148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319049)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.23.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319049/; classtype:trojan-activity;sid:84182149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319043)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.23.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319043/; classtype:trojan-activity;sid:84182143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/boatnet.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.23.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319044/; classtype:trojan-activity;sid:84182144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318783)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zsfc.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318783/; classtype:trojan-activity;sid:84181883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318784)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_20190930_092429-scaled.jpg.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318784/; classtype:trojan-activity;sid:84181884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spring-2022-edition.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318785/; classtype:trojan-activity;sid:84181885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318786)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ami-raf-decim.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318786/; classtype:trojan-activity;sid:84181886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318787)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m500303_0003997_p.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318787/; classtype:trojan-activity;sid:84181887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318788)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_0877-1.jpg.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318788/; classtype:trojan-activity;sid:84181888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318766)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/87544902_204431357628697_903565238228484096_n.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318766/; classtype:trojan-activity;sid:84181866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318767)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ra-678-2023-declararla-capacidad-de-berly-gonzales-ortega-y-andrea-carrazco-bueno-para-contraer-matrimonio-civil-en-la-municipalidad-distrital-de-cayma.pdf.lnk"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318767/; classtype:trojan-activity;sid:84181867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318768)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/09mibs_angler_2.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318768/; classtype:trojan-activity;sid:84181868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318769)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/z4767191438396_f863ed93b00bfc36673262b0d9cdd7aa.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318769/; classtype:trojan-activity;sid:84181869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318770)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/annals-2011-3-24.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318770/; classtype:trojan-activity;sid:84181870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318771)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sunline-spec-sheet-for-fastenerswind-devil-2.pdf.lnk"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318771/; classtype:trojan-activity;sid:84181871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318772)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rubrica-docente-csociales_fpecyt_2019.pdf.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318772/; classtype:trojan-activity;sid:84181872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318773)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/moes-bread-menu-1.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318773/; classtype:trojan-activity;sid:84181873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318774)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cropped-staas-logo-favicon-150x150.png.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318774/; classtype:trojan-activity;sid:84181874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318775)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/eos_roadmap_2024_4.9.6.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318775/; classtype:trojan-activity;sid:84181875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318776)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vc-8551-c.-santa-elena-y-saltillo-col.-nisperos-19.jpeg.lnk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318776/; classtype:trojan-activity;sid:84181876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318777)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bando_cartagena.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318777/; classtype:trojan-activity;sid:84181877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318778)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/b3bcff61c8798de7e60f898a39d47170.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318778/; classtype:trojan-activity;sid:84181878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318779)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xrp_regulatory_compliance_guide_2024_2.8.0.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318779/; classtype:trojan-activity;sid:84181879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318780)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3-prima-casa-vicino-via-bari.jpg.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318780/; classtype:trojan-activity;sid:84181880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318781)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/galvaniz-nasil-yapilir-gorsel-13.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318781/; classtype:trojan-activity;sid:84181881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9bccc2eb-9c8f-0f91-6e19-689e13e3f036.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318782/; classtype:trojan-activity;sid:84181882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318742)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img-20240810-wa0007.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318742/; classtype:trojan-activity;sid:84181842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318743)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/saime-cave-24.jpg.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318743/; classtype:trojan-activity;sid:84181843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318744)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/16.png.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318744/; classtype:trojan-activity;sid:84181844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318745)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bases-programa-de-iie-2022.docx.pdf.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318745/; classtype:trojan-activity;sid:84181845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318746)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/unheard-voice-tt.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318746/; classtype:trojan-activity;sid:84181846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/100-tvd_p3_gerencia-ge.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318747/; classtype:trojan-activity;sid:84181847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/casa-01-pousada-piedade-mata-atlantica-ronco-do-bugio.png.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318748/; classtype:trojan-activity;sid:84181848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318749)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/60124_2.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318749/; classtype:trojan-activity;sid:84181849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318751)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wniosek-o-wydanie-opinii-o-dziecku-w-przedszkolu-terapeutycznym-parasolki-w-zorach.pdf.lnk"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318751/; classtype:trojan-activity;sid:84181851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318752)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/koval-building-supply-p42i-tc-pellet-insert-7.jpg.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318752/; classtype:trojan-activity;sid:84181852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318753)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ficha-de-actividades-de-apoyo-segundo-ciclo-y-media_app-1.pdf.lnk"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318753/; classtype:trojan-activity;sid:84181853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318754)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/resultados-eureka-2024.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318754/; classtype:trojan-activity;sid:84181854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318755)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/agronegocios-genesis-semillas-ficha-tecnica-pepinillo-thunderbird.pdf.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318755/; classtype:trojan-activity;sid:84181855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318756)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j16-powerpro-specsheet.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318756/; classtype:trojan-activity;sid:84181856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318757)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/politicas-de-cancelacion.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318757/; classtype:trojan-activity;sid:84181857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318758)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/whatsapp-image-2021-09-22-at-20.24.27-2-1024x768.jpeg.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318758/; classtype:trojan-activity;sid:84181858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318759)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/8-harlow-rd-greening-glade-entrance.jpg.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318759/; classtype:trojan-activity;sid:84181859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cake-and-pastries-online-shopping-2.png.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318760/; classtype:trojan-activity;sid:84181860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/59216_6.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318761/; classtype:trojan-activity;sid:84181861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/avishai_cohen_bfj_6.jpg.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318762/; classtype:trojan-activity;sid:84181862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchqueryfl-studio-cracked.comcrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318763/; classtype:trojan-activity;sid:84181863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318764)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mora2.jpg.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318764/; classtype:trojan-activity;sid:84181864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318765)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/doutor-pastagem-20.jpg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318765/; classtype:trojan-activity;sid:84181865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318726)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/trying-on-the-hermes-evelyne-mini-1440x1920.jpg.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318726/; classtype:trojan-activity;sid:84181826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318727)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fireshot-capture-013-rj-motors-rjmotors.ps_.png.lnk"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318727/; classtype:trojan-activity;sid:84181827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318728)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/placeholder.jpg.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318728/; classtype:trojan-activity;sid:84181828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318729)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/capability-matrix-july-2023.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318729/; classtype:trojan-activity;sid:84181829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318730)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/molykote-cu-7439-msds.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318730/; classtype:trojan-activity;sid:84181830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318731)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_1695.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318731/; classtype:trojan-activity;sid:84181831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318732)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/a58b7d10c0bf956e634297480732e7a9.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318732/; classtype:trojan-activity;sid:84181832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318733)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/invitacion-interna-11-de-marzo-2020.pdf.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318733/; classtype:trojan-activity;sid:84181833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318734)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/290923_tc.jpg.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318734/; classtype:trojan-activity;sid:84181834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/238683670_106314311765062_3545142001021513575_n.jpg.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318735/; classtype:trojan-activity;sid:84181835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318736)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/5502.jpg.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318736/; classtype:trojan-activity;sid:84181836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318737)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/angler20.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318737/; classtype:trojan-activity;sid:84181837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318738)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cne-2022-n252525252525252525252525252525c3252525252525252525252525252525b3mina-representantes-regionales-original.docx.pdf.lnk"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318738/; classtype:trojan-activity;sid:84181838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318739)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/domingas-3-bn7bbd.jpeg.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318739/; classtype:trojan-activity;sid:84181839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318740)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/609753f1-43ac-c07b-c856-e9e6b5556750.png.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318740/; classtype:trojan-activity;sid:84181840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318741)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/coem-reverso-1.jpg.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318741/; classtype:trojan-activity;sid:84181841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318724)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/plan-anticorrupcion-y-de-atencion-al-ciudadano-paac-2023-v2-1.pdf.lnk"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318724/; classtype:trojan-activity;sid:84181824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318725)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pifilosofiaambiental.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318725/; classtype:trojan-activity;sid:84181825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318722)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/2020-ed-5-10-24-vol-173-en-esp-interactive.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318722/; classtype:trojan-activity;sid:84181822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318723)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/513341125924.jpg.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318723/; classtype:trojan-activity;sid:84181823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/img_9640-1200x800.jpg.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318721/; classtype:trojan-activity;sid:84181821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/searchquerysearchqueryanyfile.pngcrumblocation87.120.115.24080downloadsdisplaynamedownloadscrumblocation87.120.115.24080downloadsdisplaynamedownloads.lnk"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318719/; classtype:trojan-activity;sid:84181819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/esol-tutor-job-description.docx.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318720/; classtype:trojan-activity;sid:84181820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318718)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/franceza_12n_var.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318718/; classtype:trojan-activity;sid:84181818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318689)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cptrackingbeta.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.133.61.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318689/; classtype:trojan-activity;sid:84181789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318694)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/adobeflash.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.133.61.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318694/; classtype:trojan-activity;sid:84181794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318675)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/9160fb03d89ec42b78b47dab53e8b275.jpeg.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318675/; classtype:trojan-activity;sid:84181775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318670)"; flow:established,from_client; content:"GET"; http_method; content:"/nonadoc/nonadoc/releases/download/defi_prive/anketa_miner"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318670/; classtype:trojan-activity;sid:84181770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318659)"; flow:established,from_client; content:"GET"; http_method; content:"/server.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.23.113.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318659/; classtype:trojan-activity;sid:84181759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318649)"; flow:established,from_client; content:"GET"; http_method; content:"/server"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.23.113.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318649/; classtype:trojan-activity;sid:84181749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318641)"; flow:established,from_client; content:"GET"; http_method; content:"/server"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318641/; classtype:trojan-activity;sid:84181741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318647)"; flow:established,from_client; content:"GET"; http_method; content:"/server"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.66.91.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318647/; classtype:trojan-activity;sid:84181747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318635)"; flow:established,from_client; content:"GET"; http_method; content:"/server"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.133.61.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318635/; classtype:trojan-activity;sid:84181735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318634)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/euroto-2024-1-scaled.jpeg.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318634/; classtype:trojan-activity;sid:84181734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318632)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cerere-eliberare-atestat-de-producator.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318632/; classtype:trojan-activity;sid:84181732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318633)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mario-and-princess-peach-coloring-pages.jpg.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318633/; classtype:trojan-activity;sid:84181733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/vendet-e-lira-dt.23.09.2024-24.09.2024.pdf.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318627/; classtype:trojan-activity;sid:84181727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318628)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/happy-birthday-7.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318628/; classtype:trojan-activity;sid:84181728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/58531_1.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318629/; classtype:trojan-activity;sid:84181729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318630)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ced6816d5e2111c2181b6168619bd393.jpg.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318630/; classtype:trojan-activity;sid:84181730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318631)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/j19-powerpro-specsheet.pdf.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318631/; classtype:trojan-activity;sid:84181731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318626)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tenebra.url"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318626/; classtype:trojan-activity;sid:84181726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318625)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/helloworld.pdf.url"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318625/; classtype:trojan-activity;sid:84181725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318622)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.57.230.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318622/; classtype:trojan-activity;sid:84181722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318604)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.133.224.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318604/; classtype:trojan-activity;sid:84181704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318596)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"44.193.202.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318596/; classtype:trojan-activity;sid:84181696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318594)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.89.212.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318594/; classtype:trojan-activity;sid:84181694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318593)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.60.182.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318593/; classtype:trojan-activity;sid:84181693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318591)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318591/; classtype:trojan-activity;sid:84181691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318592)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.70.165.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318592/; classtype:trojan-activity;sid:84181692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318589)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.130.24.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318589/; classtype:trojan-activity;sid:84181689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318579)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.130.24.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318579/; classtype:trojan-activity;sid:84181679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318580)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318580/; classtype:trojan-activity;sid:84181680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318573)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"122.51.243.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318573/; classtype:trojan-activity;sid:84181673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318574)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.20.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318574/; classtype:trojan-activity;sid:84181674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318575)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.91.125.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318575/; classtype:trojan-activity;sid:84181675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318576)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"140.143.201.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318576/; classtype:trojan-activity;sid:84181676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318571)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"35.196.251.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318571/; classtype:trojan-activity;sid:84181671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318566)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.136.60.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318566/; classtype:trojan-activity;sid:84181666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318567)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.234.2.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318567/; classtype:trojan-activity;sid:84181667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318568)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.128.134.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318568/; classtype:trojan-activity;sid:84181668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318563)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.49.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318563/; classtype:trojan-activity;sid:84181663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318564)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.26.166.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318564/; classtype:trojan-activity;sid:84181664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318565)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.26.166.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318565/; classtype:trojan-activity;sid:84181665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318561)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.105.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318561/; classtype:trojan-activity;sid:84181661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318549)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.46.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318549/; classtype:trojan-activity;sid:84181649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318551)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.154.18.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318551/; classtype:trojan-activity;sid:84181651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318531)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.138.27.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318531/; classtype:trojan-activity;sid:84181631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318535)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.64.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318535/; classtype:trojan-activity;sid:84181635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318538)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"110.40.138.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318538/; classtype:trojan-activity;sid:84181638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318527)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.136.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318527/; classtype:trojan-activity;sid:84181627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318529)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.149.128.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318529/; classtype:trojan-activity;sid:84181629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318520)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.25.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318520/; classtype:trojan-activity;sid:84181620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318521)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.160.1.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318521/; classtype:trojan-activity;sid:84181621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318522)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.71.13.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318522/; classtype:trojan-activity;sid:84181622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318523)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"180.76.138.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318523/; classtype:trojan-activity;sid:84181623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318495)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.71.202.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318495/; classtype:trojan-activity;sid:84181595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318497)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.189.79.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318497/; classtype:trojan-activity;sid:84181597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318498)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318498/; classtype:trojan-activity;sid:84181598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318499)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.131.50.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318499/; classtype:trojan-activity;sid:84181599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318502)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318502/; classtype:trojan-activity;sid:84181602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318507)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.141.1.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318507/; classtype:trojan-activity;sid:84181607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318509)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.157.5.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318509/; classtype:trojan-activity;sid:84181609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318514)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.210.118.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318514/; classtype:trojan-activity;sid:84181614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318518)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.3.171.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318518/; classtype:trojan-activity;sid:84181618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318354)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318354/; classtype:trojan-activity;sid:84181454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318309)"; flow:established,from_client; content:"GET"; http_method; content:"/khangdz1801/raw/refs/heads/main/sound.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318309/; classtype:trojan-activity;sid:84181409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318305)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/blob/main/gweadtrgh.exe|3f|raw=true"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318305/; classtype:trojan-activity;sid:84181405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318304)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/uparowas/raw/refs/heads/main/mtbkkesfthae.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318304/; classtype:trojan-activity;sid:84181404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318302)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/pyjnkasedf.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318302/; classtype:trojan-activity;sid:84181402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318245)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1m9-f6tbwfcdjopqwvo18xxx9erwna30y"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318245/; classtype:trojan-activity;sid:84181345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318203)"; flow:established,from_client; content:"GET"; http_method; content:"/sql2019-ssei-dev.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"43.155.93.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318203/; classtype:trojan-activity;sid:84181303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318201)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.3.179.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318201/; classtype:trojan-activity;sid:84181301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318202)"; flow:established,from_client; content:"GET"; http_method; content:"/snoopy.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.3.179.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318202/; classtype:trojan-activity;sid:84181302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318199)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.elf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318199/; classtype:trojan-activity;sid:84181299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318197)"; flow:established,from_client; content:"GET"; http_method; content:"/g.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318197/; classtype:trojan-activity;sid:84181297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318198)"; flow:established,from_client; content:"GET"; http_method; content:"/anquangou.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318198/; classtype:trojan-activity;sid:84181298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318193)"; flow:established,from_client; content:"GET"; http_method; content:"/qqbg.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318193/; classtype:trojan-activity;sid:84181293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318194)"; flow:established,from_client; content:"GET"; http_method; content:"/notepad++.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318194/; classtype:trojan-activity;sid:84181294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318195)"; flow:established,from_client; content:"GET"; http_method; content:"/defender.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318195/; classtype:trojan-activity;sid:84181295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318153)"; flow:established,from_client; content:"GET"; http_method; content:"/spontaneous_spider.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"136.0.44.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318153/; classtype:trojan-activity;sid:84181253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318152)"; flow:established,from_client; content:"GET"; http_method; content:"/constant_strategy"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"136.0.44.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318152/; classtype:trojan-activity;sid:84181252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318148)"; flow:established,from_client; content:"GET"; http_method; content:"/rare_ry"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"136.0.44.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318148/; classtype:trojan-activity;sid:84181248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318149)"; flow:established,from_client; content:"GET"; http_method; content:"/vivacious_snowflake"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"136.0.44.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318149/; classtype:trojan-activity;sid:84181249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318150)"; flow:established,from_client; content:"GET"; http_method; content:"/innocent_conversation"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"136.0.44.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318150/; classtype:trojan-activity;sid:84181250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318151)"; flow:established,from_client; content:"GET"; http_method; content:"/flat_lilac"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"136.0.44.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318151/; classtype:trojan-activity;sid:84181251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318147)"; flow:established,from_client; content:"GET"; http_method; content:"/grim_steak"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318147/; classtype:trojan-activity;sid:84181247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318146)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318146/; classtype:trojan-activity;sid:84181246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318144)"; flow:established,from_client; content:"GET"; http_method; content:"/netshhelper.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318144/; classtype:trojan-activity;sid:84181244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318145)"; flow:established,from_client; content:"GET"; http_method; content:"/agent"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318145/; classtype:trojan-activity;sid:84181245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317820)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317820/; classtype:trojan-activity;sid:84180920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317819)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317819/; classtype:trojan-activity;sid:84180919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317814)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317814/; classtype:trojan-activity;sid:84180914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317815)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317815/; classtype:trojan-activity;sid:84180915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317816)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317816/; classtype:trojan-activity;sid:84180916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317817)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317817/; classtype:trojan-activity;sid:84180917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317818)"; flow:established,from_client; content:"GET"; http_method; content:"/15f869479d73f92a/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.215.85.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317818/; classtype:trojan-activity;sid:84180918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317746)"; flow:established,from_client; content:"GET"; http_method; content:"/hexed/vent.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"blogoss.fr"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317746/; classtype:trojan-activity;sid:84180846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317713)"; flow:established,from_client; content:"GET"; http_method; content:"/m2/plugin2.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317713/; classtype:trojan-activity;sid:84180813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317712)"; flow:established,from_client; content:"GET"; http_method; content:"/m2/plugin1.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317712/; classtype:trojan-activity;sid:84180812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317711)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin1.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317711/; classtype:trojan-activity;sid:84180811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317710)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin2.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317710/; classtype:trojan-activity;sid:84180810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317707)"; flow:established,from_client; content:"GET"; http_method; content:"/m2/plugin3.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317707/; classtype:trojan-activity;sid:84180807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317708)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin3.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317708/; classtype:trojan-activity;sid:84180808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317638/; classtype:trojan-activity;sid:84180738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317497)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/media/thing2"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"divvanews.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317497/; classtype:trojan-activity;sid:84180597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.33.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317232/; classtype:trojan-activity;sid:84180332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.88.147.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317173/; classtype:trojan-activity;sid:84180273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.151.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3317006/; classtype:trojan-activity;sid:84180106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316786)"; flow:established,from_client; content:"GET"; http_method; content:"/.puscarie/.report_system"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"66.63.187.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316786/; classtype:trojan-activity;sid:84179886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316785)"; flow:established,from_client; content:"GET"; http_method; content:"/.puscarie/.main"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"66.63.187.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316785/; classtype:trojan-activity;sid:84179885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.232.187.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316611/; classtype:trojan-activity;sid:84179711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316455)"; flow:established,from_client; content:"GET"; http_method; content:"/aaaaaa.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316455/; classtype:trojan-activity;sid:84179555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316454)"; flow:established,from_client; content:"GET"; http_method; content:"/get.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316454/; classtype:trojan-activity;sid:84179554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316452)"; flow:established,from_client; content:"GET"; http_method; content:"/searchuii.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316452/; classtype:trojan-activity;sid:84179552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.249.243.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316272/; classtype:trojan-activity;sid:84179372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.243.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316268/; classtype:trojan-activity;sid:84179368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316178)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316178/; classtype:trojan-activity;sid:84179278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316179)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316179/; classtype:trojan-activity;sid:84179279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316180)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316180/; classtype:trojan-activity;sid:84179280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316170)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316170/; classtype:trojan-activity;sid:84179270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316171)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316171/; classtype:trojan-activity;sid:84179271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316172)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316172/; classtype:trojan-activity;sid:84179272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316173)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316173/; classtype:trojan-activity;sid:84179273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316175)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316175/; classtype:trojan-activity;sid:84179275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316124)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316124/; classtype:trojan-activity;sid:84179224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316125)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316125/; classtype:trojan-activity;sid:84179225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316126)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316126/; classtype:trojan-activity;sid:84179226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316127)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.227.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316127/; classtype:trojan-activity;sid:84179227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.0.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316118/; classtype:trojan-activity;sid:84179218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316111)"; flow:established,from_client; content:"GET"; http_method; content:"/olosha1/oparik/raw/refs/heads/main/kfhtksfesek.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316111/; classtype:trojan-activity;sid:84179211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316108)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"27.102.129.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316108/; classtype:trojan-activity;sid:84179208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.253.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316001/; classtype:trojan-activity;sid:84179101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.249.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3315883/; classtype:trojan-activity;sid:84178983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3315843/; classtype:trojan-activity;sid:84178943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.40.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315570/; classtype:trojan-activity;sid:84178670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312986)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.153.207.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312986/; classtype:trojan-activity;sid:84176086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.26.82.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312934/; classtype:trojan-activity;sid:84176034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312836)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312836/; classtype:trojan-activity;sid:84175936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312833)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.30.204.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312833/; classtype:trojan-activity;sid:84175933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312827)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312827/; classtype:trojan-activity;sid:84175927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312825)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312825/; classtype:trojan-activity;sid:84175925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312823)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312823/; classtype:trojan-activity;sid:84175923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312822)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.204.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312822/; classtype:trojan-activity;sid:84175922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312814)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312814/; classtype:trojan-activity;sid:84175914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312811)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312811/; classtype:trojan-activity;sid:84175911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312805)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.204.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312805/; classtype:trojan-activity;sid:84175905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312806)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312806/; classtype:trojan-activity;sid:84175906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312791)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312791/; classtype:trojan-activity;sid:84175891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312792)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312792/; classtype:trojan-activity;sid:84175892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312794)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312794/; classtype:trojan-activity;sid:84175894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312679)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"muwc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312679/; classtype:trojan-activity;sid:84175779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312663)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.216.169.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312663/; classtype:trojan-activity;sid:84175763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312650)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"muwc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312650/; classtype:trojan-activity;sid:84175750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312638)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"muwc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312638/; classtype:trojan-activity;sid:84175738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312641)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"muwc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312641/; classtype:trojan-activity;sid:84175741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312628)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"muwc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312628/; classtype:trojan-activity;sid:84175728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312629)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"muwc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312629/; classtype:trojan-activity;sid:84175729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312602)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.216.169.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312602/; classtype:trojan-activity;sid:84175702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312586)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.216.169.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312586/; classtype:trojan-activity;sid:84175686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312573)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.216.169.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312573/; classtype:trojan-activity;sid:84175673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312574)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.216.169.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312574/; classtype:trojan-activity;sid:84175674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312569)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"muwc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312569/; classtype:trojan-activity;sid:84175669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312562)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.216.169.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312562/; classtype:trojan-activity;sid:84175662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312549)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"muwc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312549/; classtype:trojan-activity;sid:84175649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312542)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.216.169.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312542/; classtype:trojan-activity;sid:84175642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312544)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.216.169.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312544/; classtype:trojan-activity;sid:84175644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312523)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.216.169.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312523/; classtype:trojan-activity;sid:84175623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312525)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.216.169.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312525/; classtype:trojan-activity;sid:84175625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312526)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.216.169.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312526/; classtype:trojan-activity;sid:84175626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312529)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"muwc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312529/; classtype:trojan-activity;sid:84175629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312530)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"muwc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312530/; classtype:trojan-activity;sid:84175630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312533)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"muwc.shop"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312533/; classtype:trojan-activity;sid:84175633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.125.241.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312497/; classtype:trojan-activity;sid:84175597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312140)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7403972632/gu8nd0g.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3312140/; classtype:trojan-activity;sid:84175240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311889)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311889/; classtype:trojan-activity;sid:84174989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311875)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311875/; classtype:trojan-activity;sid:84174975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311876)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311876/; classtype:trojan-activity;sid:84174976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311877)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311877/; classtype:trojan-activity;sid:84174977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311878)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311878/; classtype:trojan-activity;sid:84174978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311879)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311879/; classtype:trojan-activity;sid:84174979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311880)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311880/; classtype:trojan-activity;sid:84174980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311881)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311881/; classtype:trojan-activity;sid:84174981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311882)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311882/; classtype:trojan-activity;sid:84174982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311883)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311883/; classtype:trojan-activity;sid:84174983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311884)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311884/; classtype:trojan-activity;sid:84174984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311885)"; flow:established,from_client; content:"GET"; http_method; content:"/telnet.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311885/; classtype:trojan-activity;sid:84174985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311886)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311886/; classtype:trojan-activity;sid:84174986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311887)"; flow:established,from_client; content:"GET"; http_method; content:"/cnp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311887/; classtype:trojan-activity;sid:84174987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311888)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311888/; classtype:trojan-activity;sid:84174988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311865)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311865/; classtype:trojan-activity;sid:84174965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311866)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311866/; classtype:trojan-activity;sid:84174966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311864)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311864/; classtype:trojan-activity;sid:84174964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311862/; classtype:trojan-activity;sid:84174962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311863)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311863/; classtype:trojan-activity;sid:84174963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311562/; classtype:trojan-activity;sid:84174662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.232.187.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311446/; classtype:trojan-activity;sid:84174546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311419/; classtype:trojan-activity;sid:84174519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311403/; classtype:trojan-activity;sid:84174503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.33.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311392/; classtype:trojan-activity;sid:84174492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.33.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311394/; classtype:trojan-activity;sid:84174494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.70.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311187/; classtype:trojan-activity;sid:84174287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311090)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311090/; classtype:trojan-activity;sid:84174190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311091)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/emips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311091/; classtype:trojan-activity;sid:84174191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311088)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/empsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311088/; classtype:trojan-activity;sid:84174188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311086)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311086/; classtype:trojan-activity;sid:84174186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311083)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311083/; classtype:trojan-activity;sid:84174183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311084)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311084/; classtype:trojan-activity;sid:84174184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311085)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/ex86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311085/; classtype:trojan-activity;sid:84174185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311081)"; flow:established,from_client; content:"GET"; http_method; content:"/dvrlocker"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311081/; classtype:trojan-activity;sid:84174181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311080)"; flow:established,from_client; content:"GET"; http_method; content:"/msq/exploitips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311080/; classtype:trojan-activity;sid:84174180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311078)"; flow:established,from_client; content:"GET"; http_method; content:"/msq/go"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311078/; classtype:trojan-activity;sid:84174178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311076)"; flow:established,from_client; content:"GET"; http_method; content:"/msq/brute"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311076/; classtype:trojan-activity;sid:84174176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311077)"; flow:established,from_client; content:"GET"; http_method; content:"/msq/ps"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311077/; classtype:trojan-activity;sid:84174177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311075)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311075/; classtype:trojan-activity;sid:84174175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311071)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/ex86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311071/; classtype:trojan-activity;sid:84174171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311072)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311072/; classtype:trojan-activity;sid:84174172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311073)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311073/; classtype:trojan-activity;sid:84174173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311065)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/emips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311065/; classtype:trojan-activity;sid:84174165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311067)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311067/; classtype:trojan-activity;sid:84174167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311068)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/empsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311068/; classtype:trojan-activity;sid:84174168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311069)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311069/; classtype:trojan-activity;sid:84174169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311070)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311070/; classtype:trojan-activity;sid:84174170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311060)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311060/; classtype:trojan-activity;sid:84174160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311061)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311061/; classtype:trojan-activity;sid:84174161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311062)"; flow:established,from_client; content:"GET"; http_method; content:"/earm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311062/; classtype:trojan-activity;sid:84174162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311063)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311063/; classtype:trojan-activity;sid:84174163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311064)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.156.109.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311064/; classtype:trojan-activity;sid:84174164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3311056)"; flow:established,from_client; content:"GET"; http_method; content:"/humo.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_29; reference:url, urlhaus.abuse.ch/url/3311056/; classtype:trojan-activity;sid:84174156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310377)"; flow:established,from_client; content:"GET"; http_method; content:"/files/martin/random.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310377/; classtype:trojan-activity;sid:84173477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310337)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/kirlisokak-stealer-4050/zip/refs/heads/main"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310337/; classtype:trojan-activity;sid:84173437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310273)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/thomaspatric-startup-1469/zip/refs/heads/main"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310273/; classtype:trojan-activity;sid:84173373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310236)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/wirestonline-startup-4487/zip/refs/heads/main"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310236/; classtype:trojan-activity;sid:84173336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310212)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/javadownloader/zip/refs/heads/main"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310212/; classtype:trojan-activity;sid:84173312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310208)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/kirlisokak-startup-2193/zip/refs/heads/main"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310208/; classtype:trojan-activity;sid:84173308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310200)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/ad4nal1-stealer-5016/zip/refs/heads/main"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310200/; classtype:trojan-activity;sid:84173300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310169)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/bnecorex-startup-2368/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310169/; classtype:trojan-activity;sid:84173269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310157)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/thomaspatric-stealer-4528/zip/refs/heads/main"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310157/; classtype:trojan-activity;sid:84173257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310143)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/ad4nal1-startup-9659/zip/refs/heads/main"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310143/; classtype:trojan-activity;sid:84173243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310123)"; flow:established,from_client; content:"GET"; http_method; content:"/sonriseclient/ad4nal1-stealer-5016/raw/refs/heads/main/stealer.jar"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310123/; classtype:trojan-activity;sid:84173223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3310055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.35.179.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3310055/; classtype:trojan-activity;sid:84173155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.97.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309934/; classtype:trojan-activity;sid:84173034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.35.179.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309900/; classtype:trojan-activity;sid:84173000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.45.19.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309853/; classtype:trojan-activity;sid:84172953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.87.95.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309665/; classtype:trojan-activity;sid:84172765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309613)"; flow:established,from_client; content:"GET"; http_method; content:"/ai-scanner/bin/refs/heads/main/sgvp%20client%20users.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309613/; classtype:trojan-activity;sid:84172713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309614)"; flow:established,from_client; content:"GET"; http_method; content:"/earthsetup/firtshopacc/main/registry.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309614/; classtype:trojan-activity;sid:84172714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309611)"; flow:established,from_client; content:"GET"; http_method; content:"/vipek1990/napewnonievoiderhook/raw/main/seksiak.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309611/; classtype:trojan-activity;sid:84172711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309588)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/dsafffffffff/releases/download/dasa/loader.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309588/; classtype:trojan-activity;sid:84172688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309589)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/dd/releases/download/d/output.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309589/; classtype:trojan-activity;sid:84172689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309590)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/uu/releases/download/dss/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309590/; classtype:trojan-activity;sid:84172690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309591)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/dsafffffffff/releases/download/dasa/saloader.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309591/; classtype:trojan-activity;sid:84172691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309592)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/dsadsa/releases/download/dsa/aidans.dont.run.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309592/; classtype:trojan-activity;sid:84172692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309594)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/drf/releases/download/d/loader.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309594/; classtype:trojan-activity;sid:84172694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309587)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/huy/releases/download/dsa/loader.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309587/; classtype:trojan-activity;sid:84172687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309585)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/bothg/releases/download/das/loader.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309585/; classtype:trojan-activity;sid:84172685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309579)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/dllyide.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309579/; classtype:trojan-activity;sid:84172679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309575)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/handeltest.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309575/; classtype:trojan-activity;sid:84172675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309576)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/xs.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309576/; classtype:trojan-activity;sid:84172676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309577)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/tutorial.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309577/; classtype:trojan-activity;sid:84172677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309578)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/aa.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309578/; classtype:trojan-activity;sid:84172678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309573)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/nobody.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309573/; classtype:trojan-activity;sid:84172673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309574)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/refs/heads/main/ataturk.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309574/; classtype:trojan-activity;sid:84172674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309571)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/bothg/releases/download/das/start.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309571/; classtype:trojan-activity;sid:84172671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309559)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/3944a4db-387a-4afa-8da9-1c960b9b08e41.jpeg.lnk"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309559/; classtype:trojan-activity;sid:84172659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309560)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rti-playbook_final.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"87.120.115.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309560/; classtype:trojan-activity;sid:84172660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309514)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rv.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309514/; classtype:trojan-activity;sid:84172614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309194)"; flow:established,from_client; content:"GET"; http_method; content:"/.pjyhwsdgkl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309194/; classtype:trojan-activity;sid:84172294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309173)"; flow:established,from_client; content:"GET"; http_method; content:"/xobftuootu"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309173/; classtype:trojan-activity;sid:84172273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309163)"; flow:established,from_client; content:"GET"; http_method; content:"/.jmhgeojeri"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309163/; classtype:trojan-activity;sid:84172263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309044)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"159.75.51.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309044/; classtype:trojan-activity;sid:84172144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309033)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.136.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309033/; classtype:trojan-activity;sid:84172133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309034)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.147.143.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309034/; classtype:trojan-activity;sid:84172134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309036)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.143.168.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309036/; classtype:trojan-activity;sid:84172136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309039)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.130.237.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309039/; classtype:trojan-activity;sid:84172139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309030)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.27.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309030/; classtype:trojan-activity;sid:84172130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309031)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.207.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309031/; classtype:trojan-activity;sid:84172131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309013)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.112.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309013/; classtype:trojan-activity;sid:84172113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309015)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.41.37.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309015/; classtype:trojan-activity;sid:84172115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309017)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.201.118.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309017/; classtype:trojan-activity;sid:84172117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309021)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.115.236.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309021/; classtype:trojan-activity;sid:84172121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308995)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.15.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308995/; classtype:trojan-activity;sid:84172095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308998)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.115.54.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308998/; classtype:trojan-activity;sid:84172098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308968)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.143.168.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308968/; classtype:trojan-activity;sid:84172068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308970)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.111.146.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308970/; classtype:trojan-activity;sid:84172070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308976)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.45.206.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308976/; classtype:trojan-activity;sid:84172076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308977)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.46.131.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308977/; classtype:trojan-activity;sid:84172077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308979)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.242.37.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308979/; classtype:trojan-activity;sid:84172079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308980)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.242.37.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308980/; classtype:trojan-activity;sid:84172080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308982)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"48.218.144.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308982/; classtype:trojan-activity;sid:84172082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308990)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.200.241.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308990/; classtype:trojan-activity;sid:84172090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308956)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.136.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308956/; classtype:trojan-activity;sid:84172056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308959)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.136.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308959/; classtype:trojan-activity;sid:84172059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308960)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.96.75.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308960/; classtype:trojan-activity;sid:84172060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308950)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.82.147.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308950/; classtype:trojan-activity;sid:84172050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308928)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.1.252.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308928/; classtype:trojan-activity;sid:84172028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308929)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.215.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308929/; classtype:trojan-activity;sid:84172029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308927)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.215.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308927/; classtype:trojan-activity;sid:84172027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308924)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.90.9.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308924/; classtype:trojan-activity;sid:84172024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308923)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.215.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308923/; classtype:trojan-activity;sid:84172023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308916)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.11.16.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308916/; classtype:trojan-activity;sid:84172016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308912)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.18.210.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308912/; classtype:trojan-activity;sid:84172012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308914)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"219.77.72.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308914/; classtype:trojan-activity;sid:84172014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308910)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"99.233.83.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308910/; classtype:trojan-activity;sid:84172010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308904)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.190.47.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308904/; classtype:trojan-activity;sid:84172004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308898)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.183.16.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308898/; classtype:trojan-activity;sid:84171998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308896)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"58.208.14.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308896/; classtype:trojan-activity;sid:84171996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308895)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.242.54.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308895/; classtype:trojan-activity;sid:84171995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308894)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.155.74.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308894/; classtype:trojan-activity;sid:84171994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308893)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.158.146.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308893/; classtype:trojan-activity;sid:84171993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308890)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"111.42.156.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308890/; classtype:trojan-activity;sid:84171990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308883)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308883/; classtype:trojan-activity;sid:84171983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308882)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"159.250.122.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308882/; classtype:trojan-activity;sid:84171982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308880)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.103.126.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308880/; classtype:trojan-activity;sid:84171980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308877)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.59.153.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308877/; classtype:trojan-activity;sid:84171977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308876)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"149.88.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308876/; classtype:trojan-activity;sid:84171976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308875/; classtype:trojan-activity;sid:84171975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308874)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.145.33.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308874/; classtype:trojan-activity;sid:84171974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308873)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.241.17.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308873/; classtype:trojan-activity;sid:84171973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308871)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.154.20.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308871/; classtype:trojan-activity;sid:84171971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308870)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"96.250.166.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308870/; classtype:trojan-activity;sid:84171970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308866)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.252.169.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308866/; classtype:trojan-activity;sid:84171966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308869)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.68.62.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308869/; classtype:trojan-activity;sid:84171969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308863)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"99.234.132.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308863/; classtype:trojan-activity;sid:84171963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308862)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"142.67.169.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308862/; classtype:trojan-activity;sid:84171962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308860)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.137.108.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308860/; classtype:trojan-activity;sid:84171960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308859)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.210.138.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308859/; classtype:trojan-activity;sid:84171959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308847/; classtype:trojan-activity;sid:84171947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308821)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"utorrent-backup-server4.top"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308821/; classtype:trojan-activity;sid:84171921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308819)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"utorrent-backup-server2.top"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308819/; classtype:trojan-activity;sid:84171919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308816)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"security-service-api-link.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308816/; classtype:trojan-activity;sid:84171916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308818)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"utorrent-backup-server5.top"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308818/; classtype:trojan-activity;sid:84171918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308813)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update-checker-status.cc"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308813/; classtype:trojan-activity;sid:84171913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308787)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308787/; classtype:trojan-activity;sid:84171887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308639)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.41.244.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308639/; classtype:trojan-activity;sid:84171739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308540)"; flow:established,from_client; content:"GET"; http_method; content:"/akcqrfutuo"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308540/; classtype:trojan-activity;sid:84171640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308538)"; flow:established,from_client; content:"GET"; http_method; content:"/jmggnxeedy"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308538/; classtype:trojan-activity;sid:84171638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308539)"; flow:established,from_client; content:"GET"; http_method; content:"/zy"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308539/; classtype:trojan-activity;sid:84171639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308534)"; flow:established,from_client; content:"GET"; http_method; content:"/pjyhwsdgkl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308534/; classtype:trojan-activity;sid:84171634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308535)"; flow:established,from_client; content:"GET"; http_method; content:"/jmhgeojeri"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308535/; classtype:trojan-activity;sid:84171635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308536)"; flow:established,from_client; content:"GET"; http_method; content:"/pbnpvwfhco"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.112.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308536/; classtype:trojan-activity;sid:84171636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308461)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y0"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308461/; classtype:trojan-activity;sid:84171561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308462)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y3"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308462/; classtype:trojan-activity;sid:84171562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308463)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y4.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308463/; classtype:trojan-activity;sid:84171563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308464)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y2"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308464/; classtype:trojan-activity;sid:84171564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308465)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308465/; classtype:trojan-activity;sid:84171565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.96.184.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308385/; classtype:trojan-activity;sid:84171485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.96.184.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308377/; classtype:trojan-activity;sid:84171477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308041)"; flow:established,from_client; content:"GET"; http_method; content:"/aminer.gz"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.107.29.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308041/; classtype:trojan-activity;sid:84171141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308039)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"47.107.29.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308039/; classtype:trojan-activity;sid:84171139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308038)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.107.29.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308038/; classtype:trojan-activity;sid:84171138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.96.184.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308010/; classtype:trojan-activity;sid:84171110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3307928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.0.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3307928/; classtype:trojan-activity;sid:84171028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3305535)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3305535/; classtype:trojan-activity;sid:84168635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3305362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.70.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3305362/; classtype:trojan-activity;sid:84168462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3305132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.137.82.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3305132/; classtype:trojan-activity;sid:84168232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3305123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.70.180.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3305123/; classtype:trojan-activity;sid:84168223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3305084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.70.180.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3305084/; classtype:trojan-activity;sid:84168184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304843)"; flow:established,from_client; content:"GET"; http_method; content:"/simples/rosa.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"qsif-9432751-neurallink-bwlprtyx-099.computador-hardware.net"; http_host; depth:60; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3304843/; classtype:trojan-activity;sid:84167943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304841)"; flow:established,from_client; content:"GET"; http_method; content:"/vd/sis/sistema.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"192.124.216.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3304841/; classtype:trojan-activity;sid:84167941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304525)"; flow:established,from_client; content:"GET"; http_method; content:"/whk4tmu9xpwa/b.ps1"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"154.90.62.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304525/; classtype:trojan-activity;sid:84167625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304481)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304481/; classtype:trojan-activity;sid:84167581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304477)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el_softfloat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304477/; classtype:trojan-activity;sid:84167577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304478)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304478/; classtype:trojan-activity;sid:84167578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304479)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304479/; classtype:trojan-activity;sid:84167579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304480)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304480/; classtype:trojan-activity;sid:84167580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304473)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304473/; classtype:trojan-activity;sid:84167573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304474)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304474/; classtype:trojan-activity;sid:84167574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304475)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304475/; classtype:trojan-activity;sid:84167575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304465)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304465/; classtype:trojan-activity;sid:84167565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304467)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304467/; classtype:trojan-activity;sid:84167567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304468)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304468/; classtype:trojan-activity;sid:84167568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304469)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304469/; classtype:trojan-activity;sid:84167569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304470)"; flow:established,from_client; content:"GET"; http_method; content:"/python"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304470/; classtype:trojan-activity;sid:84167570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304471)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304471/; classtype:trojan-activity;sid:84167571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304472)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304472/; classtype:trojan-activity;sid:84167572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304464)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304464/; classtype:trojan-activity;sid:84167564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304463)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304463/; classtype:trojan-activity;sid:84167563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304462)"; flow:established,from_client; content:"GET"; http_method; content:"/runji.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304462/; classtype:trojan-activity;sid:84167562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304461)"; flow:established,from_client; content:"GET"; http_method; content:"/rz.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.192.179.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304461/; classtype:trojan-activity;sid:84167561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.84.204.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304457/; classtype:trojan-activity;sid:84167557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.84.204.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304440/; classtype:trojan-activity;sid:84167540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.85.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304342/; classtype:trojan-activity;sid:84167442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304026)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.109.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304026/; classtype:trojan-activity;sid:84167126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303911)"; flow:established,from_client; content:"GET"; http_method; content:"/s1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303911/; classtype:trojan-activity;sid:84167011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303910)"; flow:established,from_client; content:"GET"; http_method; content:"/f2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303910/; classtype:trojan-activity;sid:84167010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.203.68.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303869/; classtype:trojan-activity;sid:84166969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303853)"; flow:established,from_client; content:"GET"; http_method; content:"/fonsaaaaaaaaawebmadamm3453226564454.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"104.168.7.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303853/; classtype:trojan-activity;sid:84166953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303848)"; flow:established,from_client; content:"GET"; http_method; content:"/onhqnhft.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pub-37d3986658af451c9d52bb9f482b3e2d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303848/; classtype:trojan-activity;sid:84166948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303814)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ximxkkh9m5zwvmrr6tupbq8qs_j5atrb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303814/; classtype:trojan-activity;sid:84166914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303807)"; flow:established,from_client; content:"GET"; http_method; content:"/oxzgoftltqcglwz214.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303807/; classtype:trojan-activity;sid:84166907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303806)"; flow:established,from_client; content:"GET"; http_method; content:"/pqvbgxvmocliihvw108.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303806/; classtype:trojan-activity;sid:84166906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.81.26.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303542/; classtype:trojan-activity;sid:84166642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.70.180.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3303410/; classtype:trojan-activity;sid:84166510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303195)"; flow:established,from_client; content:"GET"; http_method; content:"/tpwpatw126.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3303195/; classtype:trojan-activity;sid:84166295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303092)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.12.230"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3303092/; classtype:trojan-activity;sid:84166192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3301883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.81.26.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3301883/; classtype:trojan-activity;sid:84164983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3301868)"; flow:established,from_client; content:"GET"; http_method; content:"/frzmqn204.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3301868/; classtype:trojan-activity;sid:84164968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3301629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.134.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3301629/; classtype:trojan-activity;sid:84164729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3301216)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3301216/; classtype:trojan-activity;sid:84164316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.56.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300973/; classtype:trojan-activity;sid:84164073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.56.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300951/; classtype:trojan-activity;sid:84164051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300881)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/y.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300881/; classtype:trojan-activity;sid:84163981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300874)"; flow:established,from_client; content:"GET"; http_method; content:"/download/1015file24.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.209.134.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300874/; classtype:trojan-activity;sid:84163974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300875)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7z2401-x64.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.209.134.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300875/; classtype:trojan-activity;sid:84163975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300869)"; flow:established,from_client; content:"GET"; http_method; content:"/download/1015file24.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.209.134.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300869/; classtype:trojan-activity;sid:84163969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300868)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7z2401-x64.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.209.134.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300868/; classtype:trojan-activity;sid:84163968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300394)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/refs/heads/main/document.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300394/; classtype:trojan-activity;sid:84163494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300388)"; flow:established,from_client; content:"GET"; http_method; content:"/champion2024barranquilla/fire/refs/heads/main/sv1rmc"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300388/; classtype:trojan-activity;sid:84163488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300389)"; flow:established,from_client; content:"GET"; http_method; content:"/champion2024barranquilla/fire/refs/heads/main/nov1124"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300389/; classtype:trojan-activity;sid:84163489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300390)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/pasrem13.txt"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300390/; classtype:trojan-activity;sid:84163490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300391)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/nov13"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300391/; classtype:trojan-activity;sid:84163491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300392)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/rmspas.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300392/; classtype:trojan-activity;sid:84163492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300380)"; flow:established,from_client; content:"GET"; http_method; content:"/champion2024barranquilla/fire/refs/heads/main/asco24"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300380/; classtype:trojan-activity;sid:84163480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300381)"; flow:established,from_client; content:"GET"; http_method; content:"/champion2024barranquilla/fire/refs/heads/main/aa.vbs"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300381/; classtype:trojan-activity;sid:84163481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300382)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/test.xll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300382/; classtype:trojan-activity;sid:84163482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300383)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/xclien.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300383/; classtype:trojan-activity;sid:84163483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300384)"; flow:established,from_client; content:"GET"; http_method; content:"/champion2024barranquilla/fire/refs/heads/main/cenran"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300384/; classtype:trojan-activity;sid:84163484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300385)"; flow:established,from_client; content:"GET"; http_method; content:"/champion2024barranquilla/fire/refs/heads/main/hwwwrm"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300385/; classtype:trojan-activity;sid:84163485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300386)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/xeno"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300386/; classtype:trojan-activity;sid:84163486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300387)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/ud.bat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300387/; classtype:trojan-activity;sid:84163487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300377)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/t.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300377/; classtype:trojan-activity;sid:84163477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300378)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/template.dotm"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300378/; classtype:trojan-activity;sid:84163478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300373)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/xxx"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300373/; classtype:trojan-activity;sid:84163473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300374)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/doadmin.png"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300374/; classtype:trojan-activity;sid:84163474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300375)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/steamerx.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300375/; classtype:trojan-activity;sid:84163475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300376)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/justpoc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300376/; classtype:trojan-activity;sid:84163476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300371)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/u.xls"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300371/; classtype:trojan-activity;sid:84163471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300372)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/scriptlet"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300372/; classtype:trojan-activity;sid:84163472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300068)"; flow:established,from_client; content:"GET"; http_method; content:"/es.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pub-cdd0dd27ae6a4aee9841d397e0496374.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3300068/; classtype:trojan-activity;sid:84163168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300064)"; flow:established,from_client; content:"GET"; http_method; content:"/faturas.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pub-92c456788ff540628e0e809709842c78.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3300064/; classtype:trojan-activity;sid:84163164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299912)"; flow:established,from_client; content:"GET"; http_method; content:"/sam363-call/my-file/raw/refs/heads/main/lumm.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299912/; classtype:trojan-activity;sid:84163012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299894)"; flow:established,from_client; content:"GET"; http_method; content:"/sam363-call/my-file/raw/refs/heads/main/4.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299894/; classtype:trojan-activity;sid:84162994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299822)"; flow:established,from_client; content:"GET"; http_method; content:"/ix86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299822/; classtype:trojan-activity;sid:84162922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299657)"; flow:established,from_client; content:"GET"; http_method; content:"/dbg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299657/; classtype:trojan-activity;sid:84162757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299561)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299561/; classtype:trojan-activity;sid:84162661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299562)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299562/; classtype:trojan-activity;sid:84162662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299566)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299566/; classtype:trojan-activity;sid:84162666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299580)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299580/; classtype:trojan-activity;sid:84162680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299546)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299546/; classtype:trojan-activity;sid:84162646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299548)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299548/; classtype:trojan-activity;sid:84162648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299520)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299520/; classtype:trojan-activity;sid:84162620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299490)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299490/; classtype:trojan-activity;sid:84162590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299487)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.39.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299487/; classtype:trojan-activity;sid:84162587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299333)"; flow:established,from_client; content:"GET"; http_method; content:"/account/rolex_file.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"treinamento.convenio.to.gov.br"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299333/; classtype:trojan-activity;sid:84162433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.203.68.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299266/; classtype:trojan-activity;sid:84162366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.191.21.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299106/; classtype:trojan-activity;sid:84162206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.166.231.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299053/; classtype:trojan-activity;sid:84162153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.101.91.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298921/; classtype:trojan-activity;sid:84162021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.101.91.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298877/; classtype:trojan-activity;sid:84161977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298832/; classtype:trojan-activity;sid:84161932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298813/; classtype:trojan-activity;sid:84161913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.26.81.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298573/; classtype:trojan-activity;sid:84161673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298518)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.113.115.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298518/; classtype:trojan-activity;sid:84161618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.191.21.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298489/; classtype:trojan-activity;sid:84161589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298397)"; flow:established,from_client; content:"GET"; http_method; content:"/netpower.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"124.70.140.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298397/; classtype:trojan-activity;sid:84161497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298237/; classtype:trojan-activity;sid:84161337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298234)"; flow:established,from_client; content:"GET"; http_method; content:"/dcgr23/scatas/refs/heads/main/punjb_national_bnk_024_late_return_counta_inward-clearin_jpg.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298234/; classtype:trojan-activity;sid:84161334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298233)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298233/; classtype:trojan-activity;sid:84161333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298219)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/raw/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298219/; classtype:trojan-activity;sid:84161319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298218/; classtype:trojan-activity;sid:84161318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298207)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/raw/refs/heads/main/document.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298207/; classtype:trojan-activity;sid:84161307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298205)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/u.xls"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298205/; classtype:trojan-activity;sid:84161305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.191.21.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298080/; classtype:trojan-activity;sid:84161180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.33.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298048/; classtype:trojan-activity;sid:84161148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298019)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1ocoi0oahx25brhh0btpcqyjrulc7s98u"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298019/; classtype:trojan-activity;sid:84161119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298017)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=16yapfbxi3o_nwr-uwtjlkxr5-nbjkbcf"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298017/; classtype:trojan-activity;sid:84161117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.35.179.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297993/; classtype:trojan-activity;sid:84161093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.253.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297816/; classtype:trojan-activity;sid:84160916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297750)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/nube-f5f04.appspot.com/o/ansy.txt|3f|alt=media|7c|26|7c|token=703d87ea-0284-408f-b949-21b01138d2a5"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297750/; classtype:trojan-activity;sid:84160850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297742)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rodriakd-8413d.appspot.com/o/dll%2fdllchichiiiiiii.txt|3f|alt=media|7c|26|7c|token=1a61f438-927c-41cf-bfb0-95bed96ea8c2"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297742/; classtype:trojan-activity;sid:84160842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297703)"; flow:established,from_client; content:"GET"; http_method; content:"/new_img.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297703/; classtype:trojan-activity;sid:84160803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297676)"; flow:established,from_client; content:"GET"; http_method; content:"/hector4576--/noviembre19/downloads/sos19nov.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297676/; classtype:trojan-activity;sid:84160776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.57.79.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297585/; classtype:trojan-activity;sid:84160685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297358)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin3.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cheat.underground-cheat.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297358/; classtype:trojan-activity;sid:84160458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297335/; classtype:trojan-activity;sid:84160435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297312)"; flow:established,from_client; content:"GET"; http_method; content:"/factura09876567000.bat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.grupodulcemar.pe"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297312/; classtype:trojan-activity;sid:84160412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.253.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297290/; classtype:trojan-activity;sid:84160390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297269)"; flow:established,from_client; content:"GET"; http_method; content:"/wl_tp_extend_app_v1.0.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297269/; classtype:trojan-activity;sid:84160369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297264)"; flow:established,from_client; content:"GET"; http_method; content:"/demongen-windows-arm64.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"194.164.59.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297264/; classtype:trojan-activity;sid:84160364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297261)"; flow:established,from_client; content:"GET"; http_method; content:"/wl_upgrade_new.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297261/; classtype:trojan-activity;sid:84160361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297256)"; flow:established,from_client; content:"GET"; http_method; content:"/demongen-windows-amd64.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"194.164.59.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297256/; classtype:trojan-activity;sid:84160356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297252)"; flow:established,from_client; content:"GET"; http_method; content:"/demongen-linux-arm64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"194.164.59.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297252/; classtype:trojan-activity;sid:84160352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297251)"; flow:established,from_client; content:"GET"; http_method; content:"/demongen-linux-amd64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"194.164.59.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297251/; classtype:trojan-activity;sid:84160351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297248)"; flow:established,from_client; content:"GET"; http_method; content:"/demongen-darwin-amd64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.164.59.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297248/; classtype:trojan-activity;sid:84160348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297247)"; flow:established,from_client; content:"GET"; http_method; content:"/my_upgrade_new.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297247/; classtype:trojan-activity;sid:84160347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297245)"; flow:established,from_client; content:"GET"; http_method; content:"/wait.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297245/; classtype:trojan-activity;sid:84160345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297124)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"73.87.50.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297124/; classtype:trojan-activity;sid:84160224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297072)"; flow:established,from_client; content:"GET"; http_method; content:"/api/files/x8kuhjgo6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api.ewfiles.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297072/; classtype:trojan-activity;sid:84160172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297053/; classtype:trojan-activity;sid:84160153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296922/; classtype:trojan-activity;sid:84160022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296897/; classtype:trojan-activity;sid:84159997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296441)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.246.205.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296441/; classtype:trojan-activity;sid:84159541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296379)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.160.216.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296379/; classtype:trojan-activity;sid:84159479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296211)"; flow:established,from_client; content:"GET"; http_method; content:"/client/pc/ireader-pc-win10.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"61.154.0.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296211/; classtype:trojan-activity;sid:84159311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296210)"; flow:established,from_client; content:"GET"; http_method; content:"/propask/cheat1/releases/download/cheat/123.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296210/; classtype:trojan-activity;sid:84159310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296208)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%b0%e7%82%b9%e7%94%b5%e5%ad%90%e4%ba%a4%e6%98%93%e6%a1%86%e6%9e%b6%e6%94%af%e6%92%91%e6%9c%8d%e5%8a%a1/pdfimages.exe"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"180.117.160.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296208/; classtype:trojan-activity;sid:84159308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296209)"; flow:established,from_client; content:"GET"; http_method; content:"/crm/exe/update.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.zhikey.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296209/; classtype:trojan-activity;sid:84159309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296205)"; flow:established,from_client; content:"GET"; http_method; content:"/tsp/d3d10.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"88.209.197.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296205/; classtype:trojan-activity;sid:84159305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.172.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296165/; classtype:trojan-activity;sid:84159265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295856)"; flow:established,from_client; content:"GET"; http_method; content:"/pq1.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295856/; classtype:trojan-activity;sid:84158956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295854)"; flow:established,from_client; content:"GET"; http_method; content:"/pq.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295854/; classtype:trojan-activity;sid:84158954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295855)"; flow:established,from_client; content:"GET"; http_method; content:"/pq2.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295855/; classtype:trojan-activity;sid:84158955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295852)"; flow:established,from_client; content:"GET"; http_method; content:"/cb2.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295852/; classtype:trojan-activity;sid:84158952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295853)"; flow:established,from_client; content:"GET"; http_method; content:"/cbjq..dll"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295853/; classtype:trojan-activity;sid:84158953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295851)"; flow:established,from_client; content:"GET"; http_method; content:"/cb.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295851/; classtype:trojan-activity;sid:84158951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.125.241.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295310/; classtype:trojan-activity;sid:84158410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.203.68.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295216/; classtype:trojan-activity;sid:84158316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.236.160.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295157/; classtype:trojan-activity;sid:84158257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.35.225.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295137/; classtype:trojan-activity;sid:84158237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.141.245.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295108/; classtype:trojan-activity;sid:84158208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.141.245.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295109/; classtype:trojan-activity;sid:84158209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.141.245.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295107/; classtype:trojan-activity;sid:84158207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294950)"; flow:established,from_client; content:"GET"; http_method; content:"/.puscarie/.msq.tar"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"66.63.187.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294950/; classtype:trojan-activity;sid:84158050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294915)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow2.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294915/; classtype:trojan-activity;sid:84158015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294914)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294914/; classtype:trojan-activity;sid:84158014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294913)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294913/; classtype:trojan-activity;sid:84158013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294912)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshowa.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294912/; classtype:trojan-activity;sid:84158012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294880)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/e7vtebfe2qdfbjt87nvhu/oficio-de-notificaci-n-ejectr-nica-cendo-rama-judicial-de-la-rep-blica-de-colombia.tar.cab.tar.001|3f|rlkey=54p6fzmx3c1eovd1btwzy0re4|7c|26|7c|st=npm5oi4l|7c|26|7c|dl=0"; http_uri; depth:198; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294880/; classtype:trojan-activity;sid:84157980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294879)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/4qoef01jqan8sczprj79o/1oficio-de-notificaci-n-ejectr-nica-cendo-rama-judicial-de-la-rep-blica-de-colombia.tar.cab.tar.001|3f|rlkey=8px38d88qrq4ssw54132v5ke2|7c|26|7c|st=gg5nhz4s|7c|26|7c|dl=0"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294879/; classtype:trojan-activity;sid:84157979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.88.147.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294779/; classtype:trojan-activity;sid:84157879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.203.68.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294736/; classtype:trojan-activity;sid:84157836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294619)"; flow:established,from_client; content:"GET"; http_method; content:"/noureddine-nt9/rgsdr/raw/refs/heads/main/cheet.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294619/; classtype:trojan-activity;sid:84157719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.26.81.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294592/; classtype:trojan-activity;sid:84157692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.0.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294035/; classtype:trojan-activity;sid:84157135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.236.160.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293970/; classtype:trojan-activity;sid:84157070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293584/; classtype:trojan-activity;sid:84156684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293544/; classtype:trojan-activity;sid:84156644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.125.241.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293341/; classtype:trojan-activity;sid:84156441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.224.3.245"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293230/; classtype:trojan-activity;sid:84156330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.100.213.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293042/; classtype:trojan-activity;sid:84156142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293024)"; flow:established,from_client; content:"GET"; http_method; content:"/labxmtznbcwjnkndg58.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293024/; classtype:trojan-activity;sid:84156124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293016)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.64.128.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293016/; classtype:trojan-activity;sid:84156116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.181.114.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292725/; classtype:trojan-activity;sid:84155825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.159.71.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292630/; classtype:trojan-activity;sid:84155730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.149.139.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292301/; classtype:trojan-activity;sid:84155401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.139.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292283/; classtype:trojan-activity;sid:84155383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.26.81.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292037/; classtype:trojan-activity;sid:84155137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292014)"; flow:established,from_client; content:"GET"; http_method; content:"/n/tui/mininews/mininewsplus/3.0.0.26165/mininewsplus-2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"mininews.kpzip.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292014/; classtype:trojan-activity;sid:84155114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292013)"; flow:established,from_client; content:"GET"; http_method; content:"/downdll/opengl32.dll40watson-sanchez4040830.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"www.bkzj.wang"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292013/; classtype:trojan-activity;sid:84155113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.100.213.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291916/; classtype:trojan-activity;sid:84155016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291910)"; flow:established,from_client; content:"GET"; http_method; content:"/3911_wz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"wz.3911.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291910/; classtype:trojan-activity;sid:84155010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291869)"; flow:established,from_client; content:"GET"; http_method; content:"/images/stories/guides/guide2018.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"dcwblida.dz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291869/; classtype:trojan-activity;sid:84154969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.115.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291857/; classtype:trojan-activity;sid:84154957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291669)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.141.245.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291669/; classtype:trojan-activity;sid:84154769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.126.138.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291525/; classtype:trojan-activity;sid:84154625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291444)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/stories.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.113.115.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291444/; classtype:trojan-activity;sid:84154544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291333)"; flow:established,from_client; content:"GET"; http_method; content:"/hmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291333/; classtype:trojan-activity;sid:84154433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291328)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291328/; classtype:trojan-activity;sid:84154428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291329)"; flow:established,from_client; content:"GET"; http_method; content:"/vcc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291329/; classtype:trojan-activity;sid:84154429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291330)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291330/; classtype:trojan-activity;sid:84154430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291331)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291331/; classtype:trojan-activity;sid:84154431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291311)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291311/; classtype:trojan-activity;sid:84154411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291313)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291313/; classtype:trojan-activity;sid:84154413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291315)"; flow:established,from_client; content:"GET"; http_method; content:"/tpk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291315/; classtype:trojan-activity;sid:84154415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291317)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291317/; classtype:trojan-activity;sid:84154417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291318)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291318/; classtype:trojan-activity;sid:84154418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291319)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291319/; classtype:trojan-activity;sid:84154419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291320)"; flow:established,from_client; content:"GET"; http_method; content:"/se.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291320/; classtype:trojan-activity;sid:84154420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291321)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291321/; classtype:trojan-activity;sid:84154421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291322)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291322/; classtype:trojan-activity;sid:84154422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291323)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291323/; classtype:trojan-activity;sid:84154423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291324)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291324/; classtype:trojan-activity;sid:84154424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291325)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291325/; classtype:trojan-activity;sid:84154425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291326)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291326/; classtype:trojan-activity;sid:84154426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291327)"; flow:established,from_client; content:"GET"; http_method; content:"/boa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291327/; classtype:trojan-activity;sid:84154427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291075)"; flow:established,from_client; content:"GET"; http_method; content:"/iarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291075/; classtype:trojan-activity;sid:84154175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291076)"; flow:established,from_client; content:"GET"; http_method; content:"/impsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291076/; classtype:trojan-activity;sid:84154176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291073)"; flow:established,from_client; content:"GET"; http_method; content:"/iarm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291073/; classtype:trojan-activity;sid:84154173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291017)"; flow:established,from_client; content:"GET"; http_method; content:"/iarm4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291017/; classtype:trojan-activity;sid:84154117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291015)"; flow:established,from_client; content:"GET"; http_method; content:"/ix86_64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291015/; classtype:trojan-activity;sid:84154115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291016)"; flow:established,from_client; content:"GET"; http_method; content:"/imips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291016/; classtype:trojan-activity;sid:84154116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.26.81.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290912/; classtype:trojan-activity;sid:84154012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.100.213.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290278/; classtype:trojan-activity;sid:84153378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290243)"; flow:established,from_client; content:"GET"; http_method; content:"/pro2.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.98.201.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290243/; classtype:trojan-activity;sid:84153343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290234)"; flow:established,from_client; content:"GET"; http_method; content:"/x/3sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290234/; classtype:trojan-activity;sid:84153334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290232)"; flow:established,from_client; content:"GET"; http_method; content:"/x/2sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290232/; classtype:trojan-activity;sid:84153332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289875)"; flow:established,from_client; content:"GET"; http_method; content:"/r00ts3c/ddos-rootsec/refs/heads/master/ddos%20scripts/l4/udp/10gbpsudp.py"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289875/; classtype:trojan-activity;sid:84152975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.159.71.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289813/; classtype:trojan-activity;sid:84152913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.159.71.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289785/; classtype:trojan-activity;sid:84152885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289773)"; flow:established,from_client; content:"GET"; http_method; content:"/abcd/09.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"quit.do.am"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289773/; classtype:trojan-activity;sid:84152873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289584)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ad/dll.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289584/; classtype:trojan-activity;sid:84152684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289585)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ab/f3dll.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289585/; classtype:trojan-activity;sid:84152685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289586)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ac/f3dll.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289586/; classtype:trojan-activity;sid:84152686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289587)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/ds5.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289587/; classtype:trojan-activity;sid:84152687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289583)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ar/f3dll.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289583/; classtype:trojan-activity;sid:84152683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.208.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289570/; classtype:trojan-activity;sid:84152670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289546/; classtype:trojan-activity;sid:84152646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.12.77.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289467/; classtype:trojan-activity;sid:84152567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.35.24.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289465/; classtype:trojan-activity;sid:84152565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.65.59.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289460/; classtype:trojan-activity;sid:84152560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289461/; classtype:trojan-activity;sid:84152561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289463/; classtype:trojan-activity;sid:84152563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289456/; classtype:trojan-activity;sid:84152556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.39.20.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289458/; classtype:trojan-activity;sid:84152558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289070)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289070/; classtype:trojan-activity;sid:84152170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289072)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289072/; classtype:trojan-activity;sid:84152172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289073)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289073/; classtype:trojan-activity;sid:84152173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289076)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289076/; classtype:trojan-activity;sid:84152176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289053)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289053/; classtype:trojan-activity;sid:84152153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289054)"; flow:established,from_client; content:"GET"; http_method; content:"/nshppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289054/; classtype:trojan-activity;sid:84152154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289043)"; flow:established,from_client; content:"GET"; http_method; content:"/nshsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289043/; classtype:trojan-activity;sid:84152143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289044)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289044/; classtype:trojan-activity;sid:84152144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289046)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289046/; classtype:trojan-activity;sid:84152146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289047)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289047/; classtype:trojan-activity;sid:84152147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289052)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289052/; classtype:trojan-activity;sid:84152152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289004)"; flow:established,from_client; content:"GET"; http_method; content:"/clip/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289004/; classtype:trojan-activity;sid:84152104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.151.133.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289001/; classtype:trojan-activity;sid:84152101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.249.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288968/; classtype:trojan-activity;sid:84152068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.21.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288922/; classtype:trojan-activity;sid:84152022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.180.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288919/; classtype:trojan-activity;sid:84152019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.151.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288920/; classtype:trojan-activity;sid:84152020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.96.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288921/; classtype:trojan-activity;sid:84152021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.248.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288914/; classtype:trojan-activity;sid:84152014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288689)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/5cvboz7ll7ozeu5nye41v/demanda-no-2024-125421208.uue|3f|rlkey=q3v5vrfxcuzk79v7a8njjcjuu|7c|26|7c|st=p3cn4auq|7c|26|7c|dl=1"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288689/; classtype:trojan-activity;sid:84151789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.58.80.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288305/; classtype:trojan-activity;sid:84151405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.74.222.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288304/; classtype:trojan-activity;sid:84151404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.42.55.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288299/; classtype:trojan-activity;sid:84151399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.109.234.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288300/; classtype:trojan-activity;sid:84151400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.186.69.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288301/; classtype:trojan-activity;sid:84151401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.64.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288303/; classtype:trojan-activity;sid:84151403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.8.38.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288298/; classtype:trojan-activity;sid:84151398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.183.9.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288297/; classtype:trojan-activity;sid:84151397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287721)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.127.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287721/; classtype:trojan-activity;sid:84150821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287713)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.18.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287713/; classtype:trojan-activity;sid:84150813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287707)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.94.179.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287707/; classtype:trojan-activity;sid:84150807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287692)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.57.209.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287692/; classtype:trojan-activity;sid:84150792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287695)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.43.110.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287695/; classtype:trojan-activity;sid:84150795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287699)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.137.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287699/; classtype:trojan-activity;sid:84150799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.233.119.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287651/; classtype:trojan-activity;sid:84150751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.201.197.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287647/; classtype:trojan-activity;sid:84150747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.205.99.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287638/; classtype:trojan-activity;sid:84150738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287639/; classtype:trojan-activity;sid:84150739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.171.188.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287640/; classtype:trojan-activity;sid:84150740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287641/; classtype:trojan-activity;sid:84150741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287642/; classtype:trojan-activity;sid:84150742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287643/; classtype:trojan-activity;sid:84150743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287644/; classtype:trojan-activity;sid:84150744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.166.191.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287645/; classtype:trojan-activity;sid:84150745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.121.12.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287632/; classtype:trojan-activity;sid:84150732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.127.218.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287636/; classtype:trojan-activity;sid:84150736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287637/; classtype:trojan-activity;sid:84150737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287526)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.179.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287526/; classtype:trojan-activity;sid:84150626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287459)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.8.81.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287459/; classtype:trojan-activity;sid:84150559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287414)"; flow:established,from_client; content:"GET"; http_method; content:"/fyjjzdxnggcbdwfmzh209.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mertvinc.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287414/; classtype:trojan-activity;sid:84150514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287138)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.254.13.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287138/; classtype:trojan-activity;sid:84150238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.20.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286969/; classtype:trojan-activity;sid:84150069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.73.64.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286828/; classtype:trojan-activity;sid:84149928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.17.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286825/; classtype:trojan-activity;sid:84149925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286821/; classtype:trojan-activity;sid:84149921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286695)"; flow:established,from_client; content:"GET"; http_method; content:"/amidaware/rmmagent/releases/download/v2.8.0/tacticalagent-v2.8.0-windows-amd64.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286695/; classtype:trojan-activity;sid:84149795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286583)"; flow:established,from_client; content:"GET"; http_method; content:"/sistemas/archivos/unico-venta3401005.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.flechabusretiro.com.ar"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286583/; classtype:trojan-activity;sid:84149683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286582)"; flow:established,from_client; content:"GET"; http_method; content:"/30622/shttpsr_mg.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"ns.smallsrv.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286582/; classtype:trojan-activity;sid:84149682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286518)"; flow:established,from_client; content:"GET"; http_method; content:"/kzxiaopeng2/kuaizip_setup_-808202126_xiaopeng2_001.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"d.kpzip.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286518/; classtype:trojan-activity;sid:84149618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286517)"; flow:established,from_client; content:"GET"; http_method; content:"/kuaileup/dianzhangzhushouanzhuanbao.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"klfs.synology.me"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286517/; classtype:trojan-activity;sid:84149617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286515)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/autoupdate.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"kiemthehuyenlong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286515/; classtype:trojan-activity;sid:84149615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286514)"; flow:established,from_client; content:"GET"; http_method; content:"/download/xiaohu.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"110.40.51.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286514/; classtype:trojan-activity;sid:84149614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286513)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip.convertimg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286513/; classtype:trojan-activity;sid:84149613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286510)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/autoupdate.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"103.167.89.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286510/; classtype:trojan-activity;sid:84149610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286511)"; flow:established,from_client; content:"GET"; http_method; content:"/content/goodlabel%e6%89%93%e5%8d%b0%e6%9c%8d%e5%8a%a1%e5%ae%89%e8%a3%85%e7%a8%8b%e5%ba%8f.exe"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"goodlabel.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286511/; classtype:trojan-activity;sid:84149611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.244.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286371/; classtype:trojan-activity;sid:84149471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.212.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286370/; classtype:trojan-activity;sid:84149470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"132.255.117.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286368/; classtype:trojan-activity;sid:84149468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.115.213.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286365/; classtype:trojan-activity;sid:84149465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.254.13.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286366/; classtype:trojan-activity;sid:84149466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.160.164.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286361/; classtype:trojan-activity;sid:84149461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.0.226.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286362/; classtype:trojan-activity;sid:84149462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.14.162.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286360/; classtype:trojan-activity;sid:84149460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286343)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.107.43.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286343/; classtype:trojan-activity;sid:84149443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286248)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.114.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286248/; classtype:trojan-activity;sid:84149348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286241)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.194.37.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286241/; classtype:trojan-activity;sid:84149341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286242)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.198.53.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286242/; classtype:trojan-activity;sid:84149342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286239)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.197.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286239/; classtype:trojan-activity;sid:84149339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286229)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.197.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286229/; classtype:trojan-activity;sid:84149329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286230)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.199.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286230/; classtype:trojan-activity;sid:84149330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286226)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.199.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286226/; classtype:trojan-activity;sid:84149326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286227)"; flow:established,from_client; content:"GET"; http_method; content:"/test.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"206.238.199.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286227/; classtype:trojan-activity;sid:84149327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286204)"; flow:established,from_client; content:"GET"; http_method; content:"/dutch.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286204/; classtype:trojan-activity;sid:84149304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286205)"; flow:established,from_client; content:"GET"; http_method; content:"/1010.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286205/; classtype:trojan-activity;sid:84149305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286206)"; flow:established,from_client; content:"GET"; http_method; content:"/xt.png"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286206/; classtype:trojan-activity;sid:84149306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286207)"; flow:established,from_client; content:"GET"; http_method; content:"/gold.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286207/; classtype:trojan-activity;sid:84149307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286208)"; flow:established,from_client; content:"GET"; http_method; content:"/oldxteam.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286208/; classtype:trojan-activity;sid:84149308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286209)"; flow:established,from_client; content:"GET"; http_method; content:"/sae.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286209/; classtype:trojan-activity;sid:84149309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286167)"; flow:established,from_client; content:"GET"; http_method; content:"/svchot%20-%20%e5%89%af%e6%9c%ac.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"154.201.87.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286167/; classtype:trojan-activity;sid:84149267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286166)"; flow:established,from_client; content:"GET"; http_method; content:"/svcyr.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.201.87.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286166/; classtype:trojan-activity;sid:84149266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286096)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ha7dur10.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286096/; classtype:trojan-activity;sid:84149196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286094)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gaozw40v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286094/; classtype:trojan-activity;sid:84149194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286095)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/41m98slk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286095/; classtype:trojan-activity;sid:84149195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286093)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88851n80.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286093/; classtype:trojan-activity;sid:84149193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286091)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/99awhy8l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286091/; classtype:trojan-activity;sid:84149191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286090)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2r61ahry.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286090/; classtype:trojan-activity;sid:84149190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286088)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286088/; classtype:trojan-activity;sid:84149188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286089)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286089/; classtype:trojan-activity;sid:84149189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286087)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286087/; classtype:trojan-activity;sid:84149187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286086)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286086/; classtype:trojan-activity;sid:84149186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286081)"; flow:established,from_client; content:"GET"; http_method; content:"/venkovisual/loli-mod/refs/heads/main/asyncclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286081/; classtype:trojan-activity;sid:84149181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286067)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/main/shellcode.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286067/; classtype:trojan-activity;sid:84149167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286065)"; flow:established,from_client; content:"GET"; http_method; content:"/showqa/xt/refs/heads/main/shellcodeany.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286065/; classtype:trojan-activity;sid:84149165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286062)"; flow:established,from_client; content:"GET"; http_method; content:"/woord02/nigga/raw/refs/heads/main/majesticexec.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286062/; classtype:trojan-activity;sid:84149162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286058)"; flow:established,from_client; content:"GET"; http_method; content:"/showqa/xt/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286058/; classtype:trojan-activity;sid:84149158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.113.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285683/; classtype:trojan-activity;sid:84148783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.115.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285580/; classtype:trojan-activity;sid:84148680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.247.218.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285570/; classtype:trojan-activity;sid:84148670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.162.59.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285433/; classtype:trojan-activity;sid:84148533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285428)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/-pril/refs/heads/main/kldrgawdtjawd.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285428/; classtype:trojan-activity;sid:84148528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.88.147.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285427/; classtype:trojan-activity;sid:84148527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.88.147.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285414/; classtype:trojan-activity;sid:84148514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.85.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285392/; classtype:trojan-activity;sid:84148492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284809)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ohtie89k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284809/; classtype:trojan-activity;sid:84147909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284806)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/te3tlsre.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284806/; classtype:trojan-activity;sid:84147906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284805)"; flow:established,from_client; content:"GET"; http_method; content:"/lego/ama.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284805/; classtype:trojan-activity;sid:84147905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284804)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qth5kdee.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284804/; classtype:trojan-activity;sid:84147904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284802)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88aext0k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284802/; classtype:trojan-activity;sid:84147902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284803)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ji2xlo1f.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284803/; classtype:trojan-activity;sid:84147903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284801)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284801/; classtype:trojan-activity;sid:84147901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284800)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sgx4824p.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284800/; classtype:trojan-activity;sid:84147900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284799)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bqkriy6l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284799/; classtype:trojan-activity;sid:84147899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284798)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7cl16anh.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284798/; classtype:trojan-activity;sid:84147898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284797)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uctgkfb7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284797/; classtype:trojan-activity;sid:84147897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284787)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284787/; classtype:trojan-activity;sid:84147887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284785)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284785/; classtype:trojan-activity;sid:84147885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284781)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284781/; classtype:trojan-activity;sid:84147881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284773)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284773/; classtype:trojan-activity;sid:84147873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284769)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284769/; classtype:trojan-activity;sid:84147869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284766)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284766/; classtype:trojan-activity;sid:84147866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284758)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284758/; classtype:trojan-activity;sid:84147858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284749)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/f86nrrc6.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284749/; classtype:trojan-activity;sid:84147849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284688)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/ds4.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284688/; classtype:trojan-activity;sid:84147788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284601)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284601/; classtype:trojan-activity;sid:84147701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284597)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284597/; classtype:trojan-activity;sid:84147697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284591)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284591/; classtype:trojan-activity;sid:84147691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284592)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284592/; classtype:trojan-activity;sid:84147692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284593)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284593/; classtype:trojan-activity;sid:84147693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284585)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284585/; classtype:trojan-activity;sid:84147685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284587)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284587/; classtype:trojan-activity;sid:84147687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284580)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284580/; classtype:trojan-activity;sid:84147680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284574)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284574/; classtype:trojan-activity;sid:84147674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284575)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284575/; classtype:trojan-activity;sid:84147675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284576)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284576/; classtype:trojan-activity;sid:84147676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284577)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284577/; classtype:trojan-activity;sid:84147677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284578)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284578/; classtype:trojan-activity;sid:84147678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284569)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284569/; classtype:trojan-activity;sid:84147669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284571)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.13.224.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284571/; classtype:trojan-activity;sid:84147671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284538)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284538/; classtype:trojan-activity;sid:84147638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.15.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284494/; classtype:trojan-activity;sid:84147594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.187.205.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284416/; classtype:trojan-activity;sid:84147516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284404)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.89.112.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284404/; classtype:trojan-activity;sid:84147504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.248.235.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284391/; classtype:trojan-activity;sid:84147491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.248.235.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284387/; classtype:trojan-activity;sid:84147487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284346)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/refs/heads/main/njrtdhadawt.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284346/; classtype:trojan-activity;sid:84147446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284321/; classtype:trojan-activity;sid:84147421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284173)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284173/; classtype:trojan-activity;sid:84147273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284172)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284172/; classtype:trojan-activity;sid:84147272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283882)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283882/; classtype:trojan-activity;sid:84146982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283876)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283876/; classtype:trojan-activity;sid:84146976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283874)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283874/; classtype:trojan-activity;sid:84146974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283866)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283866/; classtype:trojan-activity;sid:84146966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283867)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283867/; classtype:trojan-activity;sid:84146967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283868)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283868/; classtype:trojan-activity;sid:84146968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283869)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283869/; classtype:trojan-activity;sid:84146969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283870)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283870/; classtype:trojan-activity;sid:84146970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283871)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283871/; classtype:trojan-activity;sid:84146971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283872)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283872/; classtype:trojan-activity;sid:84146972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283873)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.52.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283873/; classtype:trojan-activity;sid:84146973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283570)"; flow:established,from_client; content:"GET"; http_method; content:"/readme/glued.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"armanayegh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283570/; classtype:trojan-activity;sid:84146670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283560)"; flow:established,from_client; content:"GET"; http_method; content:"/readme/bin.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"armanayegh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283560/; classtype:trojan-activity;sid:84146660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.180.130.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283442/; classtype:trojan-activity;sid:84146542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.180.130.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283420/; classtype:trojan-activity;sid:84146520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"198.163.192.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282956/; classtype:trojan-activity;sid:84146056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.163.192.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282929/; classtype:trojan-activity;sid:84146029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282418)"; flow:established,from_client; content:"GET"; http_method; content:"/images/faith"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"65.175.140.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282418/; classtype:trojan-activity;sid:84145518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282395)"; flow:established,from_client; content:"GET"; http_method; content:"/images/zte"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"65.175.140.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282395/; classtype:trojan-activity;sid:84145495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282193)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.148.163.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282193/; classtype:trojan-activity;sid:84145293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.240.168.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282161/; classtype:trojan-activity;sid:84145261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282128)"; flow:established,from_client; content:"GET"; http_method; content:"/frpc.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282128/; classtype:trojan-activity;sid:84145228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282127)"; flow:established,from_client; content:"GET"; http_method; content:"/nohup.out"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282127/; classtype:trojan-activity;sid:84145227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282120)"; flow:established,from_client; content:"GET"; http_method; content:"/mysql.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282120/; classtype:trojan-activity;sid:84145220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282122)"; flow:established,from_client; content:"GET"; http_method; content:"/yaml-payload.jar"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"101.200.160.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282122/; classtype:trojan-activity;sid:84145222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281714)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/obfuscatedps/dccuac.ps1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281714/; classtype:trojan-activity;sid:84144814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281603)"; flow:established,from_client; content:"GET"; http_method; content:"/0311/x1zadjlpndvykembsf6i.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281603/; classtype:trojan-activity;sid:84144703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281578)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/client.exe.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281578/; classtype:trojan-activity;sid:84144678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281577)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/dsetup.dll.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281577/; classtype:trojan-activity;sid:84144677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281415/; classtype:trojan-activity;sid:84144515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281085)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281085/; classtype:trojan-activity;sid:84144185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280921)"; flow:established,from_client; content:"GET"; http_method; content:"/ev.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280921/; classtype:trojan-activity;sid:84144021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.163.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280824/; classtype:trojan-activity;sid:84143924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280814/; classtype:trojan-activity;sid:84143914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280797)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/refs/heads/main/nvidia.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280797/; classtype:trojan-activity;sid:84143897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280762)"; flow:established,from_client; content:"GET"; http_method; content:"/woord02/nigga/refs/heads/main/majesticexec.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280762/; classtype:trojan-activity;sid:84143862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280741)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/zf3dxapdnla4lnl.doc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.84.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280741/; classtype:trojan-activity;sid:84143841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280733)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280733/; classtype:trojan-activity;sid:84143833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280713)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/arm7"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280713/; classtype:trojan-activity;sid:84143813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280687)"; flow:established,from_client; content:"GET"; http_method; content:"/!api/2.0/snippets/nikkerkhan/5qkmxx/c193c8cd66ad1405f4a0ebc7293d71d0f287eb98/files/all.txt"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280687/; classtype:trojan-activity;sid:84143787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280680)"; flow:established,from_client; content:"GET"; http_method; content:"/fiies/stormfn-launcher/raw/refs/heads/main/stormfn-launcher.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280680/; classtype:trojan-activity;sid:84143780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280613)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280613/; classtype:trojan-activity;sid:84143713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280599)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280599/; classtype:trojan-activity;sid:84143699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280600)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280600/; classtype:trojan-activity;sid:84143700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280601)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280601/; classtype:trojan-activity;sid:84143701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280602)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280602/; classtype:trojan-activity;sid:84143702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280603)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280603/; classtype:trojan-activity;sid:84143703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280604)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280604/; classtype:trojan-activity;sid:84143704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280605)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280605/; classtype:trojan-activity;sid:84143705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280606)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280606/; classtype:trojan-activity;sid:84143706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280607)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.powerpc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280607/; classtype:trojan-activity;sid:84143707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280548)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/josho.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280548/; classtype:trojan-activity;sid:84143648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.187.118.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280449/; classtype:trojan-activity;sid:84143549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280205)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.24.38.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280205/; classtype:trojan-activity;sid:84143305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280209)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.50.163.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280209/; classtype:trojan-activity;sid:84143309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280151)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.100.70.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280151/; classtype:trojan-activity;sid:84143251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280158)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.77.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280158/; classtype:trojan-activity;sid:84143258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280141)"; flow:established,from_client; content:"GET"; http_method; content:"/v1/ws2/:excellent2024/:stars_1/stars"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"my.cloudme.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280141/; classtype:trojan-activity;sid:84143241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280138)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/njrtdhadawt.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280138/; classtype:trojan-activity;sid:84143238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279845)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279845/; classtype:trojan-activity;sid:84142945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279844)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe|3f|y"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279844/; classtype:trojan-activity;sid:84142944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279353)"; flow:established,from_client; content:"GET"; http_method; content:"/xavieprowel/crispy-palm-tree/releases/download/1/3e3ev3.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279353/; classtype:trojan-activity;sid:84142453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.105.59.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279078/; classtype:trojan-activity;sid:84142178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.105.59.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279065/; classtype:trojan-activity;sid:84142165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278973)"; flow:established,from_client; content:"GET"; http_method; content:"/a.ini"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278973/; classtype:trojan-activity;sid:84142073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278974)"; flow:established,from_client; content:"GET"; http_method; content:"/cdb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278974/; classtype:trojan-activity;sid:84142074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278969)"; flow:established,from_client; content:"GET"; http_method; content:"/c2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278969/; classtype:trojan-activity;sid:84142069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278970)"; flow:established,from_client; content:"GET"; http_method; content:"/c.bin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278970/; classtype:trojan-activity;sid:84142070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278971)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278971/; classtype:trojan-activity;sid:84142071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278972)"; flow:established,from_client; content:"GET"; http_method; content:"/c3.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278972/; classtype:trojan-activity;sid:84142072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278965)"; flow:established,from_client; content:"GET"; http_method; content:"/calc.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278965/; classtype:trojan-activity;sid:84142065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278950)"; flow:established,from_client; content:"GET"; http_method; content:"/js/s.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.75.156.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278950/; classtype:trojan-activity;sid:84142050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278949)"; flow:established,from_client; content:"GET"; http_method; content:"/js/4577.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"61.75.156.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278949/; classtype:trojan-activity;sid:84142049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278849)"; flow:established,from_client; content:"GET"; http_method; content:"/1st/1st.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278849/; classtype:trojan-activity;sid:84141949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3yh8gdte.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278844/; classtype:trojan-activity;sid:84141944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278840)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/khtoawdltrha.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278840/; classtype:trojan-activity;sid:84141940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278826)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jb4w5s2l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278826/; classtype:trojan-activity;sid:84141926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278828)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/6nteyex7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278828/; classtype:trojan-activity;sid:84141928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278833)"; flow:established,from_client; content:"GET"; http_method; content:"/easy-v1.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278833/; classtype:trojan-activity;sid:84141933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278782)"; flow:established,from_client; content:"GET"; http_method; content:"/v4setup.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pub-d6448def2aba44ce96071bebcc1ce641.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278782/; classtype:trojan-activity;sid:84141882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278669)"; flow:established,from_client; content:"GET"; http_method; content:"/txdown_disk/%e8%bd%af%e4%bb%b6%e4%bd%bf%e7%94%a8/%e7%bc%ba%e5%a4%b1%e4%b8%8b%e8%bd%bd/plugin.dll"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"disk.accord1key.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278669/; classtype:trojan-activity;sid:84141769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278659)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/jerniuiopu.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278659/; classtype:trojan-activity;sid:84141759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278660)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/hbfgjhhesfd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278660/; classtype:trojan-activity;sid:84141760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278584)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/refs/heads/main/jerniuiopu.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278584/; classtype:trojan-activity;sid:84141684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278583)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/refs/heads/main/server.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278583/; classtype:trojan-activity;sid:84141683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278579)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/refs/heads/main/collosalloader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278579/; classtype:trojan-activity;sid:84141679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278577)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/refs/heads/main/2klz.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278577/; classtype:trojan-activity;sid:84141677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278578)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/refs/heads/main/runtimebroker.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278578/; classtype:trojan-activity;sid:84141678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278573)"; flow:established,from_client; content:"GET"; http_method; content:"/ciphershld/ms-p-1a/master/setup%20ms%20p-1a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278573/; classtype:trojan-activity;sid:84141673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278574)"; flow:established,from_client; content:"GET"; http_method; content:"/realgamer007/loaders/main/dxwebsetup.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278574/; classtype:trojan-activity;sid:84141674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278575)"; flow:established,from_client; content:"GET"; http_method; content:"/endity123/fivem-spoofer/main/reaper%20cfx%20spoofer%20v2.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278575/; classtype:trojan-activity;sid:84141675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278576)"; flow:established,from_client; content:"GET"; http_method; content:"/minecradt/regdelete/readme-edits/hell9o.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278576/; classtype:trojan-activity;sid:84141676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278566)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/main/discord.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278566/; classtype:trojan-activity;sid:84141666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278567)"; flow:established,from_client; content:"GET"; http_method; content:"/openpeach/dotnetfx_cleanup_tool/refs/heads/master/cleanup_tool.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278567/; classtype:trojan-activity;sid:84141667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278570)"; flow:established,from_client; content:"GET"; http_method; content:"/cavxsy/crazy.spoofer/refs/heads/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278570/; classtype:trojan-activity;sid:84141670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278571)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"download-winsdownload-wins.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278571/; classtype:trojan-activity;sid:84141671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278559)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidisigmer/fncleanerv2/releases/download/cleanerv2/cleanerv2.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278559/; classtype:trojan-activity;sid:84141659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278560)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/archive/refs/heads/main.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278560/; classtype:trojan-activity;sid:84141660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278555)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/jerniuiopu.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278555/; classtype:trojan-activity;sid:84141655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278556)"; flow:established,from_client; content:"GET"; http_method; content:"/new.pdf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.67.4.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278556/; classtype:trojan-activity;sid:84141656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278558)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278558/; classtype:trojan-activity;sid:84141658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278554)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/hbfgjhhesfd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278554/; classtype:trojan-activity;sid:84141654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278543)"; flow:established,from_client; content:"GET"; http_method; content:"/5ndshog3cwa/plugins/cred.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.93.20.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278543/; classtype:trojan-activity;sid:84141643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278544)"; flow:established,from_client; content:"GET"; http_method; content:"/itschangat/test/raw/refs/heads/main/server.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278544/; classtype:trojan-activity;sid:84141644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278542)"; flow:established,from_client; content:"GET"; http_method; content:"/5ndshog3cwa/plugins/clip.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.93.20.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278542/; classtype:trojan-activity;sid:84141642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278440)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jamah00.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"aarzoomarine.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278440/; classtype:trojan-activity;sid:84141540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278380)"; flow:established,from_client; content:"GET"; http_method; content:"/z.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"electjimhenderson.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278380/; classtype:trojan-activity;sid:84141480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278361)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17hv9-3t2ilikbmcfql2z66ipd72x4mz7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278361/; classtype:trojan-activity;sid:84141461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278341)"; flow:established,from_client; content:"GET"; http_method; content:"/dajhdha.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.20.102.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278341/; classtype:trojan-activity;sid:84141441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278336)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/ds3.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278336/; classtype:trojan-activity;sid:84141436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278330)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ac/pef3.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278330/; classtype:trojan-activity;sid:84141430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278324)"; flow:established,from_client; content:"GET"; http_method; content:"/tigerhulk3.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.141.26.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278324/; classtype:trojan-activity;sid:84141424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278272)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278272/; classtype:trojan-activity;sid:84141372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278271)"; flow:established,from_client; content:"GET"; http_method; content:"/c2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278271/; classtype:trojan-activity;sid:84141371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278267)"; flow:established,from_client; content:"GET"; http_method; content:"/sam.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278267/; classtype:trojan-activity;sid:84141367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278265)"; flow:established,from_client; content:"GET"; http_method; content:"/c3.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278265/; classtype:trojan-activity;sid:84141365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278266)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278266/; classtype:trojan-activity;sid:84141366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278261)"; flow:established,from_client; content:"GET"; http_method; content:"/c.bin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278261/; classtype:trojan-activity;sid:84141361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278262)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278262/; classtype:trojan-activity;sid:84141362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278263)"; flow:established,from_client; content:"GET"; http_method; content:"/calc.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278263/; classtype:trojan-activity;sid:84141363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278264)"; flow:established,from_client; content:"GET"; http_method; content:"/st.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278264/; classtype:trojan-activity;sid:84141364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278044)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j4vzzuai.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278044/; classtype:trojan-activity;sid:84141144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.134.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278043/; classtype:trojan-activity;sid:84141143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.134.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278019/; classtype:trojan-activity;sid:84141119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.11.38"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277664/; classtype:trojan-activity;sid:84140764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.163.192.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277488/; classtype:trojan-activity;sid:84140588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.240.168.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277098/; classtype:trojan-activity;sid:84140198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276956)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.201.80.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276956/; classtype:trojan-activity;sid:84140056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276896)"; flow:established,from_client; content:"GET"; http_method; content:"/loistupidpet/sfdawsdawdaw/main/serials_checker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276896/; classtype:trojan-activity;sid:84139996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.24.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276887/; classtype:trojan-activity;sid:84139987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276851)"; flow:established,from_client; content:"GET"; http_method; content:"/bytrosyt/xuy/releases/download/dick/xclient.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276851/; classtype:trojan-activity;sid:84139951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276853)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/-/raw/main/xclient.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276853/; classtype:trojan-activity;sid:84139953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276854)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276854/; classtype:trojan-activity;sid:84139954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276855)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/raw/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276855/; classtype:trojan-activity;sid:84139955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276842)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/raw/main/xclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276842/; classtype:trojan-activity;sid:84139942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276844)"; flow:established,from_client; content:"GET"; http_method; content:"/babadura123/banana/raw/refs/heads/main/xclient.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276844/; classtype:trojan-activity;sid:84139944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276845)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/raw/master/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276845/; classtype:trojan-activity;sid:84139945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276846)"; flow:established,from_client; content:"GET"; http_method; content:"/helelehelafsdf163/batata/raw/refs/heads/main/xclient.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276846/; classtype:trojan-activity;sid:84139946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276847)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276847/; classtype:trojan-activity;sid:84139947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276848)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276848/; classtype:trojan-activity;sid:84139948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276850)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/main/xclient.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276850/; classtype:trojan-activity;sid:84139950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276841)"; flow:established,from_client; content:"GET"; http_method; content:"/tubocdev/ratbuildpenis/raw/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276841/; classtype:trojan-activity;sid:84139941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276839)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/raw/main/xclient.exe/"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276839/; classtype:trojan-activity;sid:84139939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276833)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/raw/master/xclient.exe/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276833/; classtype:trojan-activity;sid:84139933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276826)"; flow:established,from_client; content:"GET"; http_method; content:"/tubocdev/ratbuildpenis/raw/main/xclient.exe/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276826/; classtype:trojan-activity;sid:84139926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276828)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/raw/main/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276828/; classtype:trojan-activity;sid:84139928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276829)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276829/; classtype:trojan-activity;sid:84139929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276830)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276830/; classtype:trojan-activity;sid:84139930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276831)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/raw/main/xclient.exe/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276831/; classtype:trojan-activity;sid:84139931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276832)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276832/; classtype:trojan-activity;sid:84139932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276824)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276824/; classtype:trojan-activity;sid:84139924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276712)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gdn5yfjd.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276712/; classtype:trojan-activity;sid:84139812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276706)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/feb9sxwk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276706/; classtype:trojan-activity;sid:84139806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276607)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/18ijuw13.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276607/; classtype:trojan-activity;sid:84139707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276414)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kmvcsaed.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276414/; classtype:trojan-activity;sid:84139514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276354)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7777.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276354/; classtype:trojan-activity;sid:84139454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.241.174.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276229/; classtype:trojan-activity;sid:84139329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275784)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/myrdx.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275784/; classtype:trojan-activity;sid:84138884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275786)"; flow:established,from_client; content:"GET"; http_method; content:"/reko/valid.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275786/; classtype:trojan-activity;sid:84138886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275657)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1huotbd1zjmnea4wg46v7jnontoz7cpfk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275657/; classtype:trojan-activity;sid:84138757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275240)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ikoxnnlvglh6jhnfqkrsihss_p2dqkyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275240/; classtype:trojan-activity;sid:84138340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275241)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1r7oi2jekx0ks1wqpt0ms3_kqvukzy3dv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275241/; classtype:trojan-activity;sid:84138341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274957/; classtype:trojan-activity;sid:84138057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.24.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274892/; classtype:trojan-activity;sid:84137992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.10.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274648/; classtype:trojan-activity;sid:84137748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.23.51.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274647/; classtype:trojan-activity;sid:84137747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.118.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274642/; classtype:trojan-activity;sid:84137742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.153.207.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274641/; classtype:trojan-activity;sid:84137741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.151.149.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274639/; classtype:trojan-activity;sid:84137739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.180.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274638/; classtype:trojan-activity;sid:84137738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.123.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274634/; classtype:trojan-activity;sid:84137734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274635/; classtype:trojan-activity;sid:84137735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.145.165.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274636/; classtype:trojan-activity;sid:84137736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.41.182.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274607/; classtype:trojan-activity;sid:84137707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.2.41.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274606/; classtype:trojan-activity;sid:84137706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.104.33.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274602/; classtype:trojan-activity;sid:84137702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274591/; classtype:trojan-activity;sid:84137691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.226.28.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274592/; classtype:trojan-activity;sid:84137692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.254.36.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274597/; classtype:trojan-activity;sid:84137697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.162.107.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274588/; classtype:trojan-activity;sid:84137688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274064)"; flow:established,from_client; content:"GET"; http_method; content:"/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274064/; classtype:trojan-activity;sid:84137164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274049)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/main/spoofy.sys"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274049/; classtype:trojan-activity;sid:84137149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274046)"; flow:established,from_client; content:"GET"; http_method; content:"/skarsys/assaultcubecheat/main/spoofy.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274046/; classtype:trojan-activity;sid:84137146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274047)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/refs/heads/main/spoofy.sys"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274047/; classtype:trojan-activity;sid:84137147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274048)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/refs/heads/main/spoofy.sys"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274048/; classtype:trojan-activity;sid:84137148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274002)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274002/; classtype:trojan-activity;sid:84137102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273981)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273981/; classtype:trojan-activity;sid:84137081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273982)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273982/; classtype:trojan-activity;sid:84137082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273983)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273983/; classtype:trojan-activity;sid:84137083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273984)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273984/; classtype:trojan-activity;sid:84137084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273987)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273987/; classtype:trojan-activity;sid:84137087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273989)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273989/; classtype:trojan-activity;sid:84137089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273990)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273990/; classtype:trojan-activity;sid:84137090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273994)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273994/; classtype:trojan-activity;sid:84137094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273996)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273996/; classtype:trojan-activity;sid:84137096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273997)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273997/; classtype:trojan-activity;sid:84137097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273998)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273998/; classtype:trojan-activity;sid:84137098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273999)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273999/; classtype:trojan-activity;sid:84137099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273949)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273949/; classtype:trojan-activity;sid:84137049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273941)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273941/; classtype:trojan-activity;sid:84137041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273934)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/ktyhpldea.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273934/; classtype:trojan-activity;sid:84137034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273935)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/gestor%20de%20pedidos.apk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273935/; classtype:trojan-activity;sid:84137035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273936)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/-pril/refs/heads/main/pothjadwtrgh.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273936/; classtype:trojan-activity;sid:84137036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273937)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ae/main/ready.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273937/; classtype:trojan-activity;sid:84137037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273925)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/ptihjawdthas.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273925/; classtype:trojan-activity;sid:84137025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273927)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/njrtdhadawt.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273927/; classtype:trojan-activity;sid:84137027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273928)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/bb.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273928/; classtype:trojan-activity;sid:84137028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273930)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"download-winsdownload-wins.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273930/; classtype:trojan-activity;sid:84137030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273931)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/ready.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273931/; classtype:trojan-activity;sid:84137031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273933)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/-pril/raw/refs/heads/main/pothjadwtrgh.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273933/; classtype:trojan-activity;sid:84137033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273911)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273911/; classtype:trojan-activity;sid:84137011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273912)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273912/; classtype:trojan-activity;sid:84137012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273913)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273913/; classtype:trojan-activity;sid:84137013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273914)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273914/; classtype:trojan-activity;sid:84137014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273915)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273915/; classtype:trojan-activity;sid:84137015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273907)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273907/; classtype:trojan-activity;sid:84137007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273908)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273908/; classtype:trojan-activity;sid:84137008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273909)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273909/; classtype:trojan-activity;sid:84137009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273906)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273906/; classtype:trojan-activity;sid:84137006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273903)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273903/; classtype:trojan-activity;sid:84137003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273888)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273888/; classtype:trojan-activity;sid:84136988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273889)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273889/; classtype:trojan-activity;sid:84136989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273868)"; flow:established,from_client; content:"GET"; http_method; content:"/download/telegram.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"telegramcn.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273868/; classtype:trojan-activity;sid:84136968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273408)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ldqj18tn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273408/; classtype:trojan-activity;sid:84136508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273406)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build555.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273406/; classtype:trojan-activity;sid:84136506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273407)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/psfei0ez.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273407/; classtype:trojan-activity;sid:84136507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273403)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installer.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273403/; classtype:trojan-activity;sid:84136503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273398)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build11.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273398/; classtype:trojan-activity;sid:84136498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/123.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273314/; classtype:trojan-activity;sid:84136414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273308)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/87f3f2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273308/; classtype:trojan-activity;sid:84136408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273161)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hhnjqu9y.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273161/; classtype:trojan-activity;sid:84136261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273148)"; flow:established,from_client; content:"GET"; http_method; content:"/store/vidar.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273148/; classtype:trojan-activity;sid:84136248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273131)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273131/; classtype:trojan-activity;sid:84136231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272384)"; flow:established,from_client; content:"GET"; http_method; content:"/lee.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272384/; classtype:trojan-activity;sid:84135484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272262)"; flow:established,from_client; content:"GET"; http_method; content:"/we.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272262/; classtype:trojan-activity;sid:84135362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272091)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/jjsploit/raw/refs/heads/main/jjsploit_8.10.7_x64-setup.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272091/; classtype:trojan-activity;sid:84135191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272092)"; flow:established,from_client; content:"GET"; http_method; content:"/ordogos2/g575/releases/download/download/setup.7.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272092/; classtype:trojan-activity;sid:84135192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272093)"; flow:established,from_client; content:"GET"; http_method; content:"/kookspook24/ovix-gta-5-mod-menu-updated/releases/download/ovix-mod-menu/launcher.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272093/; classtype:trojan-activity;sid:84135193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272094)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/jjsploit/refs/heads/main/jjsploit_8.10.7_x64-setup.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272094/; classtype:trojan-activity;sid:84135194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272090)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/jjsploit/refs/heads/main/file_jjsploit"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272090/; classtype:trojan-activity;sid:84135190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272016)"; flow:established,from_client; content:"GET"; http_method; content:"/system.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.197.69.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272016/; classtype:trojan-activity;sid:84135116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272008)"; flow:established,from_client; content:"GET"; http_method; content:"/c3pool7.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"c3poolbat.oss-accelerate.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272008/; classtype:trojan-activity;sid:84135108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272005)"; flow:established,from_client; content:"GET"; http_method; content:"/autoc3pool.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c3poolbat.oss-accelerate.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272005/; classtype:trojan-activity;sid:84135105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271922)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271922/; classtype:trojan-activity;sid:84135022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271923)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injectorold.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271923/; classtype:trojan-activity;sid:84135023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271924)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/driver.sys"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271924/; classtype:trojan-activity;sid:84135024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271925)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271925/; classtype:trojan-activity;sid:84135025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271919)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/ogfn%20updater.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271919/; classtype:trojan-activity;sid:84135019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271920)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/pclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271920/; classtype:trojan-activity;sid:84135020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271921)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/kdmapper_release.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271921/; classtype:trojan-activity;sid:84135021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271910)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm7/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271910/; classtype:trojan-activity;sid:84135010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271709)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/prg8btry"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271709/; classtype:trojan-activity;sid:84134809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271696)"; flow:established,from_client; content:"GET"; http_method; content:"/qqnetbar.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271696/; classtype:trojan-activity;sid:84134796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271695)"; flow:established,from_client; content:"GET"; http_method; content:"/aida64.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271695/; classtype:trojan-activity;sid:84134795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271694)"; flow:established,from_client; content:"GET"; http_method; content:"/rlaz.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271694/; classtype:trojan-activity;sid:84134794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271693)"; flow:established,from_client; content:"GET"; http_method; content:"/checkypc.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271693/; classtype:trojan-activity;sid:84134793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271692)"; flow:established,from_client; content:"GET"; http_method; content:"/vc17x64.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271692/; classtype:trojan-activity;sid:84134792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271691)"; flow:established,from_client; content:"GET"; http_method; content:"/pchunter64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271691/; classtype:trojan-activity;sid:84134791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271690)"; flow:established,from_client; content:"GET"; http_method; content:"/remotelyanywhere11.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271690/; classtype:trojan-activity;sid:84134790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271687)"; flow:established,from_client; content:"GET"; http_method; content:"/rlol.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271687/; classtype:trojan-activity;sid:84134787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271688)"; flow:established,from_client; content:"GET"; http_method; content:"/clean.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271688/; classtype:trojan-activity;sid:84134788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271689)"; flow:established,from_client; content:"GET"; http_method; content:"/pm3100.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271689/; classtype:trojan-activity;sid:84134789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271686)"; flow:established,from_client; content:"GET"; http_method; content:"/qwsrv3.3.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271686/; classtype:trojan-activity;sid:84134786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271681)"; flow:established,from_client; content:"GET"; http_method; content:"/x210.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271681/; classtype:trojan-activity;sid:84134781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271682)"; flow:established,from_client; content:"GET"; http_method; content:"/kb2868626x64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271682/; classtype:trojan-activity;sid:84134782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271683)"; flow:established,from_client; content:"GET"; http_method; content:"/ydcx.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271683/; classtype:trojan-activity;sid:84134783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271684)"; flow:established,from_client; content:"GET"; http_method; content:"/smb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271684/; classtype:trojan-activity;sid:84134784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271685)"; flow:established,from_client; content:"GET"; http_method; content:"/kb2808679x64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271685/; classtype:trojan-activity;sid:84134785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271678)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271678/; classtype:trojan-activity;sid:84134778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271679)"; flow:established,from_client; content:"GET"; http_method; content:"/rlpb15.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271679/; classtype:trojan-activity;sid:84134779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271680)"; flow:established,from_client; content:"GET"; http_method; content:"/hydkj.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271680/; classtype:trojan-activity;sid:84134780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271675)"; flow:established,from_client; content:"GET"; http_method; content:"/autoruns.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271675/; classtype:trojan-activity;sid:84134775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271676)"; flow:established,from_client; content:"GET"; http_method; content:"/xwwn.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271676/; classtype:trojan-activity;sid:84134776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271677)"; flow:established,from_client; content:"GET"; http_method; content:"/wbgjupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271677/; classtype:trojan-activity;sid:84134777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271674)"; flow:established,from_client; content:"GET"; http_method; content:"/sgn.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271674/; classtype:trojan-activity;sid:84134774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271673)"; flow:established,from_client; content:"GET"; http_method; content:"/cysoft/winrarx64521sc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271673/; classtype:trojan-activity;sid:84134773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271670)"; flow:established,from_client; content:"GET"; http_method; content:"/wgupdate.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271670/; classtype:trojan-activity;sid:84134770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271671)"; flow:established,from_client; content:"GET"; http_method; content:"/msbd.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271671/; classtype:trojan-activity;sid:84134771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271672)"; flow:established,from_client; content:"GET"; http_method; content:"/hdtune.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271672/; classtype:trojan-activity;sid:84134772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271669)"; flow:established,from_client; content:"GET"; http_method; content:"/fping.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ywxww.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271669/; classtype:trojan-activity;sid:84134769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271668)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271668/; classtype:trojan-activity;sid:84134768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271664)"; flow:established,from_client; content:"GET"; http_method; content:"/wblog.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271664/; classtype:trojan-activity;sid:84134764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271665)"; flow:established,from_client; content:"GET"; http_method; content:"/xww.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271665/; classtype:trojan-activity;sid:84134765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271666)"; flow:established,from_client; content:"GET"; http_method; content:"/steam.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271666/; classtype:trojan-activity;sid:84134766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271661)"; flow:established,from_client; content:"GET"; http_method; content:"/xwwupdate.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271661/; classtype:trojan-activity;sid:84134761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271662)"; flow:established,from_client; content:"GET"; http_method; content:"/zwywupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ywxww.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271662/; classtype:trojan-activity;sid:84134762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271663)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271663/; classtype:trojan-activity;sid:84134763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271654)"; flow:established,from_client; content:"GET"; http_method; content:"/bxupdate.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271654/; classtype:trojan-activity;sid:84134754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271655)"; flow:established,from_client; content:"GET"; http_method; content:"/bxn.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271655/; classtype:trojan-activity;sid:84134755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271656)"; flow:established,from_client; content:"GET"; http_method; content:"/zwyw.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271656/; classtype:trojan-activity;sid:84134756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271657)"; flow:established,from_client; content:"GET"; http_method; content:"/sg.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271657/; classtype:trojan-activity;sid:84134757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271658)"; flow:established,from_client; content:"GET"; http_method; content:"/sgupdate.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271658/; classtype:trojan-activity;sid:84134758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271659)"; flow:established,from_client; content:"GET"; http_method; content:"/cpie.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271659/; classtype:trojan-activity;sid:84134759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271653)"; flow:established,from_client; content:"GET"; http_method; content:"/wljc.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271653/; classtype:trojan-activity;sid:84134753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271651)"; flow:established,from_client; content:"GET"; http_method; content:"/wbgjn.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271651/; classtype:trojan-activity;sid:84134751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271642)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"safe.ywxww.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271642/; classtype:trojan-activity;sid:84134742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271634)"; flow:established,from_client; content:"GET"; http_method; content:"/undertalanted/mod/refs/heads/main/svchost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271634/; classtype:trojan-activity;sid:84134734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271633)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271633/; classtype:trojan-activity;sid:84134733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271632)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271632/; classtype:trojan-activity;sid:84134732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271630)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271630/; classtype:trojan-activity;sid:84134730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271631)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271631/; classtype:trojan-activity;sid:84134731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271626)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/tempspooferxx/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271626/; classtype:trojan-activity;sid:84134726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271627)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271627/; classtype:trojan-activity;sid:84134727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271628)"; flow:established,from_client; content:"GET"; http_method; content:"/furystorage/api/raw/main/svchost.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271628/; classtype:trojan-activity;sid:84134728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271629)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271629/; classtype:trojan-activity;sid:84134729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271624)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271624/; classtype:trojan-activity;sid:84134724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271618)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"122.51.183.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271618/; classtype:trojan-activity;sid:84134718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271617)"; flow:established,from_client; content:"GET"; http_method; content:"/regolx1/hadb/refs/heads/main/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271617/; classtype:trojan-activity;sid:84134717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271615)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/main/client-built.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271615/; classtype:trojan-activity;sid:84134715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271614)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/main/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271614/; classtype:trojan-activity;sid:84134714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271612)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271612/; classtype:trojan-activity;sid:84134712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271613)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271613/; classtype:trojan-activity;sid:84134713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271608)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/tempspooferxx/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271608/; classtype:trojan-activity;sid:84134708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271609)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/refs/heads/main/svchost.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271609/; classtype:trojan-activity;sid:84134709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271610)"; flow:established,from_client; content:"GET"; http_method; content:"/media/furystorage/api/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"media.githubusercontent.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271610/; classtype:trojan-activity;sid:84134710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271611)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/refs/heads/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271611/; classtype:trojan-activity;sid:84134711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271605)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271605/; classtype:trojan-activity;sid:84134705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271602)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271602/; classtype:trojan-activity;sid:84134702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271603)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271603/; classtype:trojan-activity;sid:84134703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271604)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271604/; classtype:trojan-activity;sid:84134704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271601)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271601/; classtype:trojan-activity;sid:84134701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271599)"; flow:established,from_client; content:"GET"; http_method; content:"/user337666/brow666/raw/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271599/; classtype:trojan-activity;sid:84134699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271597)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/thomson101/releases/download/role/svchost.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271597/; classtype:trojan-activity;sid:84134697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271598)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271598/; classtype:trojan-activity;sid:84134698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271591)"; flow:established,from_client; content:"GET"; http_method; content:"/furystorage/api/raw/main/svchost.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271591/; classtype:trojan-activity;sid:84134691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271592)"; flow:established,from_client; content:"GET"; http_method; content:"/692-ez/ratta/raw/refs/heads/main/svchost.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271592/; classtype:trojan-activity;sid:84134692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271593)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/main/client-built.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271593/; classtype:trojan-activity;sid:84134693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271594)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271594/; classtype:trojan-activity;sid:84134694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271595)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/tempspooferxx/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271595/; classtype:trojan-activity;sid:84134695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271596)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271596/; classtype:trojan-activity;sid:84134696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271585)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/main/xclient.exe/"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271585/; classtype:trojan-activity;sid:84134685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271586)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/raw/main/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271586/; classtype:trojan-activity;sid:84134686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271587)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/raw/refs/heads/main/svchost.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271587/; classtype:trojan-activity;sid:84134687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271588)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271588/; classtype:trojan-activity;sid:84134688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271589)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/raw/main/svchost.exe/"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271589/; classtype:trojan-activity;sid:84134689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271590)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/raw/refs/heads/main/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271590/; classtype:trojan-activity;sid:84134690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271579)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0niums/repo/raw/refs/heads/main/nvidia.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271579/; classtype:trojan-activity;sid:84134679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.71.85.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271567/; classtype:trojan-activity;sid:84134667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.85.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271489/; classtype:trojan-activity;sid:84134589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271375)"; flow:established,from_client; content:"GET"; http_method; content:"/d00mt3l/xworm-5.6/raw/refs/heads/main/xwormloader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271375/; classtype:trojan-activity;sid:84134475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271374)"; flow:established,from_client; content:"GET"; http_method; content:"/naruto0827/roblox-blox-fruits-script-2024/refs/heads/main/loader.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271374/; classtype:trojan-activity;sid:84134474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271372)"; flow:established,from_client; content:"GET"; http_method; content:"/naruto0827/roblox-blox-fruits-script-2024/raw/refs/heads/main/loader.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271372/; classtype:trojan-activity;sid:84134472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271364)"; flow:established,from_client; content:"GET"; http_method; content:"/landonpasana21/roblox-blox-fruits-script-2024/refs/heads/main/loader.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271364/; classtype:trojan-activity;sid:84134464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271366)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/refs/heads/main/extremeinjector.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271366/; classtype:trojan-activity;sid:84134466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271367)"; flow:established,from_client; content:"GET"; http_method; content:"/shen0shod/cfx-bypass/refs/heads/main/cfxbypass.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271367/; classtype:trojan-activity;sid:84134467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271368)"; flow:established,from_client; content:"GET"; http_method; content:"/landonpasana21/roblox-blox-fruits-script-2024/raw/refs/heads/main/loader.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271368/; classtype:trojan-activity;sid:84134468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271369)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/raw/refs/heads/main/extremeinjector.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271369/; classtype:trojan-activity;sid:84134469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271370)"; flow:established,from_client; content:"GET"; http_method; content:"/stressedb/redengine/main/loader.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271370/; classtype:trojan-activity;sid:84134470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271290)"; flow:established,from_client; content:"GET"; http_method; content:"/-/project/21762009/uploads/c4f32a8d91f0b95a33e7d8a2715f2c1c/slunkcrypt.2024-06-08.windows.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271290/; classtype:trojan-activity;sid:84134390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271266)"; flow:established,from_client; content:"GET"; http_method; content:"/aegis/10000"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"0889.org"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271266/; classtype:trojan-activity;sid:84134366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271245)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/msd0nng4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271245/; classtype:trojan-activity;sid:84134345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271231)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bf3nfafj"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271231/; classtype:trojan-activity;sid:84134331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271232)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zc37hk17"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271232/; classtype:trojan-activity;sid:84134332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271202)"; flow:established,from_client; content:"GET"; http_method; content:"/1410.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pub-9c95ff56c7ba44c98ae7daad95f5689d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271202/; classtype:trojan-activity;sid:84134302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271206)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/blader-4f96f.appspot.com/o/rem251.txt|3f|alt=media|7c|26|7c|token=c0f99eb2-2f4d-4b6b-8bb6-bdb0e353c395"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271206/; classtype:trojan-activity;sid:84134306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271172)"; flow:established,from_client; content:"GET"; http_method; content:"/aboriginal/downloads/binaries/cross-compiler-m68k.tar.gz"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"landley.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271172/; classtype:trojan-activity;sid:84134272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271005)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yxrd0ob7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271005/; classtype:trojan-activity;sid:84134105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270748)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270748/; classtype:trojan-activity;sid:84133848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270747)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270747/; classtype:trojan-activity;sid:84133847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270746)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270746/; classtype:trojan-activity;sid:84133846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270744)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270744/; classtype:trojan-activity;sid:84133844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270741)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270741/; classtype:trojan-activity;sid:84133841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270735)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270735/; classtype:trojan-activity;sid:84133835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270736)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270736/; classtype:trojan-activity;sid:84133836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270737)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270737/; classtype:trojan-activity;sid:84133837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270733)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270733/; classtype:trojan-activity;sid:84133833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270734)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270734/; classtype:trojan-activity;sid:84133834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270731)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270731/; classtype:trojan-activity;sid:84133831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270732)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270732/; classtype:trojan-activity;sid:84133832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270728)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270728/; classtype:trojan-activity;sid:84133828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270729)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270729/; classtype:trojan-activity;sid:84133829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270730)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270730/; classtype:trojan-activity;sid:84133830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270724)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270724/; classtype:trojan-activity;sid:84133824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270725)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270725/; classtype:trojan-activity;sid:84133825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270726)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270726/; classtype:trojan-activity;sid:84133826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270727)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.chrismccaw.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270727/; classtype:trojan-activity;sid:84133827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270723)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270723/; classtype:trojan-activity;sid:84133823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270722)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270722/; classtype:trojan-activity;sid:84133822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270718)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270718/; classtype:trojan-activity;sid:84133818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270719)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270719/; classtype:trojan-activity;sid:84133819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270720)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270720/; classtype:trojan-activity;sid:84133820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270721)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270721/; classtype:trojan-activity;sid:84133821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270606)"; flow:established,from_client; content:"GET"; http_method; content:"/le/la.bot.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270606/; classtype:trojan-activity;sid:84133706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270605)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270605/; classtype:trojan-activity;sid:84133705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270599)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270599/; classtype:trojan-activity;sid:84133699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270216)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/brf4lern"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270216/; classtype:trojan-activity;sid:84133316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270217)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xvkdr4md"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270217/; classtype:trojan-activity;sid:84133317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270200)"; flow:established,from_client; content:"GET"; http_method; content:"/c3pool/winring0x64.sys"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"c3poolbat2.oss-ap-northeast-1.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270200/; classtype:trojan-activity;sid:84133300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270198)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/edadf5dc5ec04c578e24f68006fad2b4.sys"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270198/; classtype:trojan-activity;sid:84133298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270196)"; flow:established,from_client; content:"GET"; http_method; content:"/novocrm/static/winring0x64.sys"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"118.189.172.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270196/; classtype:trojan-activity;sid:84133296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270195)"; flow:established,from_client; content:"GET"; http_method; content:"/ggassistant/update/2.3.11.29/tool/winring0x64.sys|3f|skq=1701042218"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"shqdown.ggzuhao.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270195/; classtype:trojan-activity;sid:84133295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270193)"; flow:established,from_client; content:"GET"; http_method; content:"/miguel-b-p/..../raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270193/; classtype:trojan-activity;sid:84133293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270185)"; flow:established,from_client; content:"GET"; http_method; content:"/silenthashik/winring/raw/main/winring0x64.sys"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270185/; classtype:trojan-activity;sid:84133285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270186)"; flow:established,from_client; content:"GET"; http_method; content:"/hak333444/xmrig/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270186/; classtype:trojan-activity;sid:84133286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270187)"; flow:established,from_client; content:"GET"; http_method; content:"/irusanov/zenstates-core/raw/master/winring0x64.sys"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270187/; classtype:trojan-activity;sid:84133287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270188)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/blob/master/bin/winring0/winring0x64.sys|3f|raw=true"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270188/; classtype:trojan-activity;sid:84133288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270189)"; flow:established,from_client; content:"GET"; http_method; content:"/so251/olaquerida/releases/download/1releasae/winring0x64.sys"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270189/; classtype:trojan-activity;sid:84133289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270190)"; flow:established,from_client; content:"GET"; http_method; content:"/winring0x64.sys"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mymin11.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270190/; classtype:trojan-activity;sid:84133290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270191)"; flow:established,from_client; content:"GET"; http_method; content:"/jsjsjsc79/advsd/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270191/; classtype:trojan-activity;sid:84133291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270192)"; flow:established,from_client; content:"GET"; http_method; content:"/stickmengamer/idk/raw/main/winring0x64.sys"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270192/; classtype:trojan-activity;sid:84133292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270183)"; flow:established,from_client; content:"GET"; http_method; content:"/sopranotech/dimeo/main/winring0x64.sys"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270183/; classtype:trojan-activity;sid:84133283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270184)"; flow:established,from_client; content:"GET"; http_method; content:"/abrissyy/min/main/winring0x64.sys"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270184/; classtype:trojan-activity;sid:84133284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270080)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j86piuq9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270080/; classtype:trojan-activity;sid:84133180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270079)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bwapp.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270079/; classtype:trojan-activity;sid:84133179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270077)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/0b44ippu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270077/; classtype:trojan-activity;sid:84133177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270078)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5gevcp8z.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270078/; classtype:trojan-activity;sid:84133178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270075)"; flow:established,from_client; content:"GET"; http_method; content:"/store/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270075/; classtype:trojan-activity;sid:84133175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270076)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chicken123.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270076/; classtype:trojan-activity;sid:84133176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270073)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dsds.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270073/; classtype:trojan-activity;sid:84133173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270074)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/final.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270074/; classtype:trojan-activity;sid:84133174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270072)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xyaw4fkp.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270072/; classtype:trojan-activity;sid:84133172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270070)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270070/; classtype:trojan-activity;sid:84133170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270071)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/golden.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270071/; classtype:trojan-activity;sid:84133171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270069)"; flow:established,from_client; content:"GET"; http_method; content:"/test/do.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270069/; classtype:trojan-activity;sid:84133169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270055)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/q1wnx5ir.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270055/; classtype:trojan-activity;sid:84133155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270056)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kp8dnpa9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270056/; classtype:trojan-activity;sid:84133156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270057)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zts.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270057/; classtype:trojan-activity;sid:84133157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270052)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/h5a71wdy.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270052/; classtype:trojan-activity;sid:84133152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.45.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269967/; classtype:trojan-activity;sid:84133067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269954)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/tn8cdkzn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269954/; classtype:trojan-activity;sid:84133054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269874)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/9c1mbus0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269874/; classtype:trojan-activity;sid:84132974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269837)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v7wa24td.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269837/; classtype:trojan-activity;sid:84132937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269831)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new_v8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269831/; classtype:trojan-activity;sid:84132931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269827)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rdx123456.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269827/; classtype:trojan-activity;sid:84132927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269828)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold1234.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269828/; classtype:trojan-activity;sid:84132928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269829)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269829/; classtype:trojan-activity;sid:84132929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269824)"; flow:established,from_client; content:"GET"; http_method; content:"/babadura123/banana/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269824/; classtype:trojan-activity;sid:84132924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269823)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient543/upgraded-sniffle/main/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269823/; classtype:trojan-activity;sid:84132923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269815)"; flow:established,from_client; content:"GET"; http_method; content:"/bytrosyt/xuy/releases/download/dick/xclient.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269815/; classtype:trojan-activity;sid:84132915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269816)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269816/; classtype:trojan-activity;sid:84132916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269817)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/cripting/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269817/; classtype:trojan-activity;sid:84132917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269818)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269818/; classtype:trojan-activity;sid:84132918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269819)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/refs/heads/main/xclient.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269819/; classtype:trojan-activity;sid:84132919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269820)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/raw/main/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269820/; classtype:trojan-activity;sid:84132920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269821)"; flow:established,from_client; content:"GET"; http_method; content:"/tubocdev/ratbuildpenis/raw/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269821/; classtype:trojan-activity;sid:84132921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269822)"; flow:established,from_client; content:"GET"; http_method; content:"/babadura123/banana/raw/refs/heads/main/xclient.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269822/; classtype:trojan-activity;sid:84132922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269788)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/master/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269788/; classtype:trojan-activity;sid:84132888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269789)"; flow:established,from_client; content:"GET"; http_method; content:"/framzzzzz/dont-use/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269789/; classtype:trojan-activity;sid:84132889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269790)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/main/xclient.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269790/; classtype:trojan-activity;sid:84132890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269791)"; flow:established,from_client; content:"GET"; http_method; content:"/stezxyz/svchost.exe/raw/main/xclient.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269791/; classtype:trojan-activity;sid:84132891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269792)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/main/xclient.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269792/; classtype:trojan-activity;sid:84132892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269794)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.197.69.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269794/; classtype:trojan-activity;sid:84132894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269795)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/raw/master/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269795/; classtype:trojan-activity;sid:84132895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269796)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269796/; classtype:trojan-activity;sid:84132896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269798)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/raw/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269798/; classtype:trojan-activity;sid:84132898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269800)"; flow:established,from_client; content:"GET"; http_method; content:"/helelehelafsdf163/batata/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269800/; classtype:trojan-activity;sid:84132900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269802)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/refs/heads/main/xclient.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269802/; classtype:trojan-activity;sid:84132902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269803)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269803/; classtype:trojan-activity;sid:84132903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269804)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/-/raw/main/xclient.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269804/; classtype:trojan-activity;sid:84132904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269807)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269807/; classtype:trojan-activity;sid:84132907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269808)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/-/main/xclient.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269808/; classtype:trojan-activity;sid:84132908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269809)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/raw/main/xclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269809/; classtype:trojan-activity;sid:84132909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269810)"; flow:established,from_client; content:"GET"; http_method; content:"/helelehelafsdf163/batata/raw/refs/heads/main/xclient.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269810/; classtype:trojan-activity;sid:84132910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269811)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269811/; classtype:trojan-activity;sid:84132911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269812)"; flow:established,from_client; content:"GET"; http_method; content:"/tubocdev/ratbuildpenis/main/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269812/; classtype:trojan-activity;sid:84132912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269813)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/raw/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269813/; classtype:trojan-activity;sid:84132913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269785)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269785/; classtype:trojan-activity;sid:84132885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269786)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/refs/heads/main/xclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269786/; classtype:trojan-activity;sid:84132886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269787)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/raw/main/xclient.exe/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269787/; classtype:trojan-activity;sid:84132887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269770)"; flow:established,from_client; content:"GET"; http_method; content:"/intestio/xworm-rat/zip/refs/tags/xworm"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269770/; classtype:trojan-activity;sid:84132870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269768)"; flow:established,from_client; content:"GET"; http_method; content:"/crysiz2631/xworm-3.1/zip/refs/heads/main"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269768/; classtype:trojan-activity;sid:84132868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269767)"; flow:established,from_client; content:"GET"; http_method; content:"/looooolaasa/xworm-5.6/refs/heads/main/xworm-5.6.rar"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269767/; classtype:trojan-activity;sid:84132867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269766)"; flow:established,from_client; content:"GET"; http_method; content:"/trafisg/xworm-5.2-/zip/refs/heads/main"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269766/; classtype:trojan-activity;sid:84132866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269763)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/refs/heads/main/xworm.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269763/; classtype:trojan-activity;sid:84132863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269762)"; flow:established,from_client; content:"GET"; http_method; content:"/jpntr/xworm-v5.2/zip/refs/heads/main"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269762/; classtype:trojan-activity;sid:84132862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269757)"; flow:established,from_client; content:"GET"; http_method; content:"/smokeloader/xworm-v5.3/releases/download/xworm/xworm.v5.3.optimized.bin.7z"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269757/; classtype:trojan-activity;sid:84132857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269756)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar/"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269756/; classtype:trojan-activity;sid:84132856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269750)"; flow:established,from_client; content:"GET"; http_method; content:"/gv1rygit/xworm-v5.2/raw/refs/heads/main/xsploitlauncher.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269750/; classtype:trojan-activity;sid:84132850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269751)"; flow:established,from_client; content:"GET"; http_method; content:"/gv1rygit/xworm-v5.2/raw/refs/heads/main/xsploitlauncher.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269751/; classtype:trojan-activity;sid:84132851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269752)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269752/; classtype:trojan-activity;sid:84132852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269748)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/blob/main/xworm.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269748/; classtype:trojan-activity;sid:84132848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269740)"; flow:established,from_client; content:"GET"; http_method; content:"/gv1rygit/xworm-v5.2/refs/heads/main/xsploitlauncher.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269740/; classtype:trojan-activity;sid:84132840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269741)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar/"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269741/; classtype:trojan-activity;sid:84132841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269738)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/raw/main/xworm.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269738/; classtype:trojan-activity;sid:84132838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269715)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/archive/refs/heads/main.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269715/; classtype:trojan-activity;sid:84132815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269722)"; flow:established,from_client; content:"GET"; http_method; content:"/gv1rygit/xworm-v5.2/refs/heads/main/xsploitlauncher.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269722/; classtype:trojan-activity;sid:84132822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269633)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"utorrent-backup-server.top"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269633/; classtype:trojan-activity;sid:84132733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269624)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"microsoft-auth-network.cc"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269624/; classtype:trojan-activity;sid:84132724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269617)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.243.23.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269617/; classtype:trojan-activity;sid:84132717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269616)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"125.124.96.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269616/; classtype:trojan-activity;sid:84132716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268433)"; flow:established,from_client; content:"GET"; http_method; content:"/5ndshog3cwa/plugins/clip64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"45.93.20.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268433/; classtype:trojan-activity;sid:84131533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268434)"; flow:established,from_client; content:"GET"; http_method; content:"/5ndshog3cwa/plugins/cred64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"45.93.20.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268434/; classtype:trojan-activity;sid:84131534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268242/; classtype:trojan-activity;sid:84131342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267021)"; flow:established,from_client; content:"GET"; http_method; content:"/gompsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267021/; classtype:trojan-activity;sid:84130121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267017)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267017/; classtype:trojan-activity;sid:84130117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267015)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267015/; classtype:trojan-activity;sid:84130115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267013)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267013/; classtype:trojan-activity;sid:84130113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266998)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266998/; classtype:trojan-activity;sid:84130098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266999)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266999/; classtype:trojan-activity;sid:84130099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267007)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267007/; classtype:trojan-activity;sid:84130107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267009)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267009/; classtype:trojan-activity;sid:84130109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267011)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267011/; classtype:trojan-activity;sid:84130111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266994)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266994/; classtype:trojan-activity;sid:84130094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266991)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266991/; classtype:trojan-activity;sid:84130091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266992)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266992/; classtype:trojan-activity;sid:84130092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266993)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266993/; classtype:trojan-activity;sid:84130093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266982)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266982/; classtype:trojan-activity;sid:84130082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266978)"; flow:established,from_client; content:"GET"; http_method; content:"/nshppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266978/; classtype:trojan-activity;sid:84130078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266965)"; flow:established,from_client; content:"GET"; http_method; content:"/nrarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266965/; classtype:trojan-activity;sid:84130065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266966)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266966/; classtype:trojan-activity;sid:84130066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266968)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266968/; classtype:trojan-activity;sid:84130068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266969)"; flow:established,from_client; content:"GET"; http_method; content:"/gomips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266969/; classtype:trojan-activity;sid:84130069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266974)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266974/; classtype:trojan-activity;sid:84130074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266952)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266952/; classtype:trojan-activity;sid:84130052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266956)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266956/; classtype:trojan-activity;sid:84130056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266625)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/refs/heads/main/khtoawdltrha.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266625/; classtype:trojan-activity;sid:84129725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266609)"; flow:established,from_client; content:"GET"; http_method; content:"/vonuch1/start/raw/refs/heads/main/khtoawdltrha.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266609/; classtype:trojan-activity;sid:84129709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266215)"; flow:established,from_client; content:"GET"; http_method; content:"/app64.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.151.62.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266215/; classtype:trojan-activity;sid:84129315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266166)"; flow:established,from_client; content:"GET"; http_method; content:"/clipacheat/chaaa/raw/refs/heads/main/built.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266166/; classtype:trojan-activity;sid:84129266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266091)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266091/; classtype:trojan-activity;sid:84129191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265884)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted25.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265884/; classtype:trojan-activity;sid:84128984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265708/; classtype:trojan-activity;sid:84128808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265267)"; flow:established,from_client; content:"GET"; http_method; content:"/r8p-release-websetup.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"r8p.teknixstuff.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265267/; classtype:trojan-activity;sid:84128367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265198)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.250.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265198/; classtype:trojan-activity;sid:84128298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265196)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.92.19.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265196/; classtype:trojan-activity;sid:84128296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265189)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.146.198.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265189/; classtype:trojan-activity;sid:84128289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265186)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"203.86.239.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265186/; classtype:trojan-activity;sid:84128286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265182)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.108.142.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265182/; classtype:trojan-activity;sid:84128282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265177)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.94.168.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265177/; classtype:trojan-activity;sid:84128277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265174)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.70.0.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265174/; classtype:trojan-activity;sid:84128274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265166)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.78.83.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265166/; classtype:trojan-activity;sid:84128266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265161)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.100.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265161/; classtype:trojan-activity;sid:84128261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261122)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7z2401-x64.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.209.134.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261122/; classtype:trojan-activity;sid:84124222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261119)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7z2401-x64.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"7zip10-2024.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261119/; classtype:trojan-activity;sid:84124219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261118)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7z2401-x64.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.209.134.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261118/; classtype:trojan-activity;sid:84124218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261117)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7z2401-x64.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.209.134.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261117/; classtype:trojan-activity;sid:84124217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261116)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7z2401-x64.msix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.209.134.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261116/; classtype:trojan-activity;sid:84124216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260455)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.14.162.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260455/; classtype:trojan-activity;sid:84123555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259056/; classtype:trojan-activity;sid:84122156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258049)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/rcm_dcdedkd.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258049/; classtype:trojan-activity;sid:84121149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258050)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/rcf_omfnorh.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258050/; classtype:trojan-activity;sid:84121150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258051)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/gpieisb.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258051/; classtype:trojan-activity;sid:84121151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258052)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/fffaemf.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258052/; classtype:trojan-activity;sid:84121152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258053)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/rooahio.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258053/; classtype:trojan-activity;sid:84121153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258054)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/araofkh.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258054/; classtype:trojan-activity;sid:84121154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258055)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/oahinkn.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258055/; classtype:trojan-activity;sid:84121155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258045)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/asy_dffaaep.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258045/; classtype:trojan-activity;sid:84121145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258046)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/iksjbpj.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258046/; classtype:trojan-activity;sid:84121146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258047)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/jaadkfh.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258047/; classtype:trojan-activity;sid:84121147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258048)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/bkpmdom.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258048/; classtype:trojan-activity;sid:84121148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258044)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/igapsme.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258044/; classtype:trojan-activity;sid:84121144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258042)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/domcfbs.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258042/; classtype:trojan-activity;sid:84121142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258043)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/krkmakc.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258043/; classtype:trojan-activity;sid:84121143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258034)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/xwmm_aakkhbm.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258034/; classtype:trojan-activity;sid:84121134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258033)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/refs/heads/main/ifiinms.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258033/; classtype:trojan-activity;sid:84121133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258032)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/apfjrdf.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258032/; classtype:trojan-activity;sid:84121132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258029)"; flow:established,from_client; content:"GET"; http_method; content:"/javamagazine/magdownloads/downloads/utilities-windowtimer-ptimer.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258029/; classtype:trojan-activity;sid:84121129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257637)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/ab/f3.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257637/; classtype:trojan-activity;sid:84120737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257483)"; flow:established,from_client; content:"GET"; http_method; content:"/data/javaw/winring0x64.sys"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257483/; classtype:trojan-activity;sid:84120583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257451)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/winring0x64.sys"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sec.dashabi.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257451/; classtype:trojan-activity;sid:84120551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255220)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zxcv.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255220/; classtype:trojan-activity;sid:84118320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255222)"; flow:established,from_client; content:"GET"; http_method; content:"/lumma/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255222/; classtype:trojan-activity;sid:84118322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254778)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkmpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254778/; classtype:trojan-activity;sid:84117878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254774)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkmips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254774/; classtype:trojan-activity;sid:84117874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254763)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkarm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254763/; classtype:trojan-activity;sid:84117863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254764)"; flow:established,from_client; content:"GET"; http_method; content:"/hi.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254764/; classtype:trojan-activity;sid:84117864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254765)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkx86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254765/; classtype:trojan-activity;sid:84117865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254766)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkarm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254766/; classtype:trojan-activity;sid:84117866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254767)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkarm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254767/; classtype:trojan-activity;sid:84117867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254768)"; flow:established,from_client; content:"GET"; http_method; content:"/blacks/kkkarm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.59.249.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254768/; classtype:trojan-activity;sid:84117868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.233.48.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254671/; classtype:trojan-activity;sid:84117771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254248)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/pythonpathfixer/main/main.ps1"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254248/; classtype:trojan-activity;sid:84117348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254247)"; flow:established,from_client; content:"GET"; http_method; content:"/43a1723/test/refs/heads/main/shellcode/loaderclient.ps1"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254247/; classtype:trojan-activity;sid:84117347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254229)"; flow:established,from_client; content:"GET"; http_method; content:"/43a1723/test/releases/download/siu/stub.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254229/; classtype:trojan-activity;sid:84117329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254228)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/somalifuscator/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254228/; classtype:trojan-activity;sid:84117328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254226)"; flow:established,from_client; content:"GET"; http_method; content:"/proxyonly/www/raw/main/security.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254226/; classtype:trojan-activity;sid:84117326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254223)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/raw/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254223/; classtype:trojan-activity;sid:84117323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254224)"; flow:established,from_client; content:"GET"; http_method; content:"/unblockedgames2/school-shit/raw/main/fuag.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254224/; classtype:trojan-activity;sid:84117324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254222)"; flow:established,from_client; content:"GET"; http_method; content:"/robloxdev1223/requirements/raw/main/requirements.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254222/; classtype:trojan-activity;sid:84117322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254220)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/e/raw/refs/heads/main/powershell.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254220/; classtype:trojan-activity;sid:84117320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254039)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254039/; classtype:trojan-activity;sid:84117139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253392/; classtype:trojan-activity;sid:84116492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253376/; classtype:trojan-activity;sid:84116476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253356)"; flow:established,from_client; content:"GET"; http_method; content:"/adapt/cabbage"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"javierlopez.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253356/; classtype:trojan-activity;sid:84116456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253354)"; flow:established,from_client; content:"GET"; http_method; content:"/adapt/kingdom"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"javierlopez.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253354/; classtype:trojan-activity;sid:84116454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253057/; classtype:trojan-activity;sid:84116157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252991)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.63.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252991/; classtype:trojan-activity;sid:84116091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252968)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"112.74.184.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252968/; classtype:trojan-activity;sid:84116068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252970)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.210.236.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252970/; classtype:trojan-activity;sid:84116070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252640)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/ps/refs/heads/main/ps.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252640/; classtype:trojan-activity;sid:84115740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252637)"; flow:established,from_client; content:"GET"; http_method; content:"/razidvb/myfiles/refs/heads/main/loader.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252637/; classtype:trojan-activity;sid:84115737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252639)"; flow:established,from_client; content:"GET"; http_method; content:"/zefordk/ikeya/refs/heads/main/shellcodeany.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252639/; classtype:trojan-activity;sid:84115739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252635)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/ps/raw/refs/heads/main/ps.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252635/; classtype:trojan-activity;sid:84115735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252632)"; flow:established,from_client; content:"GET"; http_method; content:"/zefordk/ikeya/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252632/; classtype:trojan-activity;sid:84115732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252634)"; flow:established,from_client; content:"GET"; http_method; content:"/razidvb/myfiles/raw/refs/heads/main/loader.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252634/; classtype:trojan-activity;sid:84115734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252630)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252630/; classtype:trojan-activity;sid:84115730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252488)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/refs/heads/main/mipsel"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252488/; classtype:trojan-activity;sid:84115588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252485)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/refs/heads/main/mips"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252485/; classtype:trojan-activity;sid:84115585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252486)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/refs/heads/main/armv7l"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252486/; classtype:trojan-activity;sid:84115586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252487)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/refs/heads/main/animma.sh"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252487/; classtype:trojan-activity;sid:84115587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.87.112.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252211/; classtype:trojan-activity;sid:84115311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.87.112.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252200/; classtype:trojan-activity;sid:84115300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251535/; classtype:trojan-activity;sid:84114635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251523)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.115.213.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251523/; classtype:trojan-activity;sid:84114623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251037)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251037/; classtype:trojan-activity;sid:84114137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251025)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251025/; classtype:trojan-activity;sid:84114125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251026)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/bjcaj8aorkdqbsqqyrda.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251026/; classtype:trojan-activity;sid:84114126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251027)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251027/; classtype:trojan-activity;sid:84114127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251028)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251028/; classtype:trojan-activity;sid:84114128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251029)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/yntfjbwnfbowg4ulufdq.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251029/; classtype:trojan-activity;sid:84114129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251030)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251030/; classtype:trojan-activity;sid:84114130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251031)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/wgznfv2hoqz7kuuj2w9v.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251031/; classtype:trojan-activity;sid:84114131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251032)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251032/; classtype:trojan-activity;sid:84114132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251033)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251033/; classtype:trojan-activity;sid:84114133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251034)"; flow:established,from_client; content:"GET"; http_method; content:"/2210/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251034/; classtype:trojan-activity;sid:84114134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251035)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/b9uoaokmpdan1gmmrxuo.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251035/; classtype:trojan-activity;sid:84114135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250773)"; flow:established,from_client; content:"GET"; http_method; content:"/off/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250773/; classtype:trojan-activity;sid:84113873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250050)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_93.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sirault.be"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250050/; classtype:trojan-activity;sid:84113150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249858)"; flow:established,from_client; content:"GET"; http_method; content:"/1210/theh4uq3nf0rszgpsynf.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249858/; classtype:trojan-activity;sid:84112958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249755)"; flow:established,from_client; content:"GET"; http_method; content:"/langla.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.77.173.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249755/; classtype:trojan-activity;sid:84112855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249739)"; flow:established,from_client; content:"GET"; http_method; content:"/img_up/shop_pds/nicehana/client.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.xn--on3b15m2lco2u.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249739/; classtype:trojan-activity;sid:84112839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249735)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249735/; classtype:trojan-activity;sid:84112835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249679)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/main/client-built.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249679/; classtype:trojan-activity;sid:84112779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249675)"; flow:established,from_client; content:"GET"; http_method; content:"/quasar/quasar/releases/download/v1.4.1/quasar.v1.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249675/; classtype:trojan-activity;sid:84112775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249673)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249673/; classtype:trojan-activity;sid:84112773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249674)"; flow:established,from_client; content:"GET"; http_method; content:"/samllea1/gorebox-modmenu/raw/refs/heads/main/gorebox%20modmenu%201.2.0.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249674/; classtype:trojan-activity;sid:84112774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249671)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/raw/refs/heads/main/2klz.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249671/; classtype:trojan-activity;sid:84112771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249669)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/neverlose-loader/raw/refs/heads/main/neverlose%20loader.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249669/; classtype:trojan-activity;sid:84112769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249667)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249667/; classtype:trojan-activity;sid:84112767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249662)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/refs/heads/master/rat/njrat.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249662/; classtype:trojan-activity;sid:84112762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249656)"; flow:established,from_client; content:"GET"; http_method; content:"/alnyak/test/raw/main/testingg.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249656/; classtype:trojan-activity;sid:84112756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249388)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/asrt/s1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249388/; classtype:trojan-activity;sid:84112488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248725)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248725/; classtype:trojan-activity;sid:84111825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248723)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248723/; classtype:trojan-activity;sid:84111823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248722)"; flow:established,from_client; content:"GET"; http_method; content:"/x/pty"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248722/; classtype:trojan-activity;sid:84111822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248721)"; flow:established,from_client; content:"GET"; http_method; content:"/pay.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"floodernetwork111.accesscam.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248721/; classtype:trojan-activity;sid:84111821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248720)"; flow:established,from_client; content:"GET"; http_method; content:"/x/1sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.136.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248720/; classtype:trojan-activity;sid:84111820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.220.249.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247660/; classtype:trojan-activity;sid:84110760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247570)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.132.166.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247570/; classtype:trojan-activity;sid:84110670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247566/; classtype:trojan-activity;sid:84110666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247417)"; flow:established,from_client; content:"GET"; http_method; content:"/xx86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247417/; classtype:trojan-activity;sid:84110517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247416)"; flow:established,from_client; content:"GET"; http_method; content:"/xmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247416/; classtype:trojan-activity;sid:84110516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247410)"; flow:established,from_client; content:"GET"; http_method; content:"/xx86_64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247410/; classtype:trojan-activity;sid:84110510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247411)"; flow:established,from_client; content:"GET"; http_method; content:"/iarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247411/; classtype:trojan-activity;sid:84110511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247412)"; flow:established,from_client; content:"GET"; http_method; content:"/xmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247412/; classtype:trojan-activity;sid:84110512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247414)"; flow:established,from_client; content:"GET"; http_method; content:"/xarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247414/; classtype:trojan-activity;sid:84110514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247149)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247149/; classtype:trojan-activity;sid:84110249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247150)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247150/; classtype:trojan-activity;sid:84110250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.45.19.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3246790/; classtype:trojan-activity;sid:84109890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246076)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"134.122.176.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246076/; classtype:trojan-activity;sid:84109176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246071)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.207.197.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246071/; classtype:trojan-activity;sid:84109171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246057)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246057/; classtype:trojan-activity;sid:84109157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246018)"; flow:established,from_client; content:"GET"; http_method; content:"/mestalic/site/refs/heads/main/file.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246018/; classtype:trojan-activity;sid:84109118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245772)"; flow:established,from_client; content:"GET"; http_method; content:"/sample.hta"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245772/; classtype:trojan-activity;sid:84108872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245755)"; flow:established,from_client; content:"GET"; http_method; content:"/kuwaitsetuphockey.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245755/; classtype:trojan-activity;sid:84108855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245756)"; flow:established,from_client; content:"GET"; http_method; content:"/officialsevaluationold.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245756/; classtype:trojan-activity;sid:84108856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245737)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.252.159.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245737/; classtype:trojan-activity;sid:84108837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245733)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.152.219.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245733/; classtype:trojan-activity;sid:84108833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245646)"; flow:established,from_client; content:"GET"; http_method; content:"/payload"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"109.248.6.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245646/; classtype:trojan-activity;sid:84108746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245553)"; flow:established,from_client; content:"GET"; http_method; content:"/fotonview.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245553/; classtype:trojan-activity;sid:84108653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245551)"; flow:established,from_client; content:"GET"; http_method; content:"/cameracomponent.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245551/; classtype:trojan-activity;sid:84108651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245550)"; flow:established,from_client; content:"GET"; http_method; content:"/evaluation.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245550/; classtype:trojan-activity;sid:84108650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245480)"; flow:established,from_client; content:"GET"; http_method; content:"/luma/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245480/; classtype:trojan-activity;sid:84108580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245479)"; flow:established,from_client; content:"GET"; http_method; content:"/off/random.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245479/; classtype:trojan-activity;sid:84108579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245463)"; flow:established,from_client; content:"GET"; http_method; content:"/hs.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245463/; classtype:trojan-activity;sid:84108563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245459)"; flow:established,from_client; content:"GET"; http_method; content:"/kg.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245459/; classtype:trojan-activity;sid:84108559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245458)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245458/; classtype:trojan-activity;sid:84108558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245074/; classtype:trojan-activity;sid:84108174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243505)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/creal.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243505/; classtype:trojan-activity;sid:84106605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243502)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243502/; classtype:trojan-activity;sid:84106602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243499)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svchost.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243499/; classtype:trojan-activity;sid:84106599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243500)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/test.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243500/; classtype:trojan-activity;sid:84106600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243497)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qqq.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243497/; classtype:trojan-activity;sid:84106597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243489)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243489/; classtype:trojan-activity;sid:84106589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243486)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/main.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243486/; classtype:trojan-activity;sid:84106586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243482)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/splwow64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243482/; classtype:trojan-activity;sid:84106582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243479)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kill.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243479/; classtype:trojan-activity;sid:84106579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243478)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dcratbuild.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243478/; classtype:trojan-activity;sid:84106578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243470)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrar-x64-701.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243470/; classtype:trojan-activity;sid:84106570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243469)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243469/; classtype:trojan-activity;sid:84106569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243464)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/edge.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243464/; classtype:trojan-activity;sid:84106564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243465)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/univ.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243465/; classtype:trojan-activity;sid:84106565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243459)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvv.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243459/; classtype:trojan-activity;sid:84106559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243455)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/frap.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243455/; classtype:trojan-activity;sid:84106555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243456)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ovrflw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243456/; classtype:trojan-activity;sid:84106556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243452)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243452/; classtype:trojan-activity;sid:84106552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243445)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xt.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243445/; classtype:trojan-activity;sid:84106545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243448)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxl.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243448/; classtype:trojan-activity;sid:84106548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243442)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/launcher.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243442/; classtype:trojan-activity;sid:84106542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243443)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cc2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243443/; classtype:trojan-activity;sid:84106543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243432)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hashed.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243432/; classtype:trojan-activity;sid:84106532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243431)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/probnik.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243431/; classtype:trojan-activity;sid:84106531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243421)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/googleupdate.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243421/; classtype:trojan-activity;sid:84106521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243412)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winx86.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243412/; classtype:trojan-activity;sid:84106512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243407)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewrvuh.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243407/; classtype:trojan-activity;sid:84106507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243406)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/major.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243406/; classtype:trojan-activity;sid:84106506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243400)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243400/; classtype:trojan-activity;sid:84106500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243393)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243393/; classtype:trojan-activity;sid:84106493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243388)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cccc2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243388/; classtype:trojan-activity;sid:84106488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243387)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/divinedialogue.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243387/; classtype:trojan-activity;sid:84106487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243383)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvimelugfq.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243383/; classtype:trojan-activity;sid:84106483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243379)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243379/; classtype:trojan-activity;sid:84106479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243375)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/12.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243375/; classtype:trojan-activity;sid:84106475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243369)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243369/; classtype:trojan-activity;sid:84106469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243364)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diff.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243364/; classtype:trojan-activity;sid:84106464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243358)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dos.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243358/; classtype:trojan-activity;sid:84106458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243351)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newfile.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243351/; classtype:trojan-activity;sid:84106451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243354)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/noll.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243354/; classtype:trojan-activity;sid:84106454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243347)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/shopfree.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243347/; classtype:trojan-activity;sid:84106447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243337)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243337/; classtype:trojan-activity;sid:84106437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243335)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidar.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243335/; classtype:trojan-activity;sid:84106435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243328)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mk.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243328/; classtype:trojan-activity;sid:84106428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243325)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neonn.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243325/; classtype:trojan-activity;sid:84106425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243322)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/legas.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243322/; classtype:trojan-activity;sid:84106422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243317)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/prem1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243317/; classtype:trojan-activity;sid:84106417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/controlledaccesspoint.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243313/; classtype:trojan-activity;sid:84106413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243310)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/processclass.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243310/; classtype:trojan-activity;sid:84106410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243307)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/completestudio.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243307/; classtype:trojan-activity;sid:84106407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243309)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidsusername.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243309/; classtype:trojan-activity;sid:84106409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243306)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neon.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243306/; classtype:trojan-activity;sid:84106406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243302)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loader_5879465914.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243302/; classtype:trojan-activity;sid:84106402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243298)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onlysteal.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243298/; classtype:trojan-activity;sid:84106398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243290)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/softina.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243290/; classtype:trojan-activity;sid:84106390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243289)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ubi-inst.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243289/; classtype:trojan-activity;sid:84106389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243283)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/singerjudy.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243283/; classtype:trojan-activity;sid:84106383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243284)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xm.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243284/; classtype:trojan-activity;sid:84106384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243285)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243285/; classtype:trojan-activity;sid:84106385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243278)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ai2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243278/; classtype:trojan-activity;sid:84106378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243274)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/exclude.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243274/; classtype:trojan-activity;sid:84106374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243276)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kiyan.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243276/; classtype:trojan-activity;sid:84106376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243273)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsexecutable.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243273/; classtype:trojan-activity;sid:84106373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243272)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/torque.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243272/; classtype:trojan-activity;sid:84106372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243271)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/taskhost.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243271/; classtype:trojan-activity;sid:84106371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243138)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jgevbkn6di30"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"222.187.223.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243138/; classtype:trojan-activity;sid:84106238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243135)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/filekey.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243135/; classtype:trojan-activity;sid:84106235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243134)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/file3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243134/; classtype:trojan-activity;sid:84106234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243133)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injek3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243133/; classtype:trojan-activity;sid:84106233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243121)"; flow:established,from_client; content:"GET"; http_method; content:"/js/s.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"112.217.207.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243121/; classtype:trojan-activity;sid:84106221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243086)"; flow:established,from_client; content:"GET"; http_method; content:"/update/data/update.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243086/; classtype:trojan-activity;sid:84106186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243085)"; flow:established,from_client; content:"GET"; http_method; content:"/up/shensu/shensu_dingdan.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"2882.tpddns.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243085/; classtype:trojan-activity;sid:84106185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243084)"; flow:established,from_client; content:"GET"; http_method; content:"/k346de4eecaec750/update.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"175.178.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243084/; classtype:trojan-activity;sid:84106184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243081)"; flow:established,from_client; content:"GET"; http_method; content:"/download/update.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"110.40.51.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243081/; classtype:trojan-activity;sid:84106181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243082)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0624.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243082/; classtype:trojan-activity;sid:84106182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243079)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/update.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243079/; classtype:trojan-activity;sid:84106179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243077)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0703.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243077/; classtype:trojan-activity;sid:84106177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243075)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/temp/_rels/key.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pb.agnt.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243075/; classtype:trojan-activity;sid:84106175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243038)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/glp_installer_900223086_market.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243038/; classtype:trojan-activity;sid:84106138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243035)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/no.pdf"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243035/; classtype:trojan-activity;sid:84106135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243036)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/1.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243036/; classtype:trojan-activity;sid:84106136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243037)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/client.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243037/; classtype:trojan-activity;sid:84106137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243028)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/discord.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243028/; classtype:trojan-activity;sid:84106128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243029)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/work.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243029/; classtype:trojan-activity;sid:84106129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243030)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/client.pdf"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243030/; classtype:trojan-activity;sid:84106130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243031)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/client.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243031/; classtype:trojan-activity;sid:84106131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243032)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/fud.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243032/; classtype:trojan-activity;sid:84106132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243033)"; flow:established,from_client; content:"GET"; http_method; content:"/altabross/fud-batch/refs/heads/main/mario.bat"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243033/; classtype:trojan-activity;sid:84106133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242983)"; flow:established,from_client; content:"GET"; http_method; content:"/flowseal/zapret-discord-youtube/releases/download/1.1.1/zapret-discord-youtube-1.1.1.rar"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242983/; classtype:trojan-activity;sid:84106083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.151.133.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242916/; classtype:trojan-activity;sid:84106016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.151.133.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242903/; classtype:trojan-activity;sid:84106003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242853)"; flow:established,from_client; content:"GET"; http_method; content:"/get/rtsyboyqu8/aa.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242853/; classtype:trojan-activity;sid:84105953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242854)"; flow:established,from_client; content:"GET"; http_method; content:"/get/tvisnldnvi/ardara.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242854/; classtype:trojan-activity;sid:84105954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242852)"; flow:established,from_client; content:"GET"; http_method; content:"/get/xtfglcmk2k/windowshost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242852/; classtype:trojan-activity;sid:84105952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242851)"; flow:established,from_client; content:"GET"; http_method; content:"/get/mzocixkcrs/ee.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242851/; classtype:trojan-activity;sid:84105951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242850)"; flow:established,from_client; content:"GET"; http_method; content:"/get/840cpxujvq/w.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242850/; classtype:trojan-activity;sid:84105950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242663)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack0832.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242663/; classtype:trojan-activity;sid:84105763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242642)"; flow:established,from_client; content:"GET"; http_method; content:"/rishabhkumardeveloper/malware_analysis_using_ml/main/wildfire-test-pe-file.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242642/; classtype:trojan-activity;sid:84105742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242595)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/octus.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242595/; classtype:trojan-activity;sid:84105695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242379)"; flow:established,from_client; content:"GET"; http_method; content:"/s/g7qeilrosjgjeoz/download"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"i0001.clarodrive.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242379/; classtype:trojan-activity;sid:84105479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241764)"; flow:established,from_client; content:"GET"; http_method; content:"/mori-miyako/discord-token-generator/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241764/; classtype:trojan-activity;sid:84104864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241765)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/main/tweaks.7z"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241765/; classtype:trojan-activity;sid:84104865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241756)"; flow:established,from_client; content:"GET"; http_method; content:"/intergate0/none/main/main.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241756/; classtype:trojan-activity;sid:84104856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241754)"; flow:established,from_client; content:"GET"; http_method; content:"/wbrswbrn/awew45/refs/heads/main/nurik.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241754/; classtype:trojan-activity;sid:84104854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241752)"; flow:established,from_client; content:"GET"; http_method; content:"/kntjspr/licensebytes/refs/heads/main/licensemalwarebytes.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241752/; classtype:trojan-activity;sid:84104852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241750)"; flow:established,from_client; content:"GET"; http_method; content:"/dns/pwer"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"main.dsn.ovh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241750/; classtype:trojan-activity;sid:84104850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241646)"; flow:established,from_client; content:"GET"; http_method; content:"/mhemon404/project01/main/system404.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241646/; classtype:trojan-activity;sid:84104746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241643)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/main/fern_wifi_recon%252.34.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241643/; classtype:trojan-activity;sid:84104743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241644)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/refs/heads/main/connector1.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241644/; classtype:trojan-activity;sid:84104744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241645)"; flow:established,from_client; content:"GET"; http_method; content:"/ozcanpng/backd00r/main/backd00rhome.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241645/; classtype:trojan-activity;sid:84104745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241637)"; flow:established,from_client; content:"GET"; http_method; content:"/s107000665/c1/master/1223.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241637/; classtype:trojan-activity;sid:84104737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241638)"; flow:established,from_client; content:"GET"; http_method; content:"/iciamyplant/ctf/master/plantrojan.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241638/; classtype:trojan-activity;sid:84104738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241639)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/main/shellcode.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241639/; classtype:trojan-activity;sid:84104739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241640)"; flow:established,from_client; content:"GET"; http_method; content:"/killbillpribil/world-of-tanks/master/world%20of%20tanks.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241640/; classtype:trojan-activity;sid:84104740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241641)"; flow:established,from_client; content:"GET"; http_method; content:"/mach1el/htb-scripts/master/exploit-fuse/shell.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241641/; classtype:trojan-activity;sid:84104741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241642)"; flow:established,from_client; content:"GET"; http_method; content:"/khr0x40sh/whitelistevasion/master/installutil/script.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241642/; classtype:trojan-activity;sid:84104742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241636)"; flow:established,from_client; content:"GET"; http_method; content:"/award.pdf.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"alien-training.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241636/; classtype:trojan-activity;sid:84104736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241635)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qiniuyunxz.yxflzs.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241635/; classtype:trojan-activity;sid:84104735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241614)"; flow:established,from_client; content:"GET"; http_method; content:"/hgdhgfh/gfdsgfdsgfdgfsdg.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"valseg.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241614/; classtype:trojan-activity;sid:84104714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241613)"; flow:established,from_client; content:"GET"; http_method; content:"/hgdhgfh/tetete.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"valseg.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241613/; classtype:trojan-activity;sid:84104713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241563)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241563/; classtype:trojan-activity;sid:84104663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241559)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/donut.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241559/; classtype:trojan-activity;sid:84104659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241558)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"huyanhnongdo.io.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241558/; classtype:trojan-activity;sid:84104658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241555)"; flow:established,from_client; content:"GET"; http_method; content:"/hgdhgfh/payload.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"valseg.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241555/; classtype:trojan-activity;sid:84104655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241505)"; flow:established,from_client; content:"GET"; http_method; content:"/ffmpeg.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.255.2.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241505/; classtype:trojan-activity;sid:84104605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241404)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241404/; classtype:trojan-activity;sid:84104504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241382)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241382/; classtype:trojan-activity;sid:84104482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241367)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241367/; classtype:trojan-activity;sid:84104467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241364)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.73.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241364/; classtype:trojan-activity;sid:84104464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241357)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241357/; classtype:trojan-activity;sid:84104457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241358)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.25.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241358/; classtype:trojan-activity;sid:84104458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241331)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.200.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241331/; classtype:trojan-activity;sid:84104431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241320)"; flow:established,from_client; content:"GET"; http_method; content:"/.ds_store"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"140.192.101.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241320/; classtype:trojan-activity;sid:84104420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241291)"; flow:established,from_client; content:"GET"; http_method; content:"/key.pem"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241291/; classtype:trojan-activity;sid:84104391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241244)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice124.pdf.url"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.23.113.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241244/; classtype:trojan-activity;sid:84104344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241156)"; flow:established,from_client; content:"GET"; http_method; content:"/hk.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.215.64.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241156/; classtype:trojan-activity;sid:84104256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241129)"; flow:established,from_client; content:"GET"; http_method; content:"/rvg-nikeisfake0/files/main/rat.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241129/; classtype:trojan-activity;sid:84104229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241127)"; flow:established,from_client; content:"GET"; http_method; content:"/justincoding3/slumfun/main/obfuscated.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241127/; classtype:trojan-activity;sid:84104227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241126)"; flow:established,from_client; content:"GET"; http_method; content:"/r00t-3xp10it/redpill/main/utils/compiled.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241126/; classtype:trojan-activity;sid:84104226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241125)"; flow:established,from_client; content:"GET"; http_method; content:"/secwiki/windows-kernel-exploits/master/ms14-068/ms14-068.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241125/; classtype:trojan-activity;sid:84104225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241123)"; flow:established,from_client; content:"GET"; http_method; content:"/prowindows365/hailhydra/refs/heads/main/hailhydra.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241123/; classtype:trojan-activity;sid:84104223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241079)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/refs/heads/main/bot2.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241079/; classtype:trojan-activity;sid:84104179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241054)"; flow:established,from_client; content:"GET"; http_method; content:"/43a1723/test/releases/download/siu/stub.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241054/; classtype:trojan-activity;sid:84104154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241055)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241055/; classtype:trojan-activity;sid:84104155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241019)"; flow:established,from_client; content:"GET"; http_method; content:"/gosha1239/onetap/master/onetap.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241019/; classtype:trojan-activity;sid:84104119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241020)"; flow:established,from_client; content:"GET"; http_method; content:"/an0mat/azorult/refs/heads/master/builder.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241020/; classtype:trojan-activity;sid:84104120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241005)"; flow:established,from_client; content:"GET"; http_method; content:"/ricepudding0xl/discordnitrogenerator/main/discordnitrogenerator.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241005/; classtype:trojan-activity;sid:84104105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241004)"; flow:established,from_client; content:"GET"; http_method; content:"/ryan2159/stuff/main/discord.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241004/; classtype:trojan-activity;sid:84104104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240999)"; flow:established,from_client; content:"GET"; http_method; content:"/sad-dust/death/main/stealinfo.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240999/; classtype:trojan-activity;sid:84104099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240998)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/main/discordspotifybypass.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240998/; classtype:trojan-activity;sid:84104098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240994)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/raw/main/discordspotifybypass.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240994/; classtype:trojan-activity;sid:84104094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240882)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.215.64.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240882/; classtype:trojan-activity;sid:84103982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240819)"; flow:established,from_client; content:"GET"; http_method; content:"/redcanaryco/atomic-red-team/master/atomics/t1204.002/bin/test10.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240819/; classtype:trojan-activity;sid:84103919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240817)"; flow:established,from_client; content:"GET"; http_method; content:"/cuckoobox/cuckoo/archive/master.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240817/; classtype:trojan-activity;sid:84103917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240813)"; flow:established,from_client; content:"GET"; http_method; content:"/haxork8880/files/main/windowssync.txt.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240813/; classtype:trojan-activity;sid:84103913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240814)"; flow:established,from_client; content:"GET"; http_method; content:"/crjtpp/tpplab_public/main/poc-sample-lnk.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240814/; classtype:trojan-activity;sid:84103914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240812)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerx237/miner/main/my-files.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240812/; classtype:trojan-activity;sid:84103912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240811)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/releases/download/beta_v0.6/all.tweaker.beta.v0.6.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240811/; classtype:trojan-activity;sid:84103911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240810)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/raw/main/tweaks.7z"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240810/; classtype:trojan-activity;sid:84103910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240729)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xss-1253555722.cos.ap-singapore.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240729/; classtype:trojan-activity;sid:84103829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240720)"; flow:established,from_client; content:"GET"; http_method; content:"/dqwr1q23rwdfr/xxx/releases/download/xxx/vital.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240720/; classtype:trojan-activity;sid:84103820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240639)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdjulaya09/code-sparrow-crypter-2.0-private-crack-leak/releases/download/%23crypter/codesparrow.crypter.2.0.crack.rar"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240639/; classtype:trojan-activity;sid:84103739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240563)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/bkbvideos/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240563/; classtype:trojan-activity;sid:84103663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240564)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/bkbvideos/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240564/; classtype:trojan-activity;sid:84103664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240565)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/bkbvideos/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240565/; classtype:trojan-activity;sid:84103665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.35.225.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239980/; classtype:trojan-activity;sid:84103080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239707)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239707/; classtype:trojan-activity;sid:84102807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239678)"; flow:established,from_client; content:"GET"; http_method; content:"/enc.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.253.43.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239678/; classtype:trojan-activity;sid:84102778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239669)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_3.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239669/; classtype:trojan-activity;sid:84102769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239666)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_4.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239666/; classtype:trojan-activity;sid:84102766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239667)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_2.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239667/; classtype:trojan-activity;sid:84102767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239668)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_1.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239668/; classtype:trojan-activity;sid:84102768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239574)"; flow:established,from_client; content:"GET"; http_method; content:"/js/paste.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"112.217.207.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239574/; classtype:trojan-activity;sid:84102674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239323)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/multi"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239323/; classtype:trojan-activity;sid:84102423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239106)"; flow:established,from_client; content:"GET"; http_method; content:"/malicious.jar"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"122.51.52.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239106/; classtype:trojan-activity;sid:84102206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238658)"; flow:established,from_client; content:"GET"; http_method; content:"/eaklauncher/eaklauncher.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238658/; classtype:trojan-activity;sid:84101758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238593)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238593/; classtype:trojan-activity;sid:84101693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.45.19.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238563/; classtype:trojan-activity;sid:84101663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.45.19.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238543/; classtype:trojan-activity;sid:84101643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238540)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onedrive.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238540/; classtype:trojan-activity;sid:84101640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238238)"; flow:established,from_client; content:"GET"; http_method; content:"/h8s9k20gnb2/plugins/clip64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.11.61.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238238/; classtype:trojan-activity;sid:84101338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238226)"; flow:established,from_client; content:"GET"; http_method; content:"/h8s9k20gnb2/plugins/clip.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.11.61.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238226/; classtype:trojan-activity;sid:84101326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238218)"; flow:established,from_client; content:"GET"; http_method; content:"/h8s9k20gnb2/plugins/cred.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.11.61.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238218/; classtype:trojan-activity;sid:84101318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238202)"; flow:established,from_client; content:"GET"; http_method; content:"/h8s9k20gnb2/plugins/cred64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.11.61.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238202/; classtype:trojan-activity;sid:84101302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238163)"; flow:established,from_client; content:"GET"; http_method; content:"/xxx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.245.12.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238163/; classtype:trojan-activity;sid:84101263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238165)"; flow:established,from_client; content:"GET"; http_method; content:"/xxx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.245.12.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238165/; classtype:trojan-activity;sid:84101265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238160)"; flow:established,from_client; content:"GET"; http_method; content:"/npc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"39.105.31.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238160/; classtype:trojan-activity;sid:84101260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238159)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/tb/ewm.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"taodianla.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238159/; classtype:trojan-activity;sid:84101259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238155)"; flow:established,from_client; content:"GET"; http_method; content:"/cdb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"146.56.118.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238155/; classtype:trojan-activity;sid:84101255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238124)"; flow:established,from_client; content:"GET"; http_method; content:"/d00mt3l/xworm-5.6/refs/heads/main/xworm%20v5.6.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238124/; classtype:trojan-activity;sid:84101224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238122)"; flow:established,from_client; content:"GET"; http_method; content:"/system.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.197.69.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238122/; classtype:trojan-activity;sid:84101222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238123)"; flow:established,from_client; content:"GET"; http_method; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238123/; classtype:trojan-activity;sid:84101223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238111)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238111/; classtype:trojan-activity;sid:84101211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238086)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/f3pe.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238086/; classtype:trojan-activity;sid:84101186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238082)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/erth/main/wenzcord.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238082/; classtype:trojan-activity;sid:84101182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238083)"; flow:established,from_client; content:"GET"; http_method; content:"/azurerex/napewnonievoiderhook/main/seksiak.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238083/; classtype:trojan-activity;sid:84101183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238084)"; flow:established,from_client; content:"GET"; http_method; content:"/python312/rusty-dropper/main/client-built.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238084/; classtype:trojan-activity;sid:84101184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238073)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/main/fast%20download.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238073/; classtype:trojan-activity;sid:84101173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238074)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/test-rat-do-not-download-exe/refs/heads/main/discord.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238074/; classtype:trojan-activity;sid:84101174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238076)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/main/built.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238076/; classtype:trojan-activity;sid:84101176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238078)"; flow:established,from_client; content:"GET"; http_method; content:"/raz233/rgdgdrg/main/client.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238078/; classtype:trojan-activity;sid:84101178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238079)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238079/; classtype:trojan-activity;sid:84101179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238081)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/main/x.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238081/; classtype:trojan-activity;sid:84101181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238066)"; flow:established,from_client; content:"GET"; http_method; content:"/paketpk/trojan/main/njsilent.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238066/; classtype:trojan-activity;sid:84101166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238067)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/main/svhost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238067/; classtype:trojan-activity;sid:84101167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238068)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/r32r32/master/server.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238068/; classtype:trojan-activity;sid:84101168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238069)"; flow:established,from_client; content:"GET"; http_method; content:"/monkey958/sdasd/main/856.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238069/; classtype:trojan-activity;sid:84101169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238070)"; flow:established,from_client; content:"GET"; http_method; content:"/proltop1/popka/master/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238070/; classtype:trojan-activity;sid:84101170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238064)"; flow:established,from_client; content:"GET"; http_method; content:"/fortnitebott/spfnll/main/spofrln.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238064/; classtype:trojan-activity;sid:84101164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238061)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/main/444.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238061/; classtype:trojan-activity;sid:84101161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238062)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/refs/heads/main/java32.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238062/; classtype:trojan-activity;sid:84101162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238063)"; flow:established,from_client; content:"GET"; http_method; content:"/hapor2023/quasar/main/discord.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238063/; classtype:trojan-activity;sid:84101163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238059)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/main/testme.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238059/; classtype:trojan-activity;sid:84101159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238058)"; flow:established,from_client; content:"GET"; http_method; content:"/sesafvr/ayo/refs/heads/main/client-built.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238058/; classtype:trojan-activity;sid:84101158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238056)"; flow:established,from_client; content:"GET"; http_method; content:"/impar0/tryyy/main/client.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238056/; classtype:trojan-activity;sid:84101156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238057)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/main/bloxflip%20predictor.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238057/; classtype:trojan-activity;sid:84101157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238055)"; flow:established,from_client; content:"GET"; http_method; content:"/visoxc/misterbombastic/main/don/driverhost.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238055/; classtype:trojan-activity;sid:84101155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238052)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptskiddy/remoteadmintool/master/trojan.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238052/; classtype:trojan-activity;sid:84101152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238054)"; flow:established,from_client; content:"GET"; http_method; content:"/pyxe1/sheesh/9e641bf9dd97a738f11f4b212603758cd9861f27/plswork.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238054/; classtype:trojan-activity;sid:84101154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238050)"; flow:established,from_client; content:"GET"; http_method; content:"/re9neyt/goodfrag-mh-counter-strike-global-offensive-/master/goodfrag.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238050/; classtype:trojan-activity;sid:84101150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238047)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/main/sentil.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238047/; classtype:trojan-activity;sid:84101147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238048)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/hyh/master/server.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238048/; classtype:trojan-activity;sid:84101148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238045)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/refs/heads/main/njrat.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238045/; classtype:trojan-activity;sid:84101145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238046)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/refs/heads/main/2klz.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238046/; classtype:trojan-activity;sid:84101146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238041)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/main/runtimebroker.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238041/; classtype:trojan-activity;sid:84101141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238035)"; flow:established,from_client; content:"GET"; http_method; content:"/stukit/svhoste/main/svhoste.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238035/; classtype:trojan-activity;sid:84101135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238037)"; flow:established,from_client; content:"GET"; http_method; content:"/fhebngndsg/thefunny/main/client-built.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238037/; classtype:trojan-activity;sid:84101137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238033)"; flow:established,from_client; content:"GET"; http_method; content:"/tiraundercode/rev/main/client-built.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238033/; classtype:trojan-activity;sid:84101133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238034)"; flow:established,from_client; content:"GET"; http_method; content:"/cmaster324-cell/su/main/client.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238034/; classtype:trojan-activity;sid:84101134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238027)"; flow:established,from_client; content:"GET"; http_method; content:"/lexazar63/minecraft-client/master/steamdetector.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238027/; classtype:trojan-activity;sid:84101127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238028)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicxz/fnaf-1/main/fusca%20game.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238028/; classtype:trojan-activity;sid:84101128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238023)"; flow:established,from_client; content:"GET"; http_method; content:"/vdlosunbik/steam.upgreyd/master/steam.upgreyd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238023/; classtype:trojan-activity;sid:84101123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238024)"; flow:established,from_client; content:"GET"; http_method; content:"/bormasina/test/main/defender64.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238024/; classtype:trojan-activity;sid:84101124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238025)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/main/amogus.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238025/; classtype:trojan-activity;sid:84101125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238021)"; flow:established,from_client; content:"GET"; http_method; content:"/anonam0369/1/main/discord.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238021/; classtype:trojan-activity;sid:84101121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238022)"; flow:established,from_client; content:"GET"; http_method; content:"/krevedko3221/porno/main/mos%20ssssttttt.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238022/; classtype:trojan-activity;sid:84101122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238018)"; flow:established,from_client; content:"GET"; http_method; content:"/gleb221/paki/master/%d0%9f%d0%b0%d0%ba%d0%b8.rar"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238018/; classtype:trojan-activity;sid:84101118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238019)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/spectrum/main/spectrum.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238019/; classtype:trojan-activity;sid:84101119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238015)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/discord/refs/heads/main/discord.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238015/; classtype:trojan-activity;sid:84101115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238016)"; flow:established,from_client; content:"GET"; http_method; content:"/qwuxu/ghjtdfghnfg/main/lastest.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238016/; classtype:trojan-activity;sid:84101116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238014)"; flow:established,from_client; content:"GET"; http_method; content:"/pyxe1/sheesh/04f111bc997c01dc4aa6ab035dcb5ff877fc5bbf/client-built.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238014/; classtype:trojan-activity;sid:84101114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238013)"; flow:established,from_client; content:"GET"; http_method; content:"/vampirvikariy/clientn2/master/intro.avi.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238013/; classtype:trojan-activity;sid:84101113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238012)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/main/njrat.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238012/; classtype:trojan-activity;sid:84101112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238011)"; flow:established,from_client; content:"GET"; http_method; content:"/alnyak/test/main/testingg.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238011/; classtype:trojan-activity;sid:84101111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238008)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/neverlose-loader/refs/heads/main/neverlose%20loader.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238008/; classtype:trojan-activity;sid:84101108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238009)"; flow:established,from_client; content:"GET"; http_method; content:"/supfrezze/jtebez/master/dayum.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238009/; classtype:trojan-activity;sid:84101109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238010)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/main/server1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238010/; classtype:trojan-activity;sid:84101110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238006)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrecxxil/syndicate/main/main.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238006/; classtype:trojan-activity;sid:84101106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237999)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/raw/main/client-built.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237999/; classtype:trojan-activity;sid:84101099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237993)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/raw/main/client-built.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237993/; classtype:trojan-activity;sid:84101093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/blob/master/rat/njrat.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237975/; classtype:trojan-activity;sid:84101075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237976)"; flow:established,from_client; content:"GET"; http_method; content:"/5556.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.212.158.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237976/; classtype:trojan-activity;sid:84101076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237956)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/umbral-stealer/zip/refs/heads/main"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237956/; classtype:trojan-activity;sid:84101056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237955)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blank-grabber/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237955/; classtype:trojan-activity;sid:84101055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237954)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blankobf/zip/refs/heads/v2"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237954/; classtype:trojan-activity;sid:84101054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237918)"; flow:established,from_client; content:"GET"; http_method; content:"/soporte%5csoporteperfect.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"perfectperu.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237918/; classtype:trojan-activity;sid:84101018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237916)"; flow:established,from_client; content:"GET"; http_method; content:"/descargas/ammyy.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soportegira.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237916/; classtype:trojan-activity;sid:84101016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237909)"; flow:established,from_client; content:"GET"; http_method; content:"/aa_v3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"artemka.spb.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237909/; classtype:trojan-activity;sid:84101009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237889)"; flow:established,from_client; content:"GET"; http_method; content:"/activia/aa_v3.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sfa.com.ar"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237889/; classtype:trojan-activity;sid:84100989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237880)"; flow:established,from_client; content:"GET"; http_method; content:"/aa_v3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.130.39.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237880/; classtype:trojan-activity;sid:84100980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237876)"; flow:established,from_client; content:"GET"; http_method; content:"/aa_v3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.186.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237876/; classtype:trojan-activity;sid:84100976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237877)"; flow:established,from_client; content:"GET"; http_method; content:"/download/aa_v3.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.netsolution.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237877/; classtype:trojan-activity;sid:84100977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237861)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/zip/refs/heads/main"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237861/; classtype:trojan-activity;sid:84100961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237856)"; flow:established,from_client; content:"GET"; http_method; content:"/mariolalo/myrec/main/notallowedtocrypt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237856/; classtype:trojan-activity;sid:84100956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237855)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/main/evetbeta.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237855/; classtype:trojan-activity;sid:84100955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237850)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hunt.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"microsoft-analyse.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237850/; classtype:trojan-activity;sid:84100950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237851)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sexyrem"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"microsoft-analyse.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237851/; classtype:trojan-activity;sid:84100951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237849)"; flow:established,from_client; content:"GET"; http_method; content:"/files/host.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"microsoft-analyse.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237849/; classtype:trojan-activity;sid:84100949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237823)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/exe/main/solara_protect.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237823/; classtype:trojan-activity;sid:84100923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237810)"; flow:established,from_client; content:"GET"; http_method; content:"/steve824/a/zip/refs/heads/main"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237810/; classtype:trojan-activity;sid:84100910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237807)"; flow:established,from_client; content:"GET"; http_method; content:"/orospuccocugu/aaaaaa/main/anne.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237807/; classtype:trojan-activity;sid:84100907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237806)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/main/discord2.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237806/; classtype:trojan-activity;sid:84100906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237794)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/main/discord.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237794/; classtype:trojan-activity;sid:84100894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237795)"; flow:established,from_client; content:"GET"; http_method; content:"/realmastercoder69/daww/main/loader.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237795/; classtype:trojan-activity;sid:84100895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237796)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/main/asyncclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237796/; classtype:trojan-activity;sid:84100896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237797)"; flow:established,from_client; content:"GET"; http_method; content:"/vash0001/discord/main/discord3.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237797/; classtype:trojan-activity;sid:84100897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237798)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/main/crspoofer.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237798/; classtype:trojan-activity;sid:84100898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237799)"; flow:established,from_client; content:"GET"; http_method; content:"/ducminh23/ddosv1/main/ddosziller.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237799/; classtype:trojan-activity;sid:84100899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237800)"; flow:established,from_client; content:"GET"; http_method; content:"/h4ck3dv0d4/terminal-test/main/terminal_9235.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237800/; classtype:trojan-activity;sid:84100900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237801)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/main/asyncclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237801/; classtype:trojan-activity;sid:84100901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237803)"; flow:established,from_client; content:"GET"; http_method; content:"/krishnatherock9673/krishna22/main/krishna33.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237803/; classtype:trojan-activity;sid:84100903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237793)"; flow:established,from_client; content:"GET"; http_method; content:"/langla.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ser.nrovn.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237793/; classtype:trojan-activity;sid:84100893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237792)"; flow:established,from_client; content:"GET"; http_method; content:"/heysama/afsgdhzx/raw/main/asyncclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237792/; classtype:trojan-activity;sid:84100892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237780)"; flow:established,from_client; content:"GET"; http_method; content:"/test/num.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237780/; classtype:trojan-activity;sid:84100880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237737)"; flow:established,from_client; content:"GET"; http_method; content:"/thebb5th/123/zip/refs/heads/main"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237737/; classtype:trojan-activity;sid:84100837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237734)"; flow:established,from_client; content:"GET"; http_method; content:"/ad8386/gs8868/zip/refs/heads/main"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237734/; classtype:trojan-activity;sid:84100834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237735)"; flow:established,from_client; content:"GET"; http_method; content:"/ad8386/dt68/zip/refs/heads/main"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237735/; classtype:trojan-activity;sid:84100835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237464)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_3ozdjl5puad8qn3tipydynn5j7l13el"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237464/; classtype:trojan-activity;sid:84100564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237443)"; flow:established,from_client; content:"GET"; http_method; content:"/new.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237443/; classtype:trojan-activity;sid:84100543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237385)"; flow:established,from_client; content:"GET"; http_method; content:"/log.out"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"47.103.44.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237385/; classtype:trojan-activity;sid:84100485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236640)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"60.166.36.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236640/; classtype:trojan-activity;sid:84099740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236597)"; flow:established,from_client; content:"GET"; http_method; content:"/center.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236597/; classtype:trojan-activity;sid:84099697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236587)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"153.37.77.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236587/; classtype:trojan-activity;sid:84099687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236559)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.136.142.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236559/; classtype:trojan-activity;sid:84099659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236524)"; flow:established,from_client; content:"GET"; http_method; content:"/f/f89/1174180.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"by.haory.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236524/; classtype:trojan-activity;sid:84099624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236485)"; flow:established,from_client; content:"GET"; http_method; content:"/never.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236485/; classtype:trojan-activity;sid:84099585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236453)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/powershellscripts/invoke-petitpotam.ps1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236453/; classtype:trojan-activity;sid:84099553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236449)"; flow:established,from_client; content:"GET"; http_method; content:"/mvt/xmrig.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"main.dsn.ovh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236449/; classtype:trojan-activity;sid:84099549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236324)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xwgl/xw_xxgl.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236324/; classtype:trojan-activity;sid:84099424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236322)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xw_setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236322/; classtype:trojan-activity;sid:84099422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236323)"; flow:established,from_client; content:"GET"; http_method; content:"/file/yhy_setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236323/; classtype:trojan-activity;sid:84099423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236317)"; flow:established,from_client; content:"GET"; http_method; content:"/dam/software/keygen.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"desquer.ens.uabc.mx"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236317/; classtype:trojan-activity;sid:84099417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236316)"; flow:established,from_client; content:"GET"; http_method; content:"/cs-daili.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dow.andylab.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236316/; classtype:trojan-activity;sid:84099416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236314)"; flow:established,from_client; content:"GET"; http_method; content:"/ipscan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"file.edunet.ac"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236314/; classtype:trojan-activity;sid:84099414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236315)"; flow:established,from_client; content:"GET"; http_method; content:"/tgxt.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dow.andylab.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236315/; classtype:trojan-activity;sid:84099415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236313)"; flow:established,from_client; content:"GET"; http_method; content:"/mirdll2.rar"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dow.andylab.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236313/; classtype:trojan-activity;sid:84099413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236311)"; flow:established,from_client; content:"GET"; http_method; content:"/datdll.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dow.andylab.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236311/; classtype:trojan-activity;sid:84099411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236272)"; flow:established,from_client; content:"GET"; http_method; content:"/1skilllauncher/1skilllauncher.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236272/; classtype:trojan-activity;sid:84099372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236240)"; flow:established,from_client; content:"GET"; http_method; content:"/services/identification/server/gtptoolsdownloadhandler.ashx|3f|filename=gtp_6_browserplugin_setup.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"hnjgdl.geps.glodon.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236240/; classtype:trojan-activity;sid:84099340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236238)"; flow:established,from_client; content:"GET"; http_method; content:"/xbyxsv3.94.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.beiletoys.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236238/; classtype:trojan-activity;sid:84099338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236237)"; flow:established,from_client; content:"GET"; http_method; content:"/natgo.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dl.natgo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236237/; classtype:trojan-activity;sid:84099337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236236)"; flow:established,from_client; content:"GET"; http_method; content:"/download/etermproxy.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pid.fly160.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236236/; classtype:trojan-activity;sid:84099336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236234)"; flow:established,from_client; content:"GET"; http_method; content:"/datatools/datatools.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"42.193.42.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236234/; classtype:trojan-activity;sid:84099334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236232)"; flow:established,from_client; content:"GET"; http_method; content:"/mvp.dll"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"110.42.46.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236232/; classtype:trojan-activity;sid:84099332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236227)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/iupdate.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.innovare.no"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236227/; classtype:trojan-activity;sid:84099327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236225)"; flow:established,from_client; content:"GET"; http_method; content:"/update/client/update.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"217.15.164.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236225/; classtype:trojan-activity;sid:84099325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236224)"; flow:established,from_client; content:"GET"; http_method; content:"/pdd_biaoge/soft/down.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"49.234.48.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236224/; classtype:trojan-activity;sid:84099324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236220)"; flow:established,from_client; content:"GET"; http_method; content:"/ledgerupdater.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.113.115.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236220/; classtype:trojan-activity;sid:84099320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236215)"; flow:established,from_client; content:"GET"; http_method; content:"/update/client/cabal.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"217.15.164.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236215/; classtype:trojan-activity;sid:84099315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236154/; classtype:trojan-activity;sid:84099254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235523)"; flow:established,from_client; content:"GET"; http_method; content:"/chainguard-dev/bincapz/archive/refs/tags/v0.5.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235523/; classtype:trojan-activity;sid:84098623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235524)"; flow:established,from_client; content:"GET"; http_method; content:"/randomvapeuser/vape-4.11/releases/download/crack/vape.v4.11.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235524/; classtype:trojan-activity;sid:84098624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235522)"; flow:established,from_client; content:"GET"; http_method; content:"/playmcbkuwu/vape/releases/download/stable/vape.v4.10.from.duckysolucky.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235522/; classtype:trojan-activity;sid:84098622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235514)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235514/; classtype:trojan-activity;sid:84098614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235513)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.4.7/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235513/; classtype:trojan-activity;sid:84098613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235094)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/update.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235094/; classtype:trojan-activity;sid:84098194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235088)"; flow:established,from_client; content:"GET"; http_method; content:"/spoofer.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.141.26.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235088/; classtype:trojan-activity;sid:84098188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235077)"; flow:established,from_client; content:"GET"; http_method; content:"/libcurl.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235077/; classtype:trojan-activity;sid:84098177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235061)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/worker.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235061/; classtype:trojan-activity;sid:84098161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234872)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/main/asyncclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234872/; classtype:trojan-activity;sid:84097972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234859)"; flow:established,from_client; content:"GET"; http_method; content:"/petikvx/lockbit-black-builder/main/lockbit30/builder.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234859/; classtype:trojan-activity;sid:84097959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234858)"; flow:established,from_client; content:"GET"; http_method; content:"/tennessene/lockbit/refs/heads/main/builder.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234858/; classtype:trojan-activity;sid:84097958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234803)"; flow:established,from_client; content:"GET"; http_method; content:"/crazycoach.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234803/; classtype:trojan-activity;sid:84097903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234465)"; flow:established,from_client; content:"GET"; http_method; content:"/right_distribution.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234465/; classtype:trojan-activity;sid:84097565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234464)"; flow:established,from_client; content:"GET"; http_method; content:"/distribution.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234464/; classtype:trojan-activity;sid:84097564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234462)"; flow:established,from_client; content:"GET"; http_method; content:"/xl_ext_chrome.crx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234462/; classtype:trojan-activity;sid:84097562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234460)"; flow:established,from_client; content:"GET"; http_method; content:"/test.pdf.lnk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234460/; classtype:trojan-activity;sid:84097560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234459)"; flow:established,from_client; content:"GET"; http_method; content:"/distribution.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234459/; classtype:trojan-activity;sid:84097559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234458)"; flow:established,from_client; content:"GET"; http_method; content:"/protect_distribution.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234458/; classtype:trojan-activity;sid:84097558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3233069)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"192.162.49.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3233069/; classtype:trojan-activity;sid:84096169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232529)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/utility-inst.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232529/; classtype:trojan-activity;sid:84095629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232530)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64_1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232530/; classtype:trojan-activity;sid:84095630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232419)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.250.188.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232419/; classtype:trojan-activity;sid:84095519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232406)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.98.174.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232406/; classtype:trojan-activity;sid:84095506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232407)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.98.174.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232407/; classtype:trojan-activity;sid:84095507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232401)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.196.237.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232401/; classtype:trojan-activity;sid:84095501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232402)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.202.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232402/; classtype:trojan-activity;sid:84095502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231926)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231926/; classtype:trojan-activity;sid:84095026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231796)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16737801/wave.zip|3f|"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231796/; classtype:trojan-activity;sid:84094896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231794)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16419615/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231794/; classtype:trojan-activity;sid:84094894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231554)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.204.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231554/; classtype:trojan-activity;sid:84094654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231110)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231110/; classtype:trojan-activity;sid:84094210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230704)"; flow:established,from_client; content:"GET"; http_method; content:"/drhbntdenedrhn/2.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"odoo.kseibitools.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230704/; classtype:trojan-activity;sid:84093804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230703)"; flow:established,from_client; content:"GET"; http_method; content:"/drhbntdenedrhn/rainbow.jpg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"odoo.kseibitools.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230703/; classtype:trojan-activity;sid:84093803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230278)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.192.195.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230278/; classtype:trojan-activity;sid:84093378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230281)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.218.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230281/; classtype:trojan-activity;sid:84093381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230237)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.125.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230237/; classtype:trojan-activity;sid:84093337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230239)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.92.86.239"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230239/; classtype:trojan-activity;sid:84093339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230243)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.3.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230243/; classtype:trojan-activity;sid:84093343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229665/; classtype:trojan-activity;sid:84092765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229668)"; flow:established,from_client; content:"GET"; http_method; content:"/mark/def.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229668/; classtype:trojan-activity;sid:84092768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229632)"; flow:established,from_client; content:"GET"; http_method; content:"/parthmodi152/web3-coding-challenge/zip/refs/heads/main"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229632/; classtype:trojan-activity;sid:84092732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; content:"GET"; http_method; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228667)"; flow:established,from_client; content:"GET"; http_method; content:"/winassist/login/login.7z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"win.down.55kantu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228667/; classtype:trojan-activity;sid:84091767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228412)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228412/; classtype:trojan-activity;sid:84091512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226957)"; flow:established,from_client; content:"GET"; http_method; content:"/devmgmt.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.241.17.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226957/; classtype:trojan-activity;sid:84090057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226761)"; flow:established,from_client; content:"GET"; http_method; content:"/second.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.241.17.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226761/; classtype:trojan-activity;sid:84089861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226551)"; flow:established,from_client; content:"GET"; http_method; content:"/unmysqld.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.238.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226551/; classtype:trojan-activity;sid:84089651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226552)"; flow:established,from_client; content:"GET"; http_method; content:"/mariadb.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.238.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226552/; classtype:trojan-activity;sid:84089652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226239)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.0/xmrig-6.22.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226239/; classtype:trojan-activity;sid:84089339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225936)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225936/; classtype:trojan-activity;sid:84089036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225932/; classtype:trojan-activity;sid:84089032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225931/; classtype:trojan-activity;sid:84089031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225930/; classtype:trojan-activity;sid:84089030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225465)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/stail.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.113.115.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3225465/; classtype:trojan-activity;sid:84088565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224782)"; flow:established,from_client; content:"GET"; http_method; content:"/32/items/detah-note-v_202410/detahnote_v.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ia600102.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224782/; classtype:trojan-activity;sid:84087882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224762)"; flow:established,from_client; content:"GET"; http_method; content:"/installsetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.113.115.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224762/; classtype:trojan-activity;sid:84087862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224579)"; flow:established,from_client; content:"GET"; http_method; content:"/screenupdatesync.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.113.115.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224579/; classtype:trojan-activity;sid:84087679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unit.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224313/; classtype:trojan-activity;sid:84087413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224192)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bildnewl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3224192/; classtype:trojan-activity;sid:84087292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223989)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loadnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223989/; classtype:trojan-activity;sid:84087089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218068)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/rld"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218068/; classtype:trojan-activity;sid:84081168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218067)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/rls"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218067/; classtype:trojan-activity;sid:84081167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218064)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/kthreadrm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218064/; classtype:trojan-activity;sid:84081164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218065)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l/kthreadrm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218065/; classtype:trojan-activity;sid:84081165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218036)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218036/; classtype:trojan-activity;sid:84081136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218037)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218037/; classtype:trojan-activity;sid:84081137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218034)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218034/; classtype:trojan-activity;sid:84081134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218035)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.45.68.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218035/; classtype:trojan-activity;sid:84081135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218033)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.216.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218033/; classtype:trojan-activity;sid:84081133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218030)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.101.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218030/; classtype:trojan-activity;sid:84081130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218031)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218031/; classtype:trojan-activity;sid:84081131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218022/; classtype:trojan-activity;sid:84081122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.56.191.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218023/; classtype:trojan-activity;sid:84081123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218026)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218026/; classtype:trojan-activity;sid:84081126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218027)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218027/; classtype:trojan-activity;sid:84081127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218028)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.132"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218028/; classtype:trojan-activity;sid:84081128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218004/; classtype:trojan-activity;sid:84081104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218005)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218005/; classtype:trojan-activity;sid:84081105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218006)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218006/; classtype:trojan-activity;sid:84081106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218007/; classtype:trojan-activity;sid:84081107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218008)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218008/; classtype:trojan-activity;sid:84081108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.217.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218009/; classtype:trojan-activity;sid:84081109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218010/; classtype:trojan-activity;sid:84081110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.76.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218014/; classtype:trojan-activity;sid:84081114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218002)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218002/; classtype:trojan-activity;sid:84081102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218003)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218003/; classtype:trojan-activity;sid:84081103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218001)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218001/; classtype:trojan-activity;sid:84081101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217811)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.74.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217811/; classtype:trojan-activity;sid:84080911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217809)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.90.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217809/; classtype:trojan-activity;sid:84080909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217785/; classtype:trojan-activity;sid:84080885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217786)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217786/; classtype:trojan-activity;sid:84080886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217787)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217787/; classtype:trojan-activity;sid:84080887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217789)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.122.182.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217789/; classtype:trojan-activity;sid:84080889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217793)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.232.246.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217793/; classtype:trojan-activity;sid:84080893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217795)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.91.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217795/; classtype:trojan-activity;sid:84080895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217799)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.84.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217799/; classtype:trojan-activity;sid:84080899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.130.160.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217802/; classtype:trojan-activity;sid:84080902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217784)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217784/; classtype:trojan-activity;sid:84080884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217780/; classtype:trojan-activity;sid:84080880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217782)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.66.108.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217782/; classtype:trojan-activity;sid:84080882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.87.117.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217763/; classtype:trojan-activity;sid:84080863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217768)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.144.250.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217768/; classtype:trojan-activity;sid:84080868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217775)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217775/; classtype:trojan-activity;sid:84080875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217776)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217776/; classtype:trojan-activity;sid:84080876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217777)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.179.254.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217777/; classtype:trojan-activity;sid:84080877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.221.155.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217778/; classtype:trojan-activity;sid:84080878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217753/; classtype:trojan-activity;sid:84080853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217754/; classtype:trojan-activity;sid:84080854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217757)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.155.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217757/; classtype:trojan-activity;sid:84080857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217759)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217759/; classtype:trojan-activity;sid:84080859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217760)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217760/; classtype:trojan-activity;sid:84080860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217749/; classtype:trojan-activity;sid:84080849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217745)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217745/; classtype:trojan-activity;sid:84080845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217746)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.198.247.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217746/; classtype:trojan-activity;sid:84080846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217733)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.171.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217733/; classtype:trojan-activity;sid:84080833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217734)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217734/; classtype:trojan-activity;sid:84080834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217735)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.119.237.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217735/; classtype:trojan-activity;sid:84080835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217736)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.136.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217736/; classtype:trojan-activity;sid:84080836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217737)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.232.246.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217737/; classtype:trojan-activity;sid:84080837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217738)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217738/; classtype:trojan-activity;sid:84080838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217740)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217740/; classtype:trojan-activity;sid:84080840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217713)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217713/; classtype:trojan-activity;sid:84080813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217715)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.91.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217715/; classtype:trojan-activity;sid:84080815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217716)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217716/; classtype:trojan-activity;sid:84080816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217717/; classtype:trojan-activity;sid:84080817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217719/; classtype:trojan-activity;sid:84080819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217725)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.84.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217725/; classtype:trojan-activity;sid:84080825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217729)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217729/; classtype:trojan-activity;sid:84080829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217710)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217710/; classtype:trojan-activity;sid:84080810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217711)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217711/; classtype:trojan-activity;sid:84080811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217701)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.92.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217701/; classtype:trojan-activity;sid:84080801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217702)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.79.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217702/; classtype:trojan-activity;sid:84080802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217699)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.178.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217699/; classtype:trojan-activity;sid:84080799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217700)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.178.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217700/; classtype:trojan-activity;sid:84080800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217697)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.183.103.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217697/; classtype:trojan-activity;sid:84080797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217698)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.177.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217698/; classtype:trojan-activity;sid:84080798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217691)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.177.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217691/; classtype:trojan-activity;sid:84080791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.183.103.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217692/; classtype:trojan-activity;sid:84080792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217694)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.177.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217694/; classtype:trojan-activity;sid:84080794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217695)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.68.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217695/; classtype:trojan-activity;sid:84080795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217689/; classtype:trojan-activity;sid:84080789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.16.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217684/; classtype:trojan-activity;sid:84080784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217681)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217681/; classtype:trojan-activity;sid:84080781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217682)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217682/; classtype:trojan-activity;sid:84080782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217678)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.41.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217678/; classtype:trojan-activity;sid:84080778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217679)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.26.209.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217679/; classtype:trojan-activity;sid:84080779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217665/; classtype:trojan-activity;sid:84080765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.76.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217666/; classtype:trojan-activity;sid:84080766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217667)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.76.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217667/; classtype:trojan-activity;sid:84080767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.12.184.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217669/; classtype:trojan-activity;sid:84080769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"206.204.128.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217672/; classtype:trojan-activity;sid:84080772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217674/; classtype:trojan-activity;sid:84080774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217661)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217661/; classtype:trojan-activity;sid:84080761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217662)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.41.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217662/; classtype:trojan-activity;sid:84080762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217638)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.6.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217638/; classtype:trojan-activity;sid:84080738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217623)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.165.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217623/; classtype:trojan-activity;sid:84080723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.165.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217624/; classtype:trojan-activity;sid:84080724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217625/; classtype:trojan-activity;sid:84080725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.171.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217627/; classtype:trojan-activity;sid:84080727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217628)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.40.25.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217628/; classtype:trojan-activity;sid:84080728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217621/; classtype:trojan-activity;sid:84080721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217618)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217618/; classtype:trojan-activity;sid:84080718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217562/; classtype:trojan-activity;sid:84080662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217470)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%bf%ae%e6%94%b9%e6%97%b6%e9%97%b4%e6%a0%bc%e5%bc%8f.bat"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"47.94.196.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217470/; classtype:trojan-activity;sid:84080570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.118.215.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217454/; classtype:trojan-activity;sid:84080554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217426/; classtype:trojan-activity;sid:84080526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217367)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.165.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217367/; classtype:trojan-activity;sid:84080467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217144/; classtype:trojan-activity;sid:84080244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217140/; classtype:trojan-activity;sid:84080240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217123/; classtype:trojan-activity;sid:84080223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.147.119.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217126/; classtype:trojan-activity;sid:84080226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217127/; classtype:trojan-activity;sid:84080227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.175.138.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217128/; classtype:trojan-activity;sid:84080228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217129/; classtype:trojan-activity;sid:84080229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217130/; classtype:trojan-activity;sid:84080230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217131/; classtype:trojan-activity;sid:84080231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217132/; classtype:trojan-activity;sid:84080232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217134/; classtype:trojan-activity;sid:84080234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217135/; classtype:trojan-activity;sid:84080235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217136/; classtype:trojan-activity;sid:84080236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.109.148.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217121/; classtype:trojan-activity;sid:84080221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.149.81.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217122/; classtype:trojan-activity;sid:84080222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.174.152.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217119/; classtype:trojan-activity;sid:84080219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.206.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217112/; classtype:trojan-activity;sid:84080212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217115/; classtype:trojan-activity;sid:84080215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.174.32.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217116/; classtype:trojan-activity;sid:84080216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217092/; classtype:trojan-activity;sid:84080192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.95.254.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217093/; classtype:trojan-activity;sid:84080193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217095/; classtype:trojan-activity;sid:84080195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217097/; classtype:trojan-activity;sid:84080197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217098/; classtype:trojan-activity;sid:84080198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.51.180.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217100/; classtype:trojan-activity;sid:84080200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217101/; classtype:trojan-activity;sid:84080201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217109/; classtype:trojan-activity;sid:84080209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217110/; classtype:trojan-activity;sid:84080210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217111/; classtype:trojan-activity;sid:84080211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.103.100.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217081/; classtype:trojan-activity;sid:84080181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.101.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217082/; classtype:trojan-activity;sid:84080182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.209.255.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217084/; classtype:trojan-activity;sid:84080184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.237.174.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217085/; classtype:trojan-activity;sid:84080185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217086/; classtype:trojan-activity;sid:84080186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.252.8.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217087/; classtype:trojan-activity;sid:84080187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217088/; classtype:trojan-activity;sid:84080188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217089/; classtype:trojan-activity;sid:84080189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217090/; classtype:trojan-activity;sid:84080190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217091/; classtype:trojan-activity;sid:84080191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.19.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217067/; classtype:trojan-activity;sid:84080167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217068/; classtype:trojan-activity;sid:84080168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217069/; classtype:trojan-activity;sid:84080169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.106.221.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217070/; classtype:trojan-activity;sid:84080170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.233.59.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217071/; classtype:trojan-activity;sid:84080171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217072/; classtype:trojan-activity;sid:84080172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217073/; classtype:trojan-activity;sid:84080173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217074/; classtype:trojan-activity;sid:84080174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217045/; classtype:trojan-activity;sid:84080145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.189.56.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217047/; classtype:trojan-activity;sid:84080147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217048/; classtype:trojan-activity;sid:84080148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217049/; classtype:trojan-activity;sid:84080149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.119.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217051/; classtype:trojan-activity;sid:84080151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.187.7.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217052/; classtype:trojan-activity;sid:84080152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.202.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217053/; classtype:trojan-activity;sid:84080153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.57.121.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217054/; classtype:trojan-activity;sid:84080154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217055/; classtype:trojan-activity;sid:84080155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217056/; classtype:trojan-activity;sid:84080156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.187.36.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217057/; classtype:trojan-activity;sid:84080157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217058/; classtype:trojan-activity;sid:84080158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217059/; classtype:trojan-activity;sid:84080159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217061/; classtype:trojan-activity;sid:84080161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217062/; classtype:trojan-activity;sid:84080162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217063/; classtype:trojan-activity;sid:84080163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217065/; classtype:trojan-activity;sid:84080165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.219.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217066/; classtype:trojan-activity;sid:84080166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.211.219.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217039/; classtype:trojan-activity;sid:84080139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217040/; classtype:trojan-activity;sid:84080140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217042/; classtype:trojan-activity;sid:84080142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217043/; classtype:trojan-activity;sid:84080143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217037/; classtype:trojan-activity;sid:84080137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217035/; classtype:trojan-activity;sid:84080135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217028/; classtype:trojan-activity;sid:84080128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217029/; classtype:trojan-activity;sid:84080129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.83.178.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217031/; classtype:trojan-activity;sid:84080131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217032/; classtype:trojan-activity;sid:84080132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217033/; classtype:trojan-activity;sid:84080133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217006/; classtype:trojan-activity;sid:84080106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217008/; classtype:trojan-activity;sid:84080108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217009/; classtype:trojan-activity;sid:84080109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217012/; classtype:trojan-activity;sid:84080112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.56.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217016/; classtype:trojan-activity;sid:84080116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.25.133.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217017/; classtype:trojan-activity;sid:84080117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.123.142.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217021/; classtype:trojan-activity;sid:84080121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217023/; classtype:trojan-activity;sid:84080123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217025/; classtype:trojan-activity;sid:84080125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.46.255.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217026/; classtype:trojan-activity;sid:84080126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217001/; classtype:trojan-activity;sid:84080101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217002/; classtype:trojan-activity;sid:84080102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217003/; classtype:trojan-activity;sid:84080103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217004/; classtype:trojan-activity;sid:84080104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.70.0.22"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216999/; classtype:trojan-activity;sid:84080099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.79.48.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216995/; classtype:trojan-activity;sid:84080095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216967/; classtype:trojan-activity;sid:84080067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216968/; classtype:trojan-activity;sid:84080068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216969/; classtype:trojan-activity;sid:84080069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216970/; classtype:trojan-activity;sid:84080070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216971/; classtype:trojan-activity;sid:84080071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.94.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216973/; classtype:trojan-activity;sid:84080073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216974/; classtype:trojan-activity;sid:84080074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.153.80.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216975/; classtype:trojan-activity;sid:84080075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.100.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216976/; classtype:trojan-activity;sid:84080076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.255.217.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216977/; classtype:trojan-activity;sid:84080077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216978/; classtype:trojan-activity;sid:84080078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216979/; classtype:trojan-activity;sid:84080079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216980/; classtype:trojan-activity;sid:84080080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.53.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216981/; classtype:trojan-activity;sid:84080081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.75.32.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216982/; classtype:trojan-activity;sid:84080082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216983/; classtype:trojan-activity;sid:84080083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216986/; classtype:trojan-activity;sid:84080086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216987/; classtype:trojan-activity;sid:84080087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216989/; classtype:trojan-activity;sid:84080089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216960/; classtype:trojan-activity;sid:84080060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216961/; classtype:trojan-activity;sid:84080061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216962/; classtype:trojan-activity;sid:84080062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.235.33.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216965/; classtype:trojan-activity;sid:84080065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216958/; classtype:trojan-activity;sid:84080058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"208.68.68.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216959/; classtype:trojan-activity;sid:84080059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216956/; classtype:trojan-activity;sid:84080056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.29.137.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216957/; classtype:trojan-activity;sid:84080057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216950/; classtype:trojan-activity;sid:84080050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.64.182.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216951/; classtype:trojan-activity;sid:84080051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216952/; classtype:trojan-activity;sid:84080052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216923/; classtype:trojan-activity;sid:84080023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216924/; classtype:trojan-activity;sid:84080024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.253.241.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216930/; classtype:trojan-activity;sid:84080030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.93.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216932/; classtype:trojan-activity;sid:84080032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216933/; classtype:trojan-activity;sid:84080033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216934/; classtype:trojan-activity;sid:84080034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216935/; classtype:trojan-activity;sid:84080035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216937/; classtype:trojan-activity;sid:84080037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.128.231.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216938/; classtype:trojan-activity;sid:84080038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216939/; classtype:trojan-activity;sid:84080039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216941/; classtype:trojan-activity;sid:84080041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.252.114.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216942/; classtype:trojan-activity;sid:84080042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216943/; classtype:trojan-activity;sid:84080043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216945/; classtype:trojan-activity;sid:84080045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216946/; classtype:trojan-activity;sid:84080046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216947/; classtype:trojan-activity;sid:84080047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216917/; classtype:trojan-activity;sid:84080017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216919/; classtype:trojan-activity;sid:84080019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.107.239.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216920/; classtype:trojan-activity;sid:84080020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.253.126.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216913/; classtype:trojan-activity;sid:84080013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216889/; classtype:trojan-activity;sid:84079989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216891/; classtype:trojan-activity;sid:84079991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216892/; classtype:trojan-activity;sid:84079992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216893/; classtype:trojan-activity;sid:84079993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216894/; classtype:trojan-activity;sid:84079994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.218.42.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216897/; classtype:trojan-activity;sid:84079997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216899/; classtype:trojan-activity;sid:84079999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216900/; classtype:trojan-activity;sid:84080000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.216.164.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216903/; classtype:trojan-activity;sid:84080003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216906/; classtype:trojan-activity;sid:84080006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216909/; classtype:trojan-activity;sid:84080009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216911/; classtype:trojan-activity;sid:84080011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.189.188.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216879/; classtype:trojan-activity;sid:84079979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.251.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216880/; classtype:trojan-activity;sid:84079980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.117.197.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216881/; classtype:trojan-activity;sid:84079981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.232.241.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216882/; classtype:trojan-activity;sid:84079982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216883/; classtype:trojan-activity;sid:84079983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.43.6.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216884/; classtype:trojan-activity;sid:84079984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216886/; classtype:trojan-activity;sid:84079986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.236.126.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216888/; classtype:trojan-activity;sid:84079988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.112.2.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216877/; classtype:trojan-activity;sid:84079977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216876/; classtype:trojan-activity;sid:84079976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216850/; classtype:trojan-activity;sid:84079950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.246.106.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216853/; classtype:trojan-activity;sid:84079953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216854/; classtype:trojan-activity;sid:84079954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216855/; classtype:trojan-activity;sid:84079955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216856/; classtype:trojan-activity;sid:84079956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.59.103.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216859/; classtype:trojan-activity;sid:84079959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216860/; classtype:trojan-activity;sid:84079960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.38.241.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216861/; classtype:trojan-activity;sid:84079961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216862/; classtype:trojan-activity;sid:84079962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216863/; classtype:trojan-activity;sid:84079963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216867/; classtype:trojan-activity;sid:84079967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.59.90.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216868/; classtype:trojan-activity;sid:84079968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216841/; classtype:trojan-activity;sid:84079941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216843/; classtype:trojan-activity;sid:84079943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216845/; classtype:trojan-activity;sid:84079945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216846/; classtype:trojan-activity;sid:84079946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216837/; classtype:trojan-activity;sid:84079937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216830/; classtype:trojan-activity;sid:84079930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.112.93.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216831/; classtype:trojan-activity;sid:84079931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.74.246.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216832/; classtype:trojan-activity;sid:84079932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.87.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216833/; classtype:trojan-activity;sid:84079933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.52.48.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216805/; classtype:trojan-activity;sid:84079905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.16.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216808/; classtype:trojan-activity;sid:84079908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216809/; classtype:trojan-activity;sid:84079909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216810/; classtype:trojan-activity;sid:84079910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.249.141.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216811/; classtype:trojan-activity;sid:84079911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216812/; classtype:trojan-activity;sid:84079912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216813/; classtype:trojan-activity;sid:84079913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.222.45.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216817/; classtype:trojan-activity;sid:84079917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.118.104.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216818/; classtype:trojan-activity;sid:84079918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216820/; classtype:trojan-activity;sid:84079920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216822/; classtype:trojan-activity;sid:84079922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216823/; classtype:trojan-activity;sid:84079923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.112.212.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216824/; classtype:trojan-activity;sid:84079924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216825/; classtype:trojan-activity;sid:84079925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.93.53.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216826/; classtype:trojan-activity;sid:84079926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.166.89.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216827/; classtype:trojan-activity;sid:84079927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216828/; classtype:trojan-activity;sid:84079928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216802/; classtype:trojan-activity;sid:84079902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216803/; classtype:trojan-activity;sid:84079903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216804/; classtype:trojan-activity;sid:84079904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.19.251.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216799/; classtype:trojan-activity;sid:84079899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.8.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216790/; classtype:trojan-activity;sid:84079890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216794/; classtype:trojan-activity;sid:84079894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216796/; classtype:trojan-activity;sid:84079896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.97.185.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216776/; classtype:trojan-activity;sid:84079876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.148.163.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216777/; classtype:trojan-activity;sid:84079877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216779/; classtype:trojan-activity;sid:84079879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216780/; classtype:trojan-activity;sid:84079880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.16.188.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216782/; classtype:trojan-activity;sid:84079882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.97.137.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216784/; classtype:trojan-activity;sid:84079884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216785/; classtype:trojan-activity;sid:84079885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"86.101.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216786/; classtype:trojan-activity;sid:84079886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.29.162.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216788/; classtype:trojan-activity;sid:84079888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.70.204.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216767/; classtype:trojan-activity;sid:84079867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216769/; classtype:trojan-activity;sid:84079869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.97.185.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216770/; classtype:trojan-activity;sid:84079870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216772/; classtype:trojan-activity;sid:84079872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216773/; classtype:trojan-activity;sid:84079873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216775/; classtype:trojan-activity;sid:84079875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216761/; classtype:trojan-activity;sid:84079861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216763/; classtype:trojan-activity;sid:84079863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.163.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216754/; classtype:trojan-activity;sid:84079854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216751/; classtype:trojan-activity;sid:84079851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216747/; classtype:trojan-activity;sid:84079847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.51.191.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216749/; classtype:trojan-activity;sid:84079849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216750/; classtype:trojan-activity;sid:84079850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.211.169.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216729/; classtype:trojan-activity;sid:84079829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216731/; classtype:trojan-activity;sid:84079831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216732/; classtype:trojan-activity;sid:84079832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216733/; classtype:trojan-activity;sid:84079833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.124.105.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216734/; classtype:trojan-activity;sid:84079834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216735/; classtype:trojan-activity;sid:84079835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.147.127.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216737/; classtype:trojan-activity;sid:84079837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216739/; classtype:trojan-activity;sid:84079839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216740/; classtype:trojan-activity;sid:84079840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216742/; classtype:trojan-activity;sid:84079842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216743/; classtype:trojan-activity;sid:84079843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216744/; classtype:trojan-activity;sid:84079844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.43.59.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216721/; classtype:trojan-activity;sid:84079821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216722/; classtype:trojan-activity;sid:84079822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216724/; classtype:trojan-activity;sid:84079824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216726/; classtype:trojan-activity;sid:84079826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.4.70.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216727/; classtype:trojan-activity;sid:84079827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216717/; classtype:trojan-activity;sid:84079817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.214.56.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216720/; classtype:trojan-activity;sid:84079820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216715/; classtype:trojan-activity;sid:84079815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.138.68.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216713/; classtype:trojan-activity;sid:84079813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216710/; classtype:trojan-activity;sid:84079810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.135.26.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216704/; classtype:trojan-activity;sid:84079804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.0.136.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216707/; classtype:trojan-activity;sid:84079807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216709/; classtype:trojan-activity;sid:84079809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216678/; classtype:trojan-activity;sid:84079778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.42.121.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216680/; classtype:trojan-activity;sid:84079780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216682/; classtype:trojan-activity;sid:84079782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.97.185.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216683/; classtype:trojan-activity;sid:84079783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216684/; classtype:trojan-activity;sid:84079784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216686/; classtype:trojan-activity;sid:84079786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216688/; classtype:trojan-activity;sid:84079788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.141.241.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216689/; classtype:trojan-activity;sid:84079789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216690/; classtype:trojan-activity;sid:84079790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.210.35.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216691/; classtype:trojan-activity;sid:84079791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.185.229.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216692/; classtype:trojan-activity;sid:84079792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.43.113.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216693/; classtype:trojan-activity;sid:84079793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216694/; classtype:trojan-activity;sid:84079794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.120.28.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216695/; classtype:trojan-activity;sid:84079795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216696/; classtype:trojan-activity;sid:84079796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.128.81.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216698/; classtype:trojan-activity;sid:84079798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.250.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216699/; classtype:trojan-activity;sid:84079799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216700/; classtype:trojan-activity;sid:84079800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.198.199.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216703/; classtype:trojan-activity;sid:84079803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216676/; classtype:trojan-activity;sid:84079776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.214.56.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216672/; classtype:trojan-activity;sid:84079772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.232.94.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216671/; classtype:trojan-activity;sid:84079771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216670/; classtype:trojan-activity;sid:84079770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216648/; classtype:trojan-activity;sid:84079748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216650/; classtype:trojan-activity;sid:84079750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216651/; classtype:trojan-activity;sid:84079751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216652/; classtype:trojan-activity;sid:84079752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216653/; classtype:trojan-activity;sid:84079753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216656/; classtype:trojan-activity;sid:84079756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216658/; classtype:trojan-activity;sid:84079758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216661/; classtype:trojan-activity;sid:84079761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216663/; classtype:trojan-activity;sid:84079763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216664/; classtype:trojan-activity;sid:84079764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216666/; classtype:trojan-activity;sid:84079766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.213.121.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216667/; classtype:trojan-activity;sid:84079767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.72.45.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216640/; classtype:trojan-activity;sid:84079740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216641/; classtype:trojan-activity;sid:84079741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.67.115.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216642/; classtype:trojan-activity;sid:84079742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216644/; classtype:trojan-activity;sid:84079744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.237.174.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216645/; classtype:trojan-activity;sid:84079745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216646/; classtype:trojan-activity;sid:84079746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.226.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216647/; classtype:trojan-activity;sid:84079747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216637/; classtype:trojan-activity;sid:84079737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.204.58.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216634/; classtype:trojan-activity;sid:84079734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216636/; classtype:trojan-activity;sid:84079736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216633/; classtype:trojan-activity;sid:84079733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.169.136.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216632/; classtype:trojan-activity;sid:84079732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216626/; classtype:trojan-activity;sid:84079726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216627/; classtype:trojan-activity;sid:84079727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216629/; classtype:trojan-activity;sid:84079729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216630/; classtype:trojan-activity;sid:84079730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216606/; classtype:trojan-activity;sid:84079706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216607/; classtype:trojan-activity;sid:84079707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.7.42.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216609/; classtype:trojan-activity;sid:84079709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216610/; classtype:trojan-activity;sid:84079710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216611/; classtype:trojan-activity;sid:84079711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216614/; classtype:trojan-activity;sid:84079714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216615/; classtype:trojan-activity;sid:84079715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.49.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216616/; classtype:trojan-activity;sid:84079716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.233.158.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216617/; classtype:trojan-activity;sid:84079717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.95.14.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216619/; classtype:trojan-activity;sid:84079719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216621/; classtype:trojan-activity;sid:84079721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.105.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216622/; classtype:trojan-activity;sid:84079722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216624/; classtype:trojan-activity;sid:84079724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.204.218.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216625/; classtype:trojan-activity;sid:84079725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216599/; classtype:trojan-activity;sid:84079699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216600/; classtype:trojan-activity;sid:84079700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216602/; classtype:trojan-activity;sid:84079702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216603/; classtype:trojan-activity;sid:84079703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.122.28.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216597/; classtype:trojan-activity;sid:84079697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216598/; classtype:trojan-activity;sid:84079698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.169.235.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216593/; classtype:trojan-activity;sid:84079693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216594/; classtype:trojan-activity;sid:84079694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.137.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216591/; classtype:trojan-activity;sid:84079691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216572/; classtype:trojan-activity;sid:84079672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.90.28.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216573/; classtype:trojan-activity;sid:84079673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216574/; classtype:trojan-activity;sid:84079674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216575/; classtype:trojan-activity;sid:84079675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216576/; classtype:trojan-activity;sid:84079676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216581/; classtype:trojan-activity;sid:84079681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216582/; classtype:trojan-activity;sid:84079682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216583/; classtype:trojan-activity;sid:84079683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216584/; classtype:trojan-activity;sid:84079684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.255.163.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216585/; classtype:trojan-activity;sid:84079685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216588/; classtype:trojan-activity;sid:84079688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.255.42.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216552/; classtype:trojan-activity;sid:84079652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216553/; classtype:trojan-activity;sid:84079653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.239.22.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216554/; classtype:trojan-activity;sid:84079654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216555/; classtype:trojan-activity;sid:84079655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.112.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216556/; classtype:trojan-activity;sid:84079656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216557/; classtype:trojan-activity;sid:84079657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.188.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216558/; classtype:trojan-activity;sid:84079658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216559/; classtype:trojan-activity;sid:84079659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.9.34.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216560/; classtype:trojan-activity;sid:84079660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216561/; classtype:trojan-activity;sid:84079661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.164.252.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216562/; classtype:trojan-activity;sid:84079662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216564/; classtype:trojan-activity;sid:84079664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216565/; classtype:trojan-activity;sid:84079665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216567/; classtype:trojan-activity;sid:84079667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.251.68.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216568/; classtype:trojan-activity;sid:84079668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216569/; classtype:trojan-activity;sid:84079669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216551/; classtype:trojan-activity;sid:84079651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216537/; classtype:trojan-activity;sid:84079637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.43.80.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216541/; classtype:trojan-activity;sid:84079641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.74.144.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216542/; classtype:trojan-activity;sid:84079642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"86.101.187.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216543/; classtype:trojan-activity;sid:84079643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216545/; classtype:trojan-activity;sid:84079645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216511/; classtype:trojan-activity;sid:84079611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.124.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216512/; classtype:trojan-activity;sid:84079612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216513/; classtype:trojan-activity;sid:84079613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216514/; classtype:trojan-activity;sid:84079614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.147.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216518/; classtype:trojan-activity;sid:84079618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216519/; classtype:trojan-activity;sid:84079619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216520/; classtype:trojan-activity;sid:84079620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216522/; classtype:trojan-activity;sid:84079622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.72.199.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216524/; classtype:trojan-activity;sid:84079624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.30.113.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216526/; classtype:trojan-activity;sid:84079626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216527/; classtype:trojan-activity;sid:84079627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.219.119.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216528/; classtype:trojan-activity;sid:84079628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216529/; classtype:trojan-activity;sid:84079629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216531/; classtype:trojan-activity;sid:84079631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216532/; classtype:trojan-activity;sid:84079632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.177.98.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216533/; classtype:trojan-activity;sid:84079633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216534/; classtype:trojan-activity;sid:84079634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216535/; classtype:trojan-activity;sid:84079635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216536/; classtype:trojan-activity;sid:84079636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216509/; classtype:trojan-activity;sid:84079609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216510/; classtype:trojan-activity;sid:84079610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216507/; classtype:trojan-activity;sid:84079607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216503/; classtype:trojan-activity;sid:84079603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216480/; classtype:trojan-activity;sid:84079580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.78.75.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216481/; classtype:trojan-activity;sid:84079581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.70.95.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216483/; classtype:trojan-activity;sid:84079583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216484/; classtype:trojan-activity;sid:84079584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216485/; classtype:trojan-activity;sid:84079585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216488/; classtype:trojan-activity;sid:84079588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.11.216.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216489/; classtype:trojan-activity;sid:84079589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.212.52.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216490/; classtype:trojan-activity;sid:84079590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216491/; classtype:trojan-activity;sid:84079591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216492/; classtype:trojan-activity;sid:84079592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.202.220.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216495/; classtype:trojan-activity;sid:84079595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216496/; classtype:trojan-activity;sid:84079596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216497/; classtype:trojan-activity;sid:84079597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216498/; classtype:trojan-activity;sid:84079598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.252.66.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216499/; classtype:trojan-activity;sid:84079599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.101.191.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216500/; classtype:trojan-activity;sid:84079600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216501/; classtype:trojan-activity;sid:84079601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216470/; classtype:trojan-activity;sid:84079570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216471/; classtype:trojan-activity;sid:84079571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.124.61.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216475/; classtype:trojan-activity;sid:84079575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216478/; classtype:trojan-activity;sid:84079578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216479/; classtype:trojan-activity;sid:84079579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216468/; classtype:trojan-activity;sid:84079568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216464/; classtype:trojan-activity;sid:84079564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216465/; classtype:trojan-activity;sid:84079565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216463/; classtype:trojan-activity;sid:84079563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216457)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"223.247.198.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216457/; classtype:trojan-activity;sid:84079557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216456/; classtype:trojan-activity;sid:84079556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216452)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"123.235.29.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216452/; classtype:trojan-activity;sid:84079552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216450)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.167.115.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216450/; classtype:trojan-activity;sid:84079550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216448)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.152.32.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216448/; classtype:trojan-activity;sid:84079548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216443)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216443/; classtype:trojan-activity;sid:84079543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216440)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.215.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216440/; classtype:trojan-activity;sid:84079540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216437)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216437/; classtype:trojan-activity;sid:84079537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216434)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.115.56.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216434/; classtype:trojan-activity;sid:84079534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216435)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216435/; classtype:trojan-activity;sid:84079535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216430)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216430/; classtype:trojan-activity;sid:84079530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216431)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.156.109.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216431/; classtype:trojan-activity;sid:84079531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216428)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.220.203.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216428/; classtype:trojan-activity;sid:84079528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216429)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"123.132.224.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216429/; classtype:trojan-activity;sid:84079529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.15.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216425/; classtype:trojan-activity;sid:84079525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216422)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60.29.43.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216422/; classtype:trojan-activity;sid:84079522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216423)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.233.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216423/; classtype:trojan-activity;sid:84079523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216421)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.92.214.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216421/; classtype:trojan-activity;sid:84079521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216420)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"165.220.157.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216420/; classtype:trojan-activity;sid:84079520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216418)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.249.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216418/; classtype:trojan-activity;sid:84079518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216419/; classtype:trojan-activity;sid:84079519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.98.186.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216413/; classtype:trojan-activity;sid:84079513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.83.248.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216414/; classtype:trojan-activity;sid:84079514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216411)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"219.73.22.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216411/; classtype:trojan-activity;sid:84079511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216409)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.127.74.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216409/; classtype:trojan-activity;sid:84079509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216406)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.232.126.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216406/; classtype:trojan-activity;sid:84079506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216404)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.158.25.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216404/; classtype:trojan-activity;sid:84079504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216403)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"223.247.198.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216403/; classtype:trojan-activity;sid:84079503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216396)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216396/; classtype:trojan-activity;sid:84079496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216392)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"119.45.127.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216392/; classtype:trojan-activity;sid:84079492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216393)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.219.177.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216393/; classtype:trojan-activity;sid:84079493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216389)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.214.180.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216389/; classtype:trojan-activity;sid:84079489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216384)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.12.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216384/; classtype:trojan-activity;sid:84079484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216382)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216382/; classtype:trojan-activity;sid:84079482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216380)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.220.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216380/; classtype:trojan-activity;sid:84079480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216377)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.110.15.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216377/; classtype:trojan-activity;sid:84079477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216376)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.169.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216376/; classtype:trojan-activity;sid:84079476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216372)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216372/; classtype:trojan-activity;sid:84079472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216371)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.71.73.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216371/; classtype:trojan-activity;sid:84079471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216369)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.233.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216369/; classtype:trojan-activity;sid:84079469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216365)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216365/; classtype:trojan-activity;sid:84079465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216357)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"39.108.237.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216357/; classtype:trojan-activity;sid:84079457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216353)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.117.136.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216353/; classtype:trojan-activity;sid:84079453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216352)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.85.241.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216352/; classtype:trojan-activity;sid:84079452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216349)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216349/; classtype:trojan-activity;sid:84079449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.13.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216334/; classtype:trojan-activity;sid:84079434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216333)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.60.25.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216333/; classtype:trojan-activity;sid:84079433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216330)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.167.172.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216330/; classtype:trojan-activity;sid:84079430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216331)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.167.172.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216331/; classtype:trojan-activity;sid:84079431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216329/; classtype:trojan-activity;sid:84079429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.240.97.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216327/; classtype:trojan-activity;sid:84079427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216326)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216326/; classtype:trojan-activity;sid:84079426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216324)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.109.126.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216324/; classtype:trojan-activity;sid:84079424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216325)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.62.190.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216325/; classtype:trojan-activity;sid:84079425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216323)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216323/; classtype:trojan-activity;sid:84079423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216322/; classtype:trojan-activity;sid:84079422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216321/; classtype:trojan-activity;sid:84079421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.211.112.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216320/; classtype:trojan-activity;sid:84079420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216319)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.58.56.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216319/; classtype:trojan-activity;sid:84079419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216318/; classtype:trojan-activity;sid:84079418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216317)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.62.190.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216317/; classtype:trojan-activity;sid:84079417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216314)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216314/; classtype:trojan-activity;sid:84079414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216306)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216306/; classtype:trojan-activity;sid:84079406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216305)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.218.175.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216305/; classtype:trojan-activity;sid:84079405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216304/; classtype:trojan-activity;sid:84079404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216302/; classtype:trojan-activity;sid:84079402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.195.82.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216303/; classtype:trojan-activity;sid:84079403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216301/; classtype:trojan-activity;sid:84079401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216290)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%5bwin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"117.50.184.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216290/; classtype:trojan-activity;sid:84079390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215858/; classtype:trojan-activity;sid:84078958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.206.226.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215856/; classtype:trojan-activity;sid:84078956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.236.126.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215857/; classtype:trojan-activity;sid:84078957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.128.81.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215845/; classtype:trojan-activity;sid:84078945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.4.70.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215846/; classtype:trojan-activity;sid:84078946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215838/; classtype:trojan-activity;sid:84078938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215839/; classtype:trojan-activity;sid:84078939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.124.61.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215842/; classtype:trojan-activity;sid:84078942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.252.8.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215843/; classtype:trojan-activity;sid:84078943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.16.188.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215837/; classtype:trojan-activity;sid:84078937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215834/; classtype:trojan-activity;sid:84078934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.202.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215835/; classtype:trojan-activity;sid:84078935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215832/; classtype:trojan-activity;sid:84078932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215822/; classtype:trojan-activity;sid:84078922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215823/; classtype:trojan-activity;sid:84078923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215826/; classtype:trojan-activity;sid:84078926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215829/; classtype:trojan-activity;sid:84078929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.83.178.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215814/; classtype:trojan-activity;sid:84078914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215816/; classtype:trojan-activity;sid:84078916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.174.32.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215812/; classtype:trojan-activity;sid:84078912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.51.180.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215813/; classtype:trojan-activity;sid:84078913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215810/; classtype:trojan-activity;sid:84078910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215811/; classtype:trojan-activity;sid:84078911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215800/; classtype:trojan-activity;sid:84078900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.233.158.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215805/; classtype:trojan-activity;sid:84078905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215806/; classtype:trojan-activity;sid:84078906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.14.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215809/; classtype:trojan-activity;sid:84078909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.90.28.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215778/; classtype:trojan-activity;sid:84078878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.151.108.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215780/; classtype:trojan-activity;sid:84078880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.70.0.22"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215782/; classtype:trojan-activity;sid:84078882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215784/; classtype:trojan-activity;sid:84078884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215785/; classtype:trojan-activity;sid:84078885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.7.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215787/; classtype:trojan-activity;sid:84078887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215788/; classtype:trojan-activity;sid:84078888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.246.106.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215790/; classtype:trojan-activity;sid:84078890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.11.216.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215791/; classtype:trojan-activity;sid:84078891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215792/; classtype:trojan-activity;sid:84078892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215793/; classtype:trojan-activity;sid:84078893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215794/; classtype:trojan-activity;sid:84078894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215795/; classtype:trojan-activity;sid:84078895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.147.119.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215796/; classtype:trojan-activity;sid:84078896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215775/; classtype:trojan-activity;sid:84078875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215776/; classtype:trojan-activity;sid:84078876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215772/; classtype:trojan-activity;sid:84078872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215485/; classtype:trojan-activity;sid:84078585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.16.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215484/; classtype:trojan-activity;sid:84078584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215481/; classtype:trojan-activity;sid:84078581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215482/; classtype:trojan-activity;sid:84078582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215483/; classtype:trojan-activity;sid:84078583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215478/; classtype:trojan-activity;sid:84078578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.124.105.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215470/; classtype:trojan-activity;sid:84078570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.103.100.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215471/; classtype:trojan-activity;sid:84078571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.153.80.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215472/; classtype:trojan-activity;sid:84078572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215473/; classtype:trojan-activity;sid:84078573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215474/; classtype:trojan-activity;sid:84078574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.135.26.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215476/; classtype:trojan-activity;sid:84078576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.68.68.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215467/; classtype:trojan-activity;sid:84078567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215468/; classtype:trojan-activity;sid:84078568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.30.113.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215461/; classtype:trojan-activity;sid:84078561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215462/; classtype:trojan-activity;sid:84078562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215463/; classtype:trojan-activity;sid:84078563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.98.186.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215464/; classtype:trojan-activity;sid:84078564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215465/; classtype:trojan-activity;sid:84078565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.253.126.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215450/; classtype:trojan-activity;sid:84078550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215451/; classtype:trojan-activity;sid:84078551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.78.75.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215452/; classtype:trojan-activity;sid:84078552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.239.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215453/; classtype:trojan-activity;sid:84078553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215455/; classtype:trojan-activity;sid:84078555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.195.82.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215456/; classtype:trojan-activity;sid:84078556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.59.103.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215458/; classtype:trojan-activity;sid:84078558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.9.34.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215447/; classtype:trojan-activity;sid:84078547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215449/; classtype:trojan-activity;sid:84078549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.218.42.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215442/; classtype:trojan-activity;sid:84078542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.204.218.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215433/; classtype:trojan-activity;sid:84078533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215434/; classtype:trojan-activity;sid:84078534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215435/; classtype:trojan-activity;sid:84078535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.75.32.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215437/; classtype:trojan-activity;sid:84078537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.148.163.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215438/; classtype:trojan-activity;sid:84078538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.140.13.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215439/; classtype:trojan-activity;sid:84078539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215440/; classtype:trojan-activity;sid:84078540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.43.80.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215430/; classtype:trojan-activity;sid:84078530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.15.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215424/; classtype:trojan-activity;sid:84078524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215425/; classtype:trojan-activity;sid:84078525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.147.127.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215427/; classtype:trojan-activity;sid:84078527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.141.241.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215429/; classtype:trojan-activity;sid:84078529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215421/; classtype:trojan-activity;sid:84078521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215422/; classtype:trojan-activity;sid:84078522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215420/; classtype:trojan-activity;sid:84078520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.235.33.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215416/; classtype:trojan-activity;sid:84078516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.217.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215417/; classtype:trojan-activity;sid:84078517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.252.114.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215418/; classtype:trojan-activity;sid:84078518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.189.56.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215419/; classtype:trojan-activity;sid:84078519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215409/; classtype:trojan-activity;sid:84078509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215410/; classtype:trojan-activity;sid:84078510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"130.185.229.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215411/; classtype:trojan-activity;sid:84078511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215414/; classtype:trojan-activity;sid:84078514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215403/; classtype:trojan-activity;sid:84078503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215404/; classtype:trojan-activity;sid:84078504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215401/; classtype:trojan-activity;sid:84078501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.149.81.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215402/; classtype:trojan-activity;sid:84078502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.166.89.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215390/; classtype:trojan-activity;sid:84078490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215392/; classtype:trojan-activity;sid:84078492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"134.249.141.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215393/; classtype:trojan-activity;sid:84078493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.72.199.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215395/; classtype:trojan-activity;sid:84078495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.250.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215398/; classtype:trojan-activity;sid:84078498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215399/; classtype:trojan-activity;sid:84078499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.251.68.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215384/; classtype:trojan-activity;sid:84078484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.72.45.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215385/; classtype:trojan-activity;sid:84078485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.204.58.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215387/; classtype:trojan-activity;sid:84078487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215388/; classtype:trojan-activity;sid:84078488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215382/; classtype:trojan-activity;sid:84078482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.251.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215383/; classtype:trojan-activity;sid:84078483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.112.2.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215375/; classtype:trojan-activity;sid:84078475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.232.94.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215376/; classtype:trojan-activity;sid:84078476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215377/; classtype:trojan-activity;sid:84078477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.137.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215379/; classtype:trojan-activity;sid:84078479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215366/; classtype:trojan-activity;sid:84078466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.213.121.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215368/; classtype:trojan-activity;sid:84078468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215369/; classtype:trojan-activity;sid:84078469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215371/; classtype:trojan-activity;sid:84078471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215358/; classtype:trojan-activity;sid:84078458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215359/; classtype:trojan-activity;sid:84078459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.109.148.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215360/; classtype:trojan-activity;sid:84078460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215362/; classtype:trojan-activity;sid:84078462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215363/; classtype:trojan-activity;sid:84078463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.112.212.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215364/; classtype:trojan-activity;sid:84078464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215365/; classtype:trojan-activity;sid:84078465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.211.219.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215355/; classtype:trojan-activity;sid:84078455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215356/; classtype:trojan-activity;sid:84078456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215357/; classtype:trojan-activity;sid:84078457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215327)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.115.230.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215327/; classtype:trojan-activity;sid:84078427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215319)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.147.234.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215319/; classtype:trojan-activity;sid:84078419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215297)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.148.5.183"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215297/; classtype:trojan-activity;sid:84078397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215292)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.92.86.239"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215292/; classtype:trojan-activity;sid:84078392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215282)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.92.109.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215282/; classtype:trojan-activity;sid:84078382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215259)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215259/; classtype:trojan-activity;sid:84078359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215255)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.141.166.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215255/; classtype:trojan-activity;sid:84078355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214611)"; flow:established,from_client; content:"GET"; http_method; content:"/999.html"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.245.12.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214611/; classtype:trojan-activity;sid:84077711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214609)"; flow:established,from_client; content:"GET"; http_method; content:"/test/msedge_elf.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"156.245.12.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214609/; classtype:trojan-activity;sid:84077709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214597)"; flow:established,from_client; content:"GET"; http_method; content:"/aa.bin"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.245.12.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214597/; classtype:trojan-activity;sid:84077697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214583)"; flow:established,from_client; content:"GET"; http_method; content:"/test/msedge_elf.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"156.245.12.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214583/; classtype:trojan-activity;sid:84077683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214569)"; flow:established,from_client; content:"GET"; http_method; content:"/conf.ini"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.245.12.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214569/; classtype:trojan-activity;sid:84077669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214566)"; flow:established,from_client; content:"GET"; http_method; content:"/test/svchost.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.245.12.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214566/; classtype:trojan-activity;sid:84077666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214183)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.189.76.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214183/; classtype:trojan-activity;sid:84077283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214160)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.254.74.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214160/; classtype:trojan-activity;sid:84077260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214161)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.130.42.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214161/; classtype:trojan-activity;sid:84077261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214166)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.134.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214166/; classtype:trojan-activity;sid:84077266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214170)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.180.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214170/; classtype:trojan-activity;sid:84077270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214157)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.131.50.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214157/; classtype:trojan-activity;sid:84077257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214137)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.252.182.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214137/; classtype:trojan-activity;sid:84077237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214136)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.105.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214136/; classtype:trojan-activity;sid:84077236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214106)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.250.188.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214106/; classtype:trojan-activity;sid:84077206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214119)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.244.167.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214119/; classtype:trojan-activity;sid:84077219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214099)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.15.224.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214099/; classtype:trojan-activity;sid:84077199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.214.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214078/; classtype:trojan-activity;sid:84077178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213897)"; flow:established,from_client; content:"GET"; http_method; content:"/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213897/; classtype:trojan-activity;sid:84076997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.214.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213563/; classtype:trojan-activity;sid:84076663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.214.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213507/; classtype:trojan-activity;sid:84076607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208612)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewpeloxttug.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208612/; classtype:trojan-activity;sid:84071712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208614)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rstxdhuj.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208614/; classtype:trojan-activity;sid:84071714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208610)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle2.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208610/; classtype:trojan-activity;sid:84071710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208611)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummetc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208611/; classtype:trojan-activity;sid:84071711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208605)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lgendpremium.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208605/; classtype:trojan-activity;sid:84071705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208603)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/deliciouspart.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208603/; classtype:trojan-activity;sid:84071703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208604)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pkcontent.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208604/; classtype:trojan-activity;sid:84071704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208362)"; flow:established,from_client; content:"GET"; http_method; content:"/erhtrnrtw/2.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"passagetoeastafrica.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208362/; classtype:trojan-activity;sid:84071462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208345)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208345/; classtype:trojan-activity;sid:84071445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208342)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208342/; classtype:trojan-activity;sid:84071442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208343)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208343/; classtype:trojan-activity;sid:84071443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208334)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208334/; classtype:trojan-activity;sid:84071434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208335)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208335/; classtype:trojan-activity;sid:84071435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208336)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208336/; classtype:trojan-activity;sid:84071436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208337)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208337/; classtype:trojan-activity;sid:84071437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208339)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208339/; classtype:trojan-activity;sid:84071439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208340)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208340/; classtype:trojan-activity;sid:84071440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208315)"; flow:established,from_client; content:"GET"; http_method; content:"/download/3d%20builder_12_1201419.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"znrq.zifwxq.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208315/; classtype:trojan-activity;sid:84071415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208141)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.71.158.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208141/; classtype:trojan-activity;sid:84071241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208139)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.196.95.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208139/; classtype:trojan-activity;sid:84071239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3207955)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.14.126.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3207955/; classtype:trojan-activity;sid:84071055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3207907)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"80.64.30.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3207907/; classtype:trojan-activity;sid:84071007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206293)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/2pac.php"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206293/; classtype:trojan-activity;sid:84069393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3205869)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.174.32.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3205869/; classtype:trojan-activity;sid:84068969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3205093)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"199.195.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3205093/; classtype:trojan-activity;sid:84068193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204951)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.91.190.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204951/; classtype:trojan-activity;sid:84068051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204952)"; flow:established,from_client; content:"GET"; http_method; content:"/uidiscord.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.91.190.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204952/; classtype:trojan-activity;sid:84068052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204953)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.91.190.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204953/; classtype:trojan-activity;sid:84068053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204954)"; flow:established,from_client; content:"GET"; http_method; content:"/exit.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.91.190.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204954/; classtype:trojan-activity;sid:84068054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204955)"; flow:established,from_client; content:"GET"; http_method; content:"/onelove.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.91.190.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204955/; classtype:trojan-activity;sid:84068055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204753/; classtype:trojan-activity;sid:84067853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204733/; classtype:trojan-activity;sid:84067833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204531)"; flow:established,from_client; content:"GET"; http_method; content:"/for_down/2013/new/dlls/rse/rsreport.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"download.suxiazai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204531/; classtype:trojan-activity;sid:84067631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3203017)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/drg/rtc/f3dll.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_01; reference:url, urlhaus.abuse.ch/url/3203017/; classtype:trojan-activity;sid:84066117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202083)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/dj1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202083/; classtype:trojan-activity;sid:84065183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3201686)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18-jwgmnsvcsyj0vhz_f9cqmqhwd-8fq8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3201686/; classtype:trojan-activity;sid:84064786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3201676)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zjiuyifrkwemay58vp5hw7q3tqzhafaw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3201676/; classtype:trojan-activity;sid:84064776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200739)"; flow:established,from_client; content:"GET"; http_method; content:"/fissionbaby/file/fissionbabyv242.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tianyinsoft.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200739/; classtype:trojan-activity;sid:84063839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200548)"; flow:established,from_client; content:"GET"; http_method; content:"/slinky/slinkycrack.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"crystalpvp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200548/; classtype:trojan-activity;sid:84063648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198896)"; flow:established,from_client; content:"GET"; http_method; content:"/itplan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198896/; classtype:trojan-activity;sid:84061996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198884)"; flow:established,from_client; content:"GET"; http_method; content:"/itplan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198884/; classtype:trojan-activity;sid:84061984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198881)"; flow:established,from_client; content:"GET"; http_method; content:"/it_plan_cifs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198881/; classtype:trojan-activity;sid:84061981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198880)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%99%9a%e6%8b%9f%e6%9c%ba%e9%9a%8f%e6%9c%bamac.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"180.140.124.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198880/; classtype:trojan-activity;sid:84061980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198873)"; flow:established,from_client; content:"GET"; http_method; content:"/it_plan_cifs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198873/; classtype:trojan-activity;sid:84061973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198849)"; flow:established,from_client; content:"GET"; http_method; content:"/tstory.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198849/; classtype:trojan-activity;sid:84061949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198830)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%99%9a%e6%8b%9f%e6%9c%ba%e6%8e%92%e5%88%97.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"180.140.124.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198830/; classtype:trojan-activity;sid:84061930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198771)"; flow:established,from_client; content:"GET"; http_method; content:"/9402.tmp.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"195.60.232.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198771/; classtype:trojan-activity;sid:84061871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198763)"; flow:established,from_client; content:"GET"; http_method; content:"/python3.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.100.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198763/; classtype:trojan-activity;sid:84061863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198764)"; flow:established,from_client; content:"GET"; http_method; content:"/host.out"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.50.0.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198764/; classtype:trojan-activity;sid:84061864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198759)"; flow:established,from_client; content:"GET"; http_method; content:"/psexec64.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198759/; classtype:trojan-activity;sid:84061859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198753)"; flow:established,from_client; content:"GET"; http_method; content:"/pinginfoview.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198753/; classtype:trojan-activity;sid:84061853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198751)"; flow:established,from_client; content:"GET"; http_method; content:"/notmyfault.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.60.232.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198751/; classtype:trojan-activity;sid:84061851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198713)"; flow:established,from_client; content:"GET"; http_method; content:"/tstory.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198713/; classtype:trojan-activity;sid:84061813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198703)"; flow:established,from_client; content:"GET"; http_method; content:"/naver.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198703/; classtype:trojan-activity;sid:84061803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198696)"; flow:established,from_client; content:"GET"; http_method; content:"/cen22.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.100.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198696/; classtype:trojan-activity;sid:84061796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198687)"; flow:established,from_client; content:"GET"; http_method; content:"/bluescreen.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.60.232.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198687/; classtype:trojan-activity;sid:84061787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195888)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.188.137.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195888/; classtype:trojan-activity;sid:84058988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195887)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.98.231.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195887/; classtype:trojan-activity;sid:84058987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195883)"; flow:established,from_client; content:"GET"; http_method; content:"/scanport.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195883/; classtype:trojan-activity;sid:84058983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195851)"; flow:established,from_client; content:"GET"; http_method; content:"/hid.dll"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"112.124.28.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195851/; classtype:trojan-activity;sid:84058951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195849)"; flow:established,from_client; content:"GET"; http_method; content:"/nc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.124.28.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195849/; classtype:trojan-activity;sid:84058949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195848)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"39.105.31.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195848/; classtype:trojan-activity;sid:84058948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195847)"; flow:established,from_client; content:"GET"; http_method; content:"/abc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"39.105.31.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195847/; classtype:trojan-activity;sid:84058947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195831)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195831/; classtype:trojan-activity;sid:84058931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195832)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195832/; classtype:trojan-activity;sid:84058932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195759)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195759/; classtype:trojan-activity;sid:84058859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195736)"; flow:established,from_client; content:"GET"; http_method; content:"/fx8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.250.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195736/; classtype:trojan-activity;sid:84058836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195734)"; flow:established,from_client; content:"GET"; http_method; content:"/chromesetup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"119.167.70.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195734/; classtype:trojan-activity;sid:84058834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195292)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%b8%85%e7%90%86%e5%9e%83%e5%9c%be.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"39.103.217.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195292/; classtype:trojan-activity;sid:84058392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195274)"; flow:established,from_client; content:"GET"; http_method; content:"/pesinislem.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"78.186.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195274/; classtype:trojan-activity;sid:84058374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195257)"; flow:established,from_client; content:"GET"; http_method; content:"/fiddlersetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.123.237.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195257/; classtype:trojan-activity;sid:84058357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195255)"; flow:established,from_client; content:"GET"; http_method; content:"/exsync.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.137.135.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195255/; classtype:trojan-activity;sid:84058355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195166)"; flow:established,from_client; content:"GET"; http_method; content:"/aact.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.22.21.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195166/; classtype:trojan-activity;sid:84058266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195157)"; flow:established,from_client; content:"GET"; http_method; content:"/chromesetup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195157/; classtype:trojan-activity;sid:84058257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195153)"; flow:established,from_client; content:"GET"; http_method; content:"/aq2.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195153/; classtype:trojan-activity;sid:84058253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195151)"; flow:established,from_client; content:"GET"; http_method; content:"/aq.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.186.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195151/; classtype:trojan-activity;sid:84058251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193861)"; flow:established,from_client; content:"GET"; http_method; content:"/massgravel/microsoft-activation-scripts/b1b5299c4725d97349b18b59061647198f7cc59b/mas/all-in-one-version-kl/mas_aio.cmd"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193861/; classtype:trojan-activity;sid:84056961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192740)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192740/; classtype:trojan-activity;sid:84055840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192738)"; flow:established,from_client; content:"GET"; http_method; content:"/sq1mon-v.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192738/; classtype:trojan-activity;sid:84055838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192737)"; flow:established,from_client; content:"GET"; http_method; content:"/library.so"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192737/; classtype:trojan-activity;sid:84055837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192735)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192735/; classtype:trojan-activity;sid:84055835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192736)"; flow:established,from_client; content:"GET"; http_method; content:"/data.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192736/; classtype:trojan-activity;sid:84055836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192734)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192734/; classtype:trojan-activity;sid:84055834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192733)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_lagacy.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192733/; classtype:trojan-activity;sid:84055833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192732)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192732/; classtype:trojan-activity;sid:84055832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192730)"; flow:established,from_client; content:"GET"; http_method; content:"/cabbage.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192730/; classtype:trojan-activity;sid:84055830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192568)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_trunk/win32/mimikatz.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"120.25.163.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192568/; classtype:trojan-activity;sid:84055668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192534)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192534/; classtype:trojan-activity;sid:84055634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192516)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192516/; classtype:trojan-activity;sid:84055616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192483)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192483/; classtype:trojan-activity;sid:84055583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192484)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192484/; classtype:trojan-activity;sid:84055584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192482)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192482/; classtype:trojan-activity;sid:84055582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192481)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192481/; classtype:trojan-activity;sid:84055581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192471)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192471/; classtype:trojan-activity;sid:84055571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192473)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192473/; classtype:trojan-activity;sid:84055573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192474)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192474/; classtype:trojan-activity;sid:84055574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192475)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192475/; classtype:trojan-activity;sid:84055575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192476)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192476/; classtype:trojan-activity;sid:84055576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192478)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192478/; classtype:trojan-activity;sid:84055578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192455)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192455/; classtype:trojan-activity;sid:84055555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192456)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192456/; classtype:trojan-activity;sid:84055556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192457)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192457/; classtype:trojan-activity;sid:84055557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192458)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192458/; classtype:trojan-activity;sid:84055558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192459)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192459/; classtype:trojan-activity;sid:84055559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192460)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192460/; classtype:trojan-activity;sid:84055560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192461)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192461/; classtype:trojan-activity;sid:84055561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192462)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192462/; classtype:trojan-activity;sid:84055562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192463)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192463/; classtype:trojan-activity;sid:84055563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192464)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192464/; classtype:trojan-activity;sid:84055564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192465)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192465/; classtype:trojan-activity;sid:84055565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192466)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192466/; classtype:trojan-activity;sid:84055566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192467)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192467/; classtype:trojan-activity;sid:84055567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192469)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192469/; classtype:trojan-activity;sid:84055569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192470)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192470/; classtype:trojan-activity;sid:84055570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192454)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192454/; classtype:trojan-activity;sid:84055554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192440)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192440/; classtype:trojan-activity;sid:84055540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192448)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192448/; classtype:trojan-activity;sid:84055548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192449)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192449/; classtype:trojan-activity;sid:84055549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192450)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192450/; classtype:trojan-activity;sid:84055550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192435)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192435/; classtype:trojan-activity;sid:84055535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192432)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hailcocks.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192432/; classtype:trojan-activity;sid:84055532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191976)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191976/; classtype:trojan-activity;sid:84055076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191977)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191977/; classtype:trojan-activity;sid:84055077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191978)"; flow:established,from_client; content:"GET"; http_method; content:"/shelld.dss"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191978/; classtype:trojan-activity;sid:84055078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191968)"; flow:established,from_client; content:"GET"; http_method; content:"/shelld.i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191968/; classtype:trojan-activity;sid:84055068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191969)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191969/; classtype:trojan-activity;sid:84055069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191970)"; flow:established,from_client; content:"GET"; http_method; content:"/shelld.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191970/; classtype:trojan-activity;sid:84055070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191971)"; flow:established,from_client; content:"GET"; http_method; content:"/shelld.co"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191971/; classtype:trojan-activity;sid:84055071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191972)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191972/; classtype:trojan-activity;sid:84055072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191973)"; flow:established,from_client; content:"GET"; http_method; content:"/shelld.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191973/; classtype:trojan-activity;sid:84055073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191974)"; flow:established,from_client; content:"GET"; http_method; content:"/shelld.arm61"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191974/; classtype:trojan-activity;sid:84055074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191975)"; flow:established,from_client; content:"GET"; http_method; content:"/shelld.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191975/; classtype:trojan-activity;sid:84055075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191965)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191965/; classtype:trojan-activity;sid:84055065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191966)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191966/; classtype:trojan-activity;sid:84055066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191967)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191967/; classtype:trojan-activity;sid:84055067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191964)"; flow:established,from_client; content:"GET"; http_method; content:"/shelld.586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191964/; classtype:trojan-activity;sid:84055064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191963)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191963/; classtype:trojan-activity;sid:84055063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191959)"; flow:established,from_client; content:"GET"; http_method; content:"/shelld.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191959/; classtype:trojan-activity;sid:84055059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191960)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191960/; classtype:trojan-activity;sid:84055060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191961)"; flow:established,from_client; content:"GET"; http_method; content:"/shelld.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191961/; classtype:trojan-activity;sid:84055061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191958)"; flow:established,from_client; content:"GET"; http_method; content:"/shelld.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191958/; classtype:trojan-activity;sid:84055058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191954)"; flow:established,from_client; content:"GET"; http_method; content:"/shelld.sex.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191954/; classtype:trojan-activity;sid:84055054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191955)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191955/; classtype:trojan-activity;sid:84055055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191956)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191956/; classtype:trojan-activity;sid:84055056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191957)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.117.23.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191957/; classtype:trojan-activity;sid:84055057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191857)"; flow:established,from_client; content:"GET"; http_method; content:"/alfa_shtml/photo.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191857/; classtype:trojan-activity;sid:84054957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191130)"; flow:established,from_client; content:"GET"; http_method; content:"/eodgqfp132.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cmgtrading.eu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3191130/; classtype:trojan-activity;sid:84054230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190997/; classtype:trojan-activity;sid:84054097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190974)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"223.223.179.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190974/; classtype:trojan-activity;sid:84054074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190969)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.50.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190969/; classtype:trojan-activity;sid:84054069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190948)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190948/; classtype:trojan-activity;sid:84054048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190945)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190945/; classtype:trojan-activity;sid:84054045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190937)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.44.116.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190937/; classtype:trojan-activity;sid:84054037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190775)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190775/; classtype:trojan-activity;sid:84053875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190745)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190745/; classtype:trojan-activity;sid:84053845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190704/; classtype:trojan-activity;sid:84053804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190662)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190662/; classtype:trojan-activity;sid:84053762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190652)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190652/; classtype:trojan-activity;sid:84053752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190651)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190651/; classtype:trojan-activity;sid:84053751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190642)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.92.101.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190642/; classtype:trojan-activity;sid:84053742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190640)"; flow:established,from_client; content:"GET"; http_method; content:"/sysloader.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190640/; classtype:trojan-activity;sid:84053740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190579)"; flow:established,from_client; content:"GET"; http_method; content:"/nn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.95.79.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190579/; classtype:trojan-activity;sid:84053679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190578)"; flow:established,from_client; content:"GET"; http_method; content:"/cnrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.95.79.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190578/; classtype:trojan-activity;sid:84053678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190400)"; flow:established,from_client; content:"GET"; http_method; content:"/sc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.95.79.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190400/; classtype:trojan-activity;sid:84053500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190382)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.242.12.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190382/; classtype:trojan-activity;sid:84053482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190347)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190347/; classtype:trojan-activity;sid:84053447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190343)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190343/; classtype:trojan-activity;sid:84053443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190344)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"110.239.6.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190344/; classtype:trojan-activity;sid:84053444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190326)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190326/; classtype:trojan-activity;sid:84053426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190327)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190327/; classtype:trojan-activity;sid:84053427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190328/; classtype:trojan-activity;sid:84053428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190331)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190331/; classtype:trojan-activity;sid:84053431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190332)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190332/; classtype:trojan-activity;sid:84053432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"110.239.6.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190333/; classtype:trojan-activity;sid:84053433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190335)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190335/; classtype:trojan-activity;sid:84053435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190320)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190320/; classtype:trojan-activity;sid:84053420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190321)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190321/; classtype:trojan-activity;sid:84053421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190322)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190322/; classtype:trojan-activity;sid:84053422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190323/; classtype:trojan-activity;sid:84053423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190316)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190316/; classtype:trojan-activity;sid:84053416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190317)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190317/; classtype:trojan-activity;sid:84053417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190318)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190318/; classtype:trojan-activity;sid:84053418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190319)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190319/; classtype:trojan-activity;sid:84053419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190197)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/cyber-city-53e23.appspot.com/o/base.txt|3f|alt=media|7c|26|7c|token=c5cbd710-7d53-4b3a-87ac-6d45c902be57"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190197/; classtype:trojan-activity;sid:84053297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190183)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/descargas-dc4d6.appspot.com/o/envios-nuevos.txt|3f|alt=media|7c|26|7c|token=ce690a60-78eb-401b-bfc6-1dc825e194b2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190183/; classtype:trojan-activity;sid:84053283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190181)"; flow:established,from_client; content:"GET"; http_method; content:"/pastes/01922156-0a1a-798a-ba18-d0ce12473978/raw"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"pastecodeapp.vercel.app"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190181/; classtype:trojan-activity;sid:84053281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190180)"; flow:established,from_client; content:"GET"; http_method; content:"/pastes/019220a3-9326-7b46-b740-ef110ecdb453/raw"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"pastecodeapp.vercel.app"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190180/; classtype:trojan-activity;sid:84053280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189430)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/getlab.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.113.115.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189430/; classtype:trojan-activity;sid:84052530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189426)"; flow:established,from_client; content:"GET"; http_method; content:"/thebig/stories.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.113.115.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189426/; classtype:trojan-activity;sid:84052526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189365)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installeraus.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189365/; classtype:trojan-activity;sid:84052465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189290)"; flow:established,from_client; content:"GET"; http_method; content:"/2009/mdagfqvaa2gkfvxxponi.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189290/; classtype:trojan-activity;sid:84052390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189225)"; flow:established,from_client; content:"GET"; http_method; content:"/unknwon1352/qawfdasfaw/main/software.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189225/; classtype:trojan-activity;sid:84052325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188620)"; flow:established,from_client; content:"GET"; http_method; content:"/repository/aa_v3.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"83.149.17.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3188620/; classtype:trojan-activity;sid:84051720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188034)"; flow:established,from_client; content:"GET"; http_method; content:"/blueskyxn/changesource/master/besttrace"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188034/; classtype:trojan-activity;sid:84051134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188025)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188025/; classtype:trojan-activity;sid:84051125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187582)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/temp/_rels/key.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pb.agnt.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187582/; classtype:trojan-activity;sid:84050682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187580)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/blackload.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187580/; classtype:trojan-activity;sid:84050680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187576)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unison.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187576/; classtype:trojan-activity;sid:84050676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187577)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrarinstall.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187577/; classtype:trojan-activity;sid:84050677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187575)"; flow:established,from_client; content:"GET"; http_method; content:"/7z.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.mvip8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187575/; classtype:trojan-activity;sid:84050675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187570)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ufw.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187570/; classtype:trojan-activity;sid:84050670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187553)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e5%9b%9b%e6%96%b9%e5%b9%b3%e5%8f%b0-%e5%8d%a1%e5%95%86%e7%ab%af.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"sms-szfang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187553/; classtype:trojan-activity;sid:84050653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186573)"; flow:established,from_client; content:"GET"; http_method; content:"/p1.html"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.11.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186573/; classtype:trojan-activity;sid:84049673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186441)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186441/; classtype:trojan-activity;sid:84049541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186440)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186440/; classtype:trojan-activity;sid:84049540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186439)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.4.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186439/; classtype:trojan-activity;sid:84049539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186434)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_win_tool_v9.6.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186434/; classtype:trojan-activity;sid:84049534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186433)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_win_tool_v9.6.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186433/; classtype:trojan-activity;sid:84049533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186432)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186432/; classtype:trojan-activity;sid:84049532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186431)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186431/; classtype:trojan-activity;sid:84049531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186429)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.4.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186429/; classtype:trojan-activity;sid:84049529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186426)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_windowsport.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186426/; classtype:trojan-activity;sid:84049526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186427)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186427/; classtype:trojan-activity;sid:84049527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186428)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_windowsport.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186428/; classtype:trojan-activity;sid:84049528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185853)"; flow:established,from_client; content:"GET"; http_method; content:"/mysqld.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.238.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185853/; classtype:trojan-activity;sid:84048953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185566)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/envs/ds1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185566/; classtype:trojan-activity;sid:84048666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185567)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rf.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185567/; classtype:trojan-activity;sid:84048667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185568)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rs.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185568/; classtype:trojan-activity;sid:84048668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185560)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/j1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185560/; classtype:trojan-activity;sid:84048660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185561)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rtj.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185561/; classtype:trojan-activity;sid:84048661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185562)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rrtt.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185562/; classtype:trojan-activity;sid:84048662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185564)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/k1r.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185564/; classtype:trojan-activity;sid:84048664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184928)"; flow:established,from_client; content:"GET"; http_method; content:"/download/new_image_vbs/new_image_vbs.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184928/; classtype:trojan-activity;sid:84048028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184777)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/game.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.110.33.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184777/; classtype:trojan-activity;sid:84047877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184776)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/config.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"103.110.33.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184776/; classtype:trojan-activity;sid:84047876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184769)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/autoupdate.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"103.110.33.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184769/; classtype:trojan-activity;sid:84047869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184301)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/needmoney.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184301/; classtype:trojan-activity;sid:84047401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184299)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/firefox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184299/; classtype:trojan-activity;sid:84047399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184293)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/microsoft.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184293/; classtype:trojan-activity;sid:84047393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184284)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac222222.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184284/; classtype:trojan-activity;sid:84047384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3179273)"; flow:established,from_client; content:"GET"; http_method; content:"/spetterman66/verynicerepo/main/xmr-go.sh"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_18; reference:url, urlhaus.abuse.ch/url/3179273/; classtype:trojan-activity;sid:84042373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178439)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/dlllllll.txt|3f|alt=media|7c|26|7c|token=fdca0921-d71f-49dc-bdf6-08168b6bad86"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178439/; classtype:trojan-activity;sid:84041539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178396)"; flow:established,from_client; content:"GET"; http_method; content:"/6/items/detah-note-j/detahnotej.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"ia904601.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178396/; classtype:trojan-activity;sid:84041496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178373)"; flow:established,from_client; content:"GET"; http_method; content:"/24/items/detah-note-v/detahnotev.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ia600100.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178373/; classtype:trojan-activity;sid:84041473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178347)"; flow:established,from_client; content:"GET"; http_method; content:"/2/items/new_image_20240905/new_image.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"ia601706.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178347/; classtype:trojan-activity;sid:84041447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3176961)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadeus.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3176961/; classtype:trojan-activity;sid:84040061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3176887)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clip.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3176887/; classtype:trojan-activity;sid:84039987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175721/; classtype:trojan-activity;sid:84038821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175712)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175712/; classtype:trojan-activity;sid:84038812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175659)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175659/; classtype:trojan-activity;sid:84038759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175566)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175566/; classtype:trojan-activity;sid:84038666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175462)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175462/; classtype:trojan-activity;sid:84038562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175448)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175448/; classtype:trojan-activity;sid:84038548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175437)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175437/; classtype:trojan-activity;sid:84038537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175431)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175431/; classtype:trojan-activity;sid:84038531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175403)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175403/; classtype:trojan-activity;sid:84038503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175393)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.46.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175393/; classtype:trojan-activity;sid:84038493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175280/; classtype:trojan-activity;sid:84038380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175149)"; flow:established,from_client; content:"GET"; http_method; content:"/load.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175149/; classtype:trojan-activity;sid:84038249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175134)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"122.51.183.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175134/; classtype:trojan-activity;sid:84038234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175124)"; flow:established,from_client; content:"GET"; http_method; content:"/build.config"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175124/; classtype:trojan-activity;sid:84038224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175127)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175127/; classtype:trojan-activity;sid:84038227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175111)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175111/; classtype:trojan-activity;sid:84038211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175104)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175104/; classtype:trojan-activity;sid:84038204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175105)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175105/; classtype:trojan-activity;sid:84038205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175106/; classtype:trojan-activity;sid:84038206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175107)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175107/; classtype:trojan-activity;sid:84038207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175108/; classtype:trojan-activity;sid:84038208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174974)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"14.103.48.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174974/; classtype:trojan-activity;sid:84038074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174943)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.236.75.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174943/; classtype:trojan-activity;sid:84038043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174936)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.106.216.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174936/; classtype:trojan-activity;sid:84038036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174586)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bitcoincore.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174586/; classtype:trojan-activity;sid:84037686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174584)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/8.11.9-windows.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174584/; classtype:trojan-activity;sid:84037684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174582)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174582/; classtype:trojan-activity;sid:84037682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174581)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/broadcom5.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174581/; classtype:trojan-activity;sid:84037681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174580)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174580/; classtype:trojan-activity;sid:84037680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174579)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client_protected.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174579/; classtype:trojan-activity;sid:84037679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174578)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/freedom.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174578/; classtype:trojan-activity;sid:84037678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174576)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rms1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174576/; classtype:trojan-activity;sid:84037676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174574)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pichon.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174574/; classtype:trojan-activity;sid:84037674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174575)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gift-info.lmg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174575/; classtype:trojan-activity;sid:84037675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174573)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cclent.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174573/; classtype:trojan-activity;sid:84037673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174572)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyl64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174572/; classtype:trojan-activity;sid:84037672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174570)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidth_monitor.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174570/; classtype:trojan-activity;sid:84037670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174569)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/whiteheroin.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174569/; classtype:trojan-activity;sid:84037669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174568)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hvnc1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174568/; classtype:trojan-activity;sid:84037668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174566)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ghost_0x000263826b9a9b91.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174566/; classtype:trojan-activity;sid:84037666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174567)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/morphic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174567/; classtype:trojan-activity;sid:84037667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174564)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cnyvvl.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174564/; classtype:trojan-activity;sid:84037664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174565)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xclient_protected.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174565/; classtype:trojan-activity;sid:84037665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174560)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/resex.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174560/; classtype:trojan-activity;sid:84037660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174561)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5knchalah.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174561/; classtype:trojan-activity;sid:84037661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174556)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6253708004881862888.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174556/; classtype:trojan-activity;sid:84037656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174523)"; flow:established,from_client; content:"GET"; http_method; content:"/scribblercoder/browserthief/main/browserthief.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174523/; classtype:trojan-activity;sid:84037623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174501)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174501/; classtype:trojan-activity;sid:84037601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174496)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bundle.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174496/; classtype:trojan-activity;sid:84037596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174498)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/penis.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174498/; classtype:trojan-activity;sid:84037598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174493)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vlst.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174493/; classtype:trojan-activity;sid:84037593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174406)"; flow:established,from_client; content:"GET"; http_method; content:"/winring0x64.sys"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.173.254.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174406/; classtype:trojan-activity;sid:84037506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174364)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tecunonline.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174364/; classtype:trojan-activity;sid:84037464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174340)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.tecunonline.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174340/; classtype:trojan-activity;sid:84037440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174318)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174318/; classtype:trojan-activity;sid:84037418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174319)"; flow:established,from_client; content:"GET"; http_method; content:"/tsh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174319/; classtype:trojan-activity;sid:84037419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174320)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174320/; classtype:trojan-activity;sid:84037420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174267)"; flow:established,from_client; content:"GET"; http_method; content:"/me.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.106.176.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174267/; classtype:trojan-activity;sid:84037367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174264)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174264/; classtype:trojan-activity;sid:84037364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174027)"; flow:established,from_client; content:"GET"; http_method; content:"/dns1.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.35.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174027/; classtype:trojan-activity;sid:84037127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174024)"; flow:established,from_client; content:"GET"; http_method; content:"/vpn.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.35.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174024/; classtype:trojan-activity;sid:84037124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174025)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.35.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174025/; classtype:trojan-activity;sid:84037125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173868)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173868/; classtype:trojan-activity;sid:84036968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172298)"; flow:established,from_client; content:"GET"; http_method; content:"/install_lodop32.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.59.103.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172298/; classtype:trojan-activity;sid:84035398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172294)"; flow:established,from_client; content:"GET"; http_method; content:"/od.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.189.5.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172294/; classtype:trojan-activity;sid:84035394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172268)"; flow:established,from_client; content:"GET"; http_method; content:"/taskmgr.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.173.254.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172268/; classtype:trojan-activity;sid:84035368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172240)"; flow:established,from_client; content:"GET"; http_method; content:"/techsavvysenior/referralreactjs/archive/refs/heads/main.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172240/; classtype:trojan-activity;sid:84035340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172125)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172125/; classtype:trojan-activity;sid:84035225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172126)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172126/; classtype:trojan-activity;sid:84035226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172127)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172127/; classtype:trojan-activity;sid:84035227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172128)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172128/; classtype:trojan-activity;sid:84035228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172129)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172129/; classtype:trojan-activity;sid:84035229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172130)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172130/; classtype:trojan-activity;sid:84035230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172131)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.231.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172131/; classtype:trojan-activity;sid:84035231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3171183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.16.102.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3171183/; classtype:trojan-activity;sid:84034283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3170446)"; flow:established,from_client; content:"GET"; http_method; content:"/scsi_esrr_1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"8.218.239.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3170446/; classtype:trojan-activity;sid:84033546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3170445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3170445/; classtype:trojan-activity;sid:84033545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3170362)"; flow:established,from_client; content:"GET"; http_method; content:"/386.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"112.33.27.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3170362/; classtype:trojan-activity;sid:84033462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169080)"; flow:established,from_client; content:"GET"; http_method; content:"/tenants/135790374f46b0107c516a5f5e13069b/5e5f800fdf87209fdf8f9b61441e53a1/linux/x64/stable/install.sh"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"download.cudo.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3169080/; classtype:trojan-activity;sid:84032180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3167008)"; flow:established,from_client; content:"GET"; http_method; content:"/233_uywnfzbryrv"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mbsngradnja.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_11; reference:url, urlhaus.abuse.ch/url/3167008/; classtype:trojan-activity;sid:84030108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3167009)"; flow:established,from_client; content:"GET"; http_method; content:"/233_uywnfzbryrv"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mbsngradnja.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_11; reference:url, urlhaus.abuse.ch/url/3167009/; classtype:trojan-activity;sid:84030109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165793/; classtype:trojan-activity;sid:84028893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165794)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165794/; classtype:trojan-activity;sid:84028894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165791)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165791/; classtype:trojan-activity;sid:84028891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165792)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165792/; classtype:trojan-activity;sid:84028892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165777/; classtype:trojan-activity;sid:84028877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165778)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165778/; classtype:trojan-activity;sid:84028878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165779)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165779/; classtype:trojan-activity;sid:84028879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.sparc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165780/; classtype:trojan-activity;sid:84028880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165781)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.powerpc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165781/; classtype:trojan-activity;sid:84028881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165782/; classtype:trojan-activity;sid:84028882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.mipsel"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165783/; classtype:trojan-activity;sid:84028883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165784)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165784/; classtype:trojan-activity;sid:84028884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165785)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165785/; classtype:trojan-activity;sid:84028885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165787)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165787/; classtype:trojan-activity;sid:84028887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165788/; classtype:trojan-activity;sid:84028888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165789)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165789/; classtype:trojan-activity;sid:84028889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165790)"; flow:established,from_client; content:"GET"; http_method; content:"/ri/la.bot.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165790/; classtype:trojan-activity;sid:84028890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.powerpc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165775/; classtype:trojan-activity;sid:84028875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/la.bot.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.149.87.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165776/; classtype:trojan-activity;sid:84028876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3164933)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.23.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3164933/; classtype:trojan-activity;sid:84028033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163237)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastop.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_09; reference:url, urlhaus.abuse.ch/url/3163237/; classtype:trojan-activity;sid:84026337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.16.102.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_08; reference:url, urlhaus.abuse.ch/url/3163126/; classtype:trojan-activity;sid:84026226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3161411)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/ezife.txt|3f|alt=media|7c|26|7c|token=76efce27-fa0e-4742-86ec-47a2efb14fbd"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_07; reference:url, urlhaus.abuse.ch/url/3161411/; classtype:trojan-activity;sid:84024511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3160869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.210.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_07; reference:url, urlhaus.abuse.ch/url/3160869/; classtype:trojan-activity;sid:84023969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3159138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.94.210.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_06; reference:url, urlhaus.abuse.ch/url/3159138/; classtype:trojan-activity;sid:84022238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3158404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.230.28.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3158404/; classtype:trojan-activity;sid:84021504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3158390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.230.28.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3158390/; classtype:trojan-activity;sid:84021490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157551)"; flow:established,from_client; content:"GET"; http_method; content:"/superdev-1018/casino_game/archive/refs/heads/main.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157551/; classtype:trojan-activity;sid:84020651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156454)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"122.51.75.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156454/; classtype:trojan-activity;sid:84019554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156428)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.115.166.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156428/; classtype:trojan-activity;sid:84019528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156436)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.146.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156436/; classtype:trojan-activity;sid:84019536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156330)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/virusnnnnnmeu0409.txt|3f|alt=media|7c|26|7c|token=b21da726-7c55-43bb-a0da-7405252c43c6"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156330/; classtype:trojan-activity;sid:84019430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156256)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/6ixcgyundte9indcrjg0.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156256/; classtype:trojan-activity;sid:84019356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156257)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/omf035w09jhsw3qim7yy.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156257/; classtype:trojan-activity;sid:84019357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156258)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156258/; classtype:trojan-activity;sid:84019358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156259)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156259/; classtype:trojan-activity;sid:84019359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156260)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/obaqiquigeflou8dltcj.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156260/; classtype:trojan-activity;sid:84019360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156261)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/spkld0pht5zkdb7062ql.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156261/; classtype:trojan-activity;sid:84019361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156246)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/u9iczzb5fm5owwojnw5q.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156246/; classtype:trojan-activity;sid:84019346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156248)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156248/; classtype:trojan-activity;sid:84019348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156249)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/e96h9t9y6mvvm4pyti8p.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156249/; classtype:trojan-activity;sid:84019349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156250)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/tqjkts441txvedugsp7z.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156250/; classtype:trojan-activity;sid:84019350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156251)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156251/; classtype:trojan-activity;sid:84019351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156252)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/thxb4tu1jp1fqqfsqky1.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156252/; classtype:trojan-activity;sid:84019352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156253)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/srsjgq7vhhmecv535vvs.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156253/; classtype:trojan-activity;sid:84019353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156254)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/hn9om6j1c9ycqkei5xe2.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156254/; classtype:trojan-activity;sid:84019354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156255)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/t8eceab2kwpje4vdedzb.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156255/; classtype:trojan-activity;sid:84019355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156244)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/kyorihrhn8gphiz4be4p.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156244/; classtype:trojan-activity;sid:84019344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156243)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/l8dnezoixbihmshsbj12.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156243/; classtype:trojan-activity;sid:84019343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156233)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/s"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156233/; classtype:trojan-activity;sid:84019333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156234)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/t8eceab2kwpje4vdedzb.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156234/; classtype:trojan-activity;sid:84019334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156235)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/6ixcgyundte9indcrjg0.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156235/; classtype:trojan-activity;sid:84019335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156236)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/file"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156236/; classtype:trojan-activity;sid:84019336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156237)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/srsjgq7vhhmecv535vvs.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156237/; classtype:trojan-activity;sid:84019337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156238)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/v"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156238/; classtype:trojan-activity;sid:84019338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156239)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/spkld0pht5zkdb7062ql.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156239/; classtype:trojan-activity;sid:84019339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156240)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/e96h9t9y6mvvm4pyti8p.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156240/; classtype:trojan-activity;sid:84019340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156241)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/l8dnezoixbihmshsbj12.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156241/; classtype:trojan-activity;sid:84019341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156242)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156242/; classtype:trojan-activity;sid:84019342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156232)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/omf035w09jhsw3qim7yy.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156232/; classtype:trojan-activity;sid:84019332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156226)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/hn9om6j1c9ycqkei5xe2.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156226/; classtype:trojan-activity;sid:84019326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156227)"; flow:established,from_client; content:"GET"; http_method; content:"/1608/xdz2maxjk6goovrsde3u.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156227/; classtype:trojan-activity;sid:84019327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156228)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/kyorihrhn8gphiz4be4p.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156228/; classtype:trojan-activity;sid:84019328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156229)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/thxb4tu1jp1fqqfsqky1.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156229/; classtype:trojan-activity;sid:84019329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156230)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/tqjkts441txvedugsp7z.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156230/; classtype:trojan-activity;sid:84019330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156231)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/u9iczzb5fm5owwojnw5q.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156231/; classtype:trojan-activity;sid:84019331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156225)"; flow:established,from_client; content:"GET"; http_method; content:"/2108/obaqiquigeflou8dltcj.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156225/; classtype:trojan-activity;sid:84019325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154718)"; flow:established,from_client; content:"GET"; http_method; content:"/hackirby/discord-injection/main/injection.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154718/; classtype:trojan-activity;sid:84017818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153518)"; flow:established,from_client; content:"GET"; http_method; content:"/ew.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.122.129.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153518/; classtype:trojan-activity;sid:84016618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153519)"; flow:established,from_client; content:"GET"; http_method; content:"/ew.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.122.129.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153519/; classtype:trojan-activity;sid:84016619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153517)"; flow:established,from_client; content:"GET"; http_method; content:"/get"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"134.122.129.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153517/; classtype:trojan-activity;sid:84016617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153516)"; flow:established,from_client; content:"GET"; http_method; content:"/get"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"134.122.129.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153516/; classtype:trojan-activity;sid:84016616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153507)"; flow:established,from_client; content:"GET"; http_method; content:"/get"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"134.122.129.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153507/; classtype:trojan-activity;sid:84016607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153312)"; flow:established,from_client; content:"GET"; http_method; content:"/jndiexploit-0x727-1.3-snapshot.jar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.219.134.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153312/; classtype:trojan-activity;sid:84016412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153310)"; flow:established,from_client; content:"GET"; http_method; content:"/fastjson.class"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.219.134.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153310/; classtype:trojan-activity;sid:84016410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153297)"; flow:established,from_client; content:"GET"; http_method; content:"/ew.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.122.129.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153297/; classtype:trojan-activity;sid:84016397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152780)"; flow:established,from_client; content:"GET"; http_method; content:"/arma3sync.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.254.96.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152780/; classtype:trojan-activity;sid:84015880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138431)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138431/; classtype:trojan-activity;sid:84001531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138430)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138430/; classtype:trojan-activity;sid:84001530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138428)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138428/; classtype:trojan-activity;sid:84001528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138429)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138429/; classtype:trojan-activity;sid:84001529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138426)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138426/; classtype:trojan-activity;sid:84001526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138268)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138268/; classtype:trojan-activity;sid:84001368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3137563)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_31; reference:url, urlhaus.abuse.ch/url/3137563/; classtype:trojan-activity;sid:84000663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135730)"; flow:established,from_client; content:"GET"; http_method; content:"/miners/myxmrig.tgz"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"do-dear.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135730/; classtype:trojan-activity;sid:83998830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135722)"; flow:established,from_client; content:"GET"; http_method; content:"/sosinchik/asd/main/zoom.py"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135722/; classtype:trojan-activity;sid:83998822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135724)"; flow:established,from_client; content:"GET"; http_method; content:"/moneroocean/xmrig_setup/master/setup_moneroocean_miner.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135724/; classtype:trojan-activity;sid:83998824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135725)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dsfuwqu/main/zombie"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135725/; classtype:trojan-activity;sid:83998825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135613)"; flow:established,from_client; content:"GET"; http_method; content:"/log/orgn.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"epanpano.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135613/; classtype:trojan-activity;sid:83998713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134374)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/wnbsqv3008.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soft.wsyhn.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134374/; classtype:trojan-activity;sid:83997474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134371)"; flow:established,from_client; content:"GET"; http_method; content:"/qqhelper_1540.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"down.qqfarmer.com.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134371/; classtype:trojan-activity;sid:83997471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134368)"; flow:established,from_client; content:"GET"; http_method; content:"/login/1188%e7%83%88%e7%84%b0.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cdn.ly.9377.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134368/; classtype:trojan-activity;sid:83997468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134016)"; flow:established,from_client; content:"GET"; http_method; content:"/06-wudao/%e8%88%9e%e8%b9%88%e5%8a%a9%e6%89%8b.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"up.maolaoban.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134016/; classtype:trojan-activity;sid:83997116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130985)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/adadada-fe29c.appspot.com/o/fc.txt|3f|alt=media|7c|26|7c|token=b9e122e9-326d-4e11-b005-be128c5b487e"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130985/; classtype:trojan-activity;sid:83994085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130984)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/asas-495ee.appspot.com/o/55.jpg|3f|alt=media|7c|26|7c|token=83466f23-8119-4bc0-8589-76995553bdfa"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130984/; classtype:trojan-activity;sid:83994084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130983)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/adadada-fe29c.appspot.com/o/ppaste.txt|3f|alt=media|7c|26|7c|token=2e3df61b-5f41-4e2b-9c0b-5664eded29e5"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130983/; classtype:trojan-activity;sid:83994083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.16.67.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130738/; classtype:trojan-activity;sid:83993838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130459)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/aaaaaaaaabbbbbbbbbb.txt|3f|alt=media|7c|26|7c|token=b258ab10-99ab-4d37-8a91-7954022a451e"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130459/; classtype:trojan-activity;sid:83993559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129877)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/dll3js.appspot.com/o/dlljs2036.txt|3f|alt=media|7c|26|7c|token=f2f9ed1a-db47-4924-bb04-7b3e905bc597"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129877/; classtype:trojan-activity;sid:83992977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129654)"; flow:established,from_client; content:"GET"; http_method; content:"/nova_flow/patcher.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"144.172.71.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129654/; classtype:trojan-activity;sid:83992754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129592)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%8b%8d%e7%89%8c%e4%b8%93%e4%b8%9a%e7%89%88.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"ini.sh-pp.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129592/; classtype:trojan-activity;sid:83992692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129577)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/update/css/self/[upg]css.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"cs.go.kg"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129577/; classtype:trojan-activity;sid:83992677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129512)"; flow:established,from_client; content:"GET"; http_method; content:"/gmbuild/v1.1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.qqqmy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129512/; classtype:trojan-activity;sid:83992612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129478)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/foobar2000_v1.6.7_beta_17@1704_129472.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129478/; classtype:trojan-activity;sid:83992578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129422)"; flow:established,from_client; content:"GET"; http_method; content:"/tjqdq.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.249.193.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129422/; classtype:trojan-activity;sid:83992522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129421)"; flow:established,from_client; content:"GET"; http_method; content:"/test/restart1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.aqianniao.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129421/; classtype:trojan-activity;sid:83992521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129417)"; flow:established,from_client; content:"GET"; http_method; content:"/asmedises/pxray_cast_sort.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.medises.co.kr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129417/; classtype:trojan-activity;sid:83992517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129223)"; flow:established,from_client; content:"GET"; http_method; content:"/enp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adf6.adf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129223/; classtype:trojan-activity;sid:83992323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129220)"; flow:established,from_client; content:"GET"; http_method; content:"/media/mod_junewsultra/js/bootstrap/js/bootstrap.min.js"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"temirtau-adm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129220/; classtype:trojan-activity;sid:83992320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129177)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.197.69.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129177/; classtype:trojan-activity;sid:83992277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129176)"; flow:established,from_client; content:"GET"; http_method; content:"/crss.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.197.69.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129176/; classtype:trojan-activity;sid:83992276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129042)"; flow:established,from_client; content:"GET"; http_method; content:"/yuta1111x/selfbot/04ecdf46e8db9fce689d93905d759334b475c825/aquarius.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129042/; classtype:trojan-activity;sid:83992142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128969)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/k1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128969/; classtype:trojan-activity;sid:83992069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128962)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/a1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128962/; classtype:trojan-activity;sid:83992062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128963)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/x2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128963/; classtype:trojan-activity;sid:83992063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128964)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/ark.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128964/; classtype:trojan-activity;sid:83992064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128965)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/rt.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128965/; classtype:trojan-activity;sid:83992065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127950)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings/greetings1/wow.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127950/; classtype:trojan-activity;sid:83991050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127898)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld611114.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127898/; classtype:trojan-activity;sid:83990998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127897)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification-1.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127897/; classtype:trojan-activity;sid:83990997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127896)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/purlog.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127896/; classtype:trojan-activity;sid:83990996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127895)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/baddstore.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127895/; classtype:trojan-activity;sid:83990995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127894)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mswgoudnv.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127894/; classtype:trojan-activity;sid:83990994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127893)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ven_protected.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127893/; classtype:trojan-activity;sid:83990993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127892)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/surfex.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127892/; classtype:trojan-activity;sid:83990992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127891)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gagagggagagag.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127891/; classtype:trojan-activity;sid:83990991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127795)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/install2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127795/; classtype:trojan-activity;sid:83990895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127794)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build9.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127794/; classtype:trojan-activity;sid:83990894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127791)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t3.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127791/; classtype:trojan-activity;sid:83990891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127789)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winn.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127789/; classtype:trojan-activity;sid:83990889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127787)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/explorer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127787/; classtype:trojan-activity;sid:83990887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127788)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127788/; classtype:trojan-activity;sid:83990888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127602)"; flow:established,from_client; content:"GET"; http_method; content:"/data/omg.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"129.151.210.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127602/; classtype:trojan-activity;sid:83990702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127561)"; flow:established,from_client; content:"GET"; http_method; content:"/slv.gif"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127561/; classtype:trojan-activity;sid:83990661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3126010)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-3156.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"20.243.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3126010/; classtype:trojan-activity;sid:83989110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125901)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-3156.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"20.243.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125901/; classtype:trojan-activity;sid:83989001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125605)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/indentif.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125605/; classtype:trojan-activity;sid:83988705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125604)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tu%d1%80111.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125604/; classtype:trojan-activity;sid:83988704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125603)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxxx.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125603/; classtype:trojan-activity;sid:83988703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125602)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsui.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125602/; classtype:trojan-activity;sid:83988702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125601)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac22222.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125601/; classtype:trojan-activity;sid:83988701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125598)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default2.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125598/; classtype:trojan-activity;sid:83988698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3121905)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/caricatured.emz"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"jahez.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_22; reference:url, urlhaus.abuse.ch/url/3121905/; classtype:trojan-activity;sid:83985005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3121906)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/azdbzliddkt187.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"jahez.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_22; reference:url, urlhaus.abuse.ch/url/3121906/; classtype:trojan-activity;sid:83985006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120967)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vn70wvxw.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120967/; classtype:trojan-activity;sid:83984067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120608)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted8888.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120608/; classtype:trojan-activity;sid:83983708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120496)"; flow:established,from_client; content:"GET"; http_method; content:"/download/ru/downloader.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ldcdn.ldmnq.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120496/; classtype:trojan-activity;sid:83983596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118418)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dtrade_v1.3.6.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118418/; classtype:trojan-activity;sid:83981518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118411)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_daval.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118411/; classtype:trojan-activity;sid:83981511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117673)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/meta.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117673/; classtype:trojan-activity;sid:83980773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117555)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117555/; classtype:trojan-activity;sid:83980655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117553)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117553/; classtype:trojan-activity;sid:83980653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117554)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clcs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117554/; classtype:trojan-activity;sid:83980654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117552)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117552/; classtype:trojan-activity;sid:83980652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117551)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/seo.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117551/; classtype:trojan-activity;sid:83980651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117550)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/coreplugin.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117550/; classtype:trojan-activity;sid:83980650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117549)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diskutility.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117549/; classtype:trojan-activity;sid:83980649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3116194)"; flow:established,from_client; content:"GET"; http_method; content:"/avastavv.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avastpx.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3116194/; classtype:trojan-activity;sid:83979294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3115896)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/drchoe.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3115896/; classtype:trojan-activity;sid:83978996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113834)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c103.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113834/; classtype:trojan-activity;sid:83976934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113833)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c040.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113833/; classtype:trojan-activity;sid:83976933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113832)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c091.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113832/; classtype:trojan-activity;sid:83976932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113831)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c156.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113831/; classtype:trojan-activity;sid:83976931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113830)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c057.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113830/; classtype:trojan-activity;sid:83976930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113829)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c073.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113829/; classtype:trojan-activity;sid:83976929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113828)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c012.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113828/; classtype:trojan-activity;sid:83976928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113827)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c152.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113827/; classtype:trojan-activity;sid:83976927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113826)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c055.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113826/; classtype:trojan-activity;sid:83976926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113824)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c011.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113824/; classtype:trojan-activity;sid:83976924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113825)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c065.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113825/; classtype:trojan-activity;sid:83976925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113823)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c017.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113823/; classtype:trojan-activity;sid:83976923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113822)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c019.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113822/; classtype:trojan-activity;sid:83976922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113821)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c016.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113821/; classtype:trojan-activity;sid:83976921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113820)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c005.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113820/; classtype:trojan-activity;sid:83976920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113819)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c001.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113819/; classtype:trojan-activity;sid:83976919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113818)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c026.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113818/; classtype:trojan-activity;sid:83976918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113817)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c002.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113817/; classtype:trojan-activity;sid:83976917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113816)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c053.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113816/; classtype:trojan-activity;sid:83976916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113815)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c150.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113815/; classtype:trojan-activity;sid:83976915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113814)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c093.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113814/; classtype:trojan-activity;sid:83976914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113813)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c088.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113813/; classtype:trojan-activity;sid:83976913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113811)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c050.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113811/; classtype:trojan-activity;sid:83976911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113812)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c058.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113812/; classtype:trojan-activity;sid:83976912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113810)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c012.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113810/; classtype:trojan-activity;sid:83976910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113809)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c079.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113809/; classtype:trojan-activity;sid:83976909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113808)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c162.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113808/; classtype:trojan-activity;sid:83976908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113807)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c010.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113807/; classtype:trojan-activity;sid:83976907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113806)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c153.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113806/; classtype:trojan-activity;sid:83976906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113805)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c063.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113805/; classtype:trojan-activity;sid:83976905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113804)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c009.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113804/; classtype:trojan-activity;sid:83976904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113803)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_au003.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113803/; classtype:trojan-activity;sid:83976903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113802)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c004.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113802/; classtype:trojan-activity;sid:83976902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113801)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c181.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113801/; classtype:trojan-activity;sid:83976901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113800)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113800/; classtype:trojan-activity;sid:83976900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113799)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c051.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113799/; classtype:trojan-activity;sid:83976899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113798)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c035.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113798/; classtype:trojan-activity;sid:83976898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113797)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c007.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113797/; classtype:trojan-activity;sid:83976897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113796)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c159.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113796/; classtype:trojan-activity;sid:83976896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113795)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c110.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113795/; classtype:trojan-activity;sid:83976895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113791)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c029.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113791/; classtype:trojan-activity;sid:83976891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113792)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c168.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113792/; classtype:trojan-activity;sid:83976892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113794)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c081.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113794/; classtype:trojan-activity;sid:83976894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113790)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c030.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113790/; classtype:trojan-activity;sid:83976890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113789)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c062.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113789/; classtype:trojan-activity;sid:83976889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113788)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_product.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113788/; classtype:trojan-activity;sid:83976888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113787)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c061.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113787/; classtype:trojan-activity;sid:83976887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113786)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c054.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113786/; classtype:trojan-activity;sid:83976886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113782)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c006.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113782/; classtype:trojan-activity;sid:83976882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113778)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c072.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113778/; classtype:trojan-activity;sid:83976878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113779)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c180.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113779/; classtype:trojan-activity;sid:83976879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113780)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c014.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113780/; classtype:trojan-activity;sid:83976880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113781)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c024.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113781/; classtype:trojan-activity;sid:83976881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113777)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c060.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113777/; classtype:trojan-activity;sid:83976877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113776)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c106.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113776/; classtype:trojan-activity;sid:83976876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113775)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c052.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113775/; classtype:trojan-activity;sid:83976875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113774)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c615.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113774/; classtype:trojan-activity;sid:83976874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113772)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c076.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113772/; classtype:trojan-activity;sid:83976872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113773)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c151.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113773/; classtype:trojan-activity;sid:83976873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113771)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c101.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113771/; classtype:trojan-activity;sid:83976871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113769)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c054.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113769/; classtype:trojan-activity;sid:83976869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113770)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c003.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113770/; classtype:trojan-activity;sid:83976870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113768)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c028.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113768/; classtype:trojan-activity;sid:83976868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113767)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c022.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113767/; classtype:trojan-activity;sid:83976867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113765)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c068.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113765/; classtype:trojan-activity;sid:83976865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113759)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c005.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113759/; classtype:trojan-activity;sid:83976859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113760)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113760/; classtype:trojan-activity;sid:83976860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113761)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c028.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113761/; classtype:trojan-activity;sid:83976861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113762)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c018.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113762/; classtype:trojan-activity;sid:83976862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113758)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c160.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113758/; classtype:trojan-activity;sid:83976858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113756)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c064.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113756/; classtype:trojan-activity;sid:83976856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113757)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c056.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113757/; classtype:trojan-activity;sid:83976857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113755)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c169.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113755/; classtype:trojan-activity;sid:83976855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113751)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c157.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113751/; classtype:trojan-activity;sid:83976851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113752)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c025.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113752/; classtype:trojan-activity;sid:83976852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113753)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c024.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113753/; classtype:trojan-activity;sid:83976853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113754)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c036.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113754/; classtype:trojan-activity;sid:83976854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113750)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c182.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113750/; classtype:trojan-activity;sid:83976850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113748)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c164.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113748/; classtype:trojan-activity;sid:83976848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113749)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c056.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113749/; classtype:trojan-activity;sid:83976849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113747)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c029.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113747/; classtype:trojan-activity;sid:83976847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113746)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c006.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113746/; classtype:trojan-activity;sid:83976846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113745)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c002.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113745/; classtype:trojan-activity;sid:83976845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113744)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c080.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113744/; classtype:trojan-activity;sid:83976844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113742)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c083.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113742/; classtype:trojan-activity;sid:83976842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113743)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c089.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113743/; classtype:trojan-activity;sid:83976843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113734)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c007.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113734/; classtype:trojan-activity;sid:83976834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113731)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c023.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113731/; classtype:trojan-activity;sid:83976831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113732)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c067.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113732/; classtype:trojan-activity;sid:83976832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113733)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c025.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113733/; classtype:trojan-activity;sid:83976833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113730)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c163.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113730/; classtype:trojan-activity;sid:83976830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113728)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c108.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113728/; classtype:trojan-activity;sid:83976828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113729)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c154.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113729/; classtype:trojan-activity;sid:83976829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113727)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c021.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113727/; classtype:trojan-activity;sid:83976827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113726)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c013.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113726/; classtype:trojan-activity;sid:83976826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113724)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c038.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113724/; classtype:trojan-activity;sid:83976824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113725)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c050.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113725/; classtype:trojan-activity;sid:83976825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113723)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c023.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113723/; classtype:trojan-activity;sid:83976823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113720)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c092.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113720/; classtype:trojan-activity;sid:83976820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113721)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c033.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113721/; classtype:trojan-activity;sid:83976821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113722)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c015.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113722/; classtype:trojan-activity;sid:83976822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113719)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c018.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113719/; classtype:trojan-activity;sid:83976819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113717)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c003.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113717/; classtype:trojan-activity;sid:83976817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113716)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c051.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113716/; classtype:trojan-activity;sid:83976816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113715)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c00h.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113715/; classtype:trojan-activity;sid:83976815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113713)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c032.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113713/; classtype:trojan-activity;sid:83976813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113714)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c062.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113714/; classtype:trojan-activity;sid:83976814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113711)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c084.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113711/; classtype:trojan-activity;sid:83976811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113710)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c037.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113710/; classtype:trojan-activity;sid:83976810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113708)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c026.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113708/; classtype:trojan-activity;sid:83976808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113709)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c087.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113709/; classtype:trojan-activity;sid:83976809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113707)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c034.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113707/; classtype:trojan-activity;sid:83976807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113706)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c161.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113706/; classtype:trojan-activity;sid:83976806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113705)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c021.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113705/; classtype:trojan-activity;sid:83976805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113704)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c055.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113704/; classtype:trojan-activity;sid:83976804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113702)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c004.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113702/; classtype:trojan-activity;sid:83976802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113699)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c075.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113699/; classtype:trojan-activity;sid:83976799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113701)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c105.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113701/; classtype:trojan-activity;sid:83976801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113697)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c060.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113697/; classtype:trojan-activity;sid:83976797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113698)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c066.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113698/; classtype:trojan-activity;sid:83976798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113692)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c155.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113692/; classtype:trojan-activity;sid:83976792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113693)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c061.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113693/; classtype:trojan-activity;sid:83976793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113694)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c022.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113694/; classtype:trojan-activity;sid:83976794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113696)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c011.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113696/; classtype:trojan-activity;sid:83976796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113690)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c001.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113690/; classtype:trojan-activity;sid:83976790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113691)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c014.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113691/; classtype:trojan-activity;sid:83976791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113689)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c031.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113689/; classtype:trojan-activity;sid:83976789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113687)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c027.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113687/; classtype:trojan-activity;sid:83976787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113686)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c019.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113686/; classtype:trojan-activity;sid:83976786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113685)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c078.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113685/; classtype:trojan-activity;sid:83976785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113683)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c090.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113683/; classtype:trojan-activity;sid:83976783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113684)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c086.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113684/; classtype:trojan-activity;sid:83976784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113681)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c070.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113681/; classtype:trojan-activity;sid:83976781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113682)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c167.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113682/; classtype:trojan-activity;sid:83976782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113679)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c085.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113679/; classtype:trojan-activity;sid:83976779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113680)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c166.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113680/; classtype:trojan-activity;sid:83976780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113678)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c158.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113678/; classtype:trojan-activity;sid:83976778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113676)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c013.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113676/; classtype:trojan-activity;sid:83976776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113675)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c071.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113675/; classtype:trojan-activity;sid:83976775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113672)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c008.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113672/; classtype:trojan-activity;sid:83976772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113670)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c109.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113670/; classtype:trojan-activity;sid:83976770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113671)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_au002.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113671/; classtype:trojan-activity;sid:83976771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113669)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_t001.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113669/; classtype:trojan-activity;sid:83976769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113666)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c082.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113666/; classtype:trojan-activity;sid:83976766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113667)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c059.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113667/; classtype:trojan-activity;sid:83976767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113665)"; flow:established,from_client; content:"GET"; http_method; content:"/tms_c053.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113665/; classtype:trojan-activity;sid:83976765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113664)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c077.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113664/; classtype:trojan-activity;sid:83976764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113660)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c001_backup.rar"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113660/; classtype:trojan-activity;sid:83976760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113661)"; flow:established,from_client; content:"GET"; http_method; content:"/pos_c165.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113661/; classtype:trojan-activity;sid:83976761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112853)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/set-up.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112853/; classtype:trojan-activity;sid:83975953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/battlegermany.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112844/; classtype:trojan-activity;sid:83975944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112728)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3546345.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112728/; classtype:trojan-activity;sid:83975828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112688)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112688/; classtype:trojan-activity;sid:83975788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112427)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.104.213.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112427/; classtype:trojan-activity;sid:83975527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112426)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.29.120.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112426/; classtype:trojan-activity;sid:83975526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112419)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112419/; classtype:trojan-activity;sid:83975519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112420)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112420/; classtype:trojan-activity;sid:83975520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112410)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112410/; classtype:trojan-activity;sid:83975510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112411)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112411/; classtype:trojan-activity;sid:83975511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112415)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112415/; classtype:trojan-activity;sid:83975515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112417)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.121.250.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112417/; classtype:trojan-activity;sid:83975517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3111151)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/contorax.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3111151/; classtype:trojan-activity;sid:83974251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110939)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/survox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110939/; classtype:trojan-activity;sid:83974039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110860)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.141.166.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110860/; classtype:trojan-activity;sid:83973960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110861)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110861/; classtype:trojan-activity;sid:83973961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110852)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.142.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110852/; classtype:trojan-activity;sid:83973952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110857)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"112.74.95.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110857/; classtype:trojan-activity;sid:83973957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110838)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.230.25.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110838/; classtype:trojan-activity;sid:83973938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110834)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.113.107.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110834/; classtype:trojan-activity;sid:83973934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110832)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.134.163.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110832/; classtype:trojan-activity;sid:83973932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110764)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110764/; classtype:trojan-activity;sid:83973864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110626)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.14.213.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110626/; classtype:trojan-activity;sid:83973726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110579)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.15.224.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110579/; classtype:trojan-activity;sid:83973679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110554)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110554/; classtype:trojan-activity;sid:83973654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110534)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.154.14.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110534/; classtype:trojan-activity;sid:83973634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110510)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.224.213.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110510/; classtype:trojan-activity;sid:83973610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110487)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/runtime.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110487/; classtype:trojan-activity;sid:83973587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110485)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gsprout.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110485/; classtype:trojan-activity;sid:83973585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110484)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stub.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110484/; classtype:trojan-activity;sid:83973584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110482)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110482/; classtype:trojan-activity;sid:83973582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110483)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/js.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110483/; classtype:trojan-activity;sid:83973583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110402)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mobiletrans.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110402/; classtype:trojan-activity;sid:83973502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110401)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzzz1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110401/; classtype:trojan-activity;sid:83973501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110395)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armanivenntii_crypted_easy.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110395/; classtype:trojan-activity;sid:83973495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110396)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6190317556063017550.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110396/; classtype:trojan-activity;sid:83973496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110397)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pctoccurred.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110397/; classtype:trojan-activity;sid:83973497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110398)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/doc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110398/; classtype:trojan-activity;sid:83973498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110399)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110399/; classtype:trojan-activity;sid:83973499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110400)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rorukal.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110400/; classtype:trojan-activity;sid:83973500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110389)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/northsperm.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110389/; classtype:trojan-activity;sid:83973489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110390)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mepaxil.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110390/; classtype:trojan-activity;sid:83973490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110391)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ukodbcdcl.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110391/; classtype:trojan-activity;sid:83973491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110392)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/semiconductornot.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110392/; classtype:trojan-activity;sid:83973492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110393)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scheduledllama.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110393/; classtype:trojan-activity;sid:83973493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110394)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/14082024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110394/; classtype:trojan-activity;sid:83973494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110001)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hogs.u32"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110001/; classtype:trojan-activity;sid:83973101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109981)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109981/; classtype:trojan-activity;sid:83973081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109982)"; flow:established,from_client; content:"GET"; http_method; content:"/in/204.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109982/; classtype:trojan-activity;sid:83973082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109980)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109980/; classtype:trojan-activity;sid:83973080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.204.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109695/; classtype:trojan-activity;sid:83972795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109697)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109697/; classtype:trojan-activity;sid:83972797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109452)"; flow:established,from_client; content:"GET"; http_method; content:"/images/002/537/415/full/whatsapp-logo-3-1.png|3f|1584245765"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109452/; classtype:trojan-activity;sid:83972552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109453)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/140/933/full/capturar.jpg|3f|1616184212"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109453/; classtype:trojan-activity;sid:83972553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109449)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/967/434/thumb/button.png"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109449/; classtype:trojan-activity;sid:83972549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109439)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/752/720/original/granitex.jpg|3f|1543516565"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109439/; classtype:trojan-activity;sid:83972539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109425)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/881/106/original/youtube.png|3f|1549480063"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109425/; classtype:trojan-activity;sid:83972525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109428)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/620/770/original/f284.jpg|3f|1641668895"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109428/; classtype:trojan-activity;sid:83972528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109406)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/956/295/thumb/mplogo22.png|3f|1658783084"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109406/; classtype:trojan-activity;sid:83972506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109396)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/551/147/original/sky8.png|3f|1689864217"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109396/; classtype:trojan-activity;sid:83972496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109381)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/912/781/thumb/logomp.png|3f|1655966639"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109381/; classtype:trojan-activity;sid:83972481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109382)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/612/441/full/3.png|3f|1695085716"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109382/; classtype:trojan-activity;sid:83972482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109370)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/415/079/original/imagemtimfinal.png|3f|168039419"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109370/; classtype:trojan-activity;sid:83972470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109366)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/770/199/full/logo-meli-br_2x.png|3f|1647201315"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109366/; classtype:trojan-activity;sid:83972466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109348)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/191/985/thumb/logo_evolo.png|3f|1669730114"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109348/; classtype:trojan-activity;sid:83972448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109330)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/002/623/original/sky8.png|3f|1661860465"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109330/; classtype:trojan-activity;sid:83972430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109314)"; flow:established,from_client; content:"GET"; http_method; content:"/images/002/976/790/full/cef.png|3f|1606180852"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109314/; classtype:trojan-activity;sid:83972414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109309)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/031/327/full/qpppppppppp.png|3f|1502141344"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109309/; classtype:trojan-activity;sid:83972409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109303)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/980/628/full/logo_it_9as8d7f.png|3f|1553264394"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109303/; classtype:trojan-activity;sid:83972403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.204.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109308/; classtype:trojan-activity;sid:83972408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109299)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/972/981/full/manoel_santos.png|3f|1659978692"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109299/; classtype:trojan-activity;sid:83972399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109300)"; flow:established,from_client; content:"GET"; http_method; content:"/images/000/889/191/full/cntt_prem.jpg|3f|1492018078"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109300/; classtype:trojan-activity;sid:83972400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109297)"; flow:established,from_client; content:"GET"; http_method; content:"/images/002/953/380/full/14pontos14jogos.jpeg|3f|1604940236"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109297/; classtype:trojan-activity;sid:83972397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109291)"; flow:established,from_client; content:"GET"; http_method; content:"/images/002/857/684/full/arte_oficial.jpg|3f|1598893173"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109291/; classtype:trojan-activity;sid:83972391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109280)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/039/779/full/amendujt.png|3f|1664339064"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109280/; classtype:trojan-activity;sid:83972380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109270)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/759/645/original/0004.jpg|3f|1711126095"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109270/; classtype:trojan-activity;sid:83972370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109264)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/382/855/full/liveptsveasbrad.jpg|3f|1678339424"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109264/; classtype:trojan-activity;sid:83972364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109249)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109249/; classtype:trojan-activity;sid:83972349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.204.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109080/; classtype:trojan-activity;sid:83972180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109072)"; flow:established,from_client; content:"GET"; http_method; content:"/download/new_image/new_image.jpg"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109072/; classtype:trojan-activity;sid:83972172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108504)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/webcam.dll"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108504/; classtype:trojan-activity;sid:83971604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108505)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108505/; classtype:trojan-activity;sid:83971605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108506)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/rootkit.dll"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108506/; classtype:trojan-activity;sid:83971606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108507)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/unrootkit.dll"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108507/; classtype:trojan-activity;sid:83971607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108503)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108503/; classtype:trojan-activity;sid:83971603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108502)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/version.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108502/; classtype:trojan-activity;sid:83971602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108491)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108491/; classtype:trojan-activity;sid:83971591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108459)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/robotic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108459/; classtype:trojan-activity;sid:83971559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106840)"; flow:established,from_client; content:"GET"; http_method; content:"/tool/extreme%20injector%20v3.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"124.220.235.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106840/; classtype:trojan-activity;sid:83969940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106560)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http:/154.216.19.139/bins/mirai.armv4l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106560/; classtype:trojan-activity;sid:83969660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106559)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http:/154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106559/; classtype:trojan-activity;sid:83969659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106558)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http:/154.216.19.139/bins/mirai.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106558/; classtype:trojan-activity;sid:83969658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106556)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http:/154.216.19.139/bins/mirai.armv6l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106556/; classtype:trojan-activity;sid:83969656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106557)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http:/154.216.19.139/bins/mirai.arc"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106557/; classtype:trojan-activity;sid:83969657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106551)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http:/154.216.19.139/bins/mirai.x86_64"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106551/; classtype:trojan-activity;sid:83969651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106552)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http:/154.216.19.139/bins/mirai.armv7l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106552/; classtype:trojan-activity;sid:83969652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106553)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http:/154.216.19.139/bins/mirai.armv5l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106553/; classtype:trojan-activity;sid:83969653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106554)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http:/154.216.19.139/bins/mirai.powerpc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106554/; classtype:trojan-activity;sid:83969654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106555)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http:/154.216.19.139/bins/mirai.mipsel"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106555/; classtype:trojan-activity;sid:83969655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106396)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/msedge.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106396/; classtype:trojan-activity;sid:83969496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105147)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_move.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105147/; classtype:trojan-activity;sid:83968247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105148)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_virus.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105148/; classtype:trojan-activity;sid:83968248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105149)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/keylogger.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105149/; classtype:trojan-activity;sid:83968249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105150)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/networks_profile.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105150/; classtype:trojan-activity;sid:83968250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105145)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/backdoor.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105145/; classtype:trojan-activity;sid:83968245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105146)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_move.bat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105146/; classtype:trojan-activity;sid:83968246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105144)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_virus.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105144/; classtype:trojan-activity;sid:83968244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103617)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out_test_sig.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103617/; classtype:trojan-activity;sid:83966717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103510)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.248.13.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103510/; classtype:trojan-activity;sid:83966610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103508)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.165.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103508/; classtype:trojan-activity;sid:83966608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103505)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"165.220.134.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103505/; classtype:trojan-activity;sid:83966605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103503)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.150.43.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103503/; classtype:trojan-activity;sid:83966603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103496)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.118.248.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103496/; classtype:trojan-activity;sid:83966596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103488)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103488/; classtype:trojan-activity;sid:83966588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103489)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103489/; classtype:trojan-activity;sid:83966589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103483)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.148.140.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103483/; classtype:trojan-activity;sid:83966583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103482)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.255.218.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103482/; classtype:trojan-activity;sid:83966582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103476/; classtype:trojan-activity;sid:83966576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.115.56.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103477/; classtype:trojan-activity;sid:83966577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103467)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103467/; classtype:trojan-activity;sid:83966567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103463)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.10.240.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103463/; classtype:trojan-activity;sid:83966563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103464)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.230.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103464/; classtype:trojan-activity;sid:83966564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103409)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/bkbvideos/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103409/; classtype:trojan-activity;sid:83966509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103413)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/bkbvideos/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103413/; classtype:trojan-activity;sid:83966513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103414)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/bkbvideos/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103414/; classtype:trojan-activity;sid:83966514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103396)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103396/; classtype:trojan-activity;sid:83966496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103394)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103394/; classtype:trojan-activity;sid:83966494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103395)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103395/; classtype:trojan-activity;sid:83966495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103351)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103351/; classtype:trojan-activity;sid:83966451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103339)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103339/; classtype:trojan-activity;sid:83966439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103340)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.167.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103340/; classtype:trojan-activity;sid:83966440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103197)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cookie250.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103197/; classtype:trojan-activity;sid:83966297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3102707)"; flow:established,from_client; content:"GET"; http_method; content:"/images/blink"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"117.250.224.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3102707/; classtype:trojan-activity;sid:83965807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3102194)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nano.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3102194/; classtype:trojan-activity;sid:83965294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3102108)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1111.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3102108/; classtype:trojan-activity;sid:83965208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101697)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identifications.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101697/; classtype:trojan-activity;sid:83964797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101696)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pimer_bbbcontents7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101696/; classtype:trojan-activity;sid:83964796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101202)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setupnew3/raw/5b5d1a339e750dfcc24fd8a7805629dd300db45b/g2m.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101202/; classtype:trojan-activity;sid:83964302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101203)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setupnew3/raw/f6a9d2071e5b6947d79a7e0bba8e57326fcd76e9/aperturelab.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101203/; classtype:trojan-activity;sid:83964303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101191)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setup1055/raw/main/installerpack_20.1.23770_win64.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101191/; classtype:trojan-activity;sid:83964291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101087)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setupnew3/releases/download/setupnew/install.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101087/; classtype:trojan-activity;sid:83964187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100622)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/request.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3100622/; classtype:trojan-activity;sid:83963722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100103)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthclient.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100103/; classtype:trojan-activity;sid:83963203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100102)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100102/; classtype:trojan-activity;sid:83963202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100100)"; flow:established,from_client; content:"GET"; http_method; content:"/ggwsupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100100/; classtype:trojan-activity;sid:83963200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100042)"; flow:established,from_client; content:"GET"; http_method; content:"/joelgmsec/invoke-stealth/main/resources/betterxencrypt/betterxencrypt.ps1"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100042/; classtype:trojan-activity;sid:83963142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099961)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http:/154.216.19.139/bins/mirai.sh4"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099961/; classtype:trojan-activity;sid:83963061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099962)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http:/154.216.19.139/bins/mirai.i586"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099962/; classtype:trojan-activity;sid:83963062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099963)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http:/154.216.19.139/bins/mirai.sparc"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099963/; classtype:trojan-activity;sid:83963063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099965)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http:/154.216.19.139/bins/mirai.m68k"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099965/; classtype:trojan-activity;sid:83963065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099966)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http:/154.216.19.139/bins/mirai.mips"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099966/; classtype:trojan-activity;sid:83963066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099960)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http:/154.216.19.139/bins/mirai.i686"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099960/; classtype:trojan-activity;sid:83963060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099818)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator222.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099818/; classtype:trojan-activity;sid:83962918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099812)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/annesalt.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099812/; classtype:trojan-activity;sid:83962912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099813)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/considerablewinners.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099813/; classtype:trojan-activity;sid:83962913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099814)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uhigdbf.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099814/; classtype:trojan-activity;sid:83962914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099815)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/redsystem.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099815/; classtype:trojan-activity;sid:83962915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099816)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yoyf.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099816/; classtype:trojan-activity;sid:83962916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099810)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vhpcde.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099810/; classtype:trojan-activity;sid:83962910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099811)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cudo.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099811/; classtype:trojan-activity;sid:83962911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099808)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/300.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099808/; classtype:trojan-activity;sid:83962908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099809)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/343dsxs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099809/; classtype:trojan-activity;sid:83962909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099807)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadey.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099807/; classtype:trojan-activity;sid:83962907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099776)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/team.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099776/; classtype:trojan-activity;sid:83962876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099772)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/consoleapp3.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099772/; classtype:trojan-activity;sid:83962872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099774)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099774/; classtype:trojan-activity;sid:83962874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099762)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/opdxdyeul.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099762/; classtype:trojan-activity;sid:83962862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099760)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/06082025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099760/; classtype:trojan-activity;sid:83962860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097654)"; flow:established,from_client; content:"GET"; http_method; content:"/r2.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.180.196.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097654/; classtype:trojan-activity;sid:83960754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097476)"; flow:established,from_client; content:"GET"; http_method; content:"/js/test.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.sumiyuki.co.jp"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097476/; classtype:trojan-activity;sid:83960576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097429)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/operation6572.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097429/; classtype:trojan-activity;sid:83960529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097297)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armadegon.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097297/; classtype:trojan-activity;sid:83960397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097244)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097244/; classtype:trojan-activity;sid:83960344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097239)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097239/; classtype:trojan-activity;sid:83960339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097240)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097240/; classtype:trojan-activity;sid:83960340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097241)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097241/; classtype:trojan-activity;sid:83960341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097242)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097242/; classtype:trojan-activity;sid:83960342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097243)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097243/; classtype:trojan-activity;sid:83960343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097229)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097229/; classtype:trojan-activity;sid:83960329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097230)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097230/; classtype:trojan-activity;sid:83960330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097231)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097231/; classtype:trojan-activity;sid:83960331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097232)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097232/; classtype:trojan-activity;sid:83960332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097233)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097233/; classtype:trojan-activity;sid:83960333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097234)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097234/; classtype:trojan-activity;sid:83960334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097235)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097235/; classtype:trojan-activity;sid:83960335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097236)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097236/; classtype:trojan-activity;sid:83960336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097237)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097237/; classtype:trojan-activity;sid:83960337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097238)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097238/; classtype:trojan-activity;sid:83960338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097110)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rage.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097110/; classtype:trojan-activity;sid:83960210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/1.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"inspirepk.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096571/; classtype:trojan-activity;sid:83959671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096545)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/30072024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096545/; classtype:trojan-activity;sid:83959645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096542)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kitty.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096542/; classtype:trojan-activity;sid:83959642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096543)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096543/; classtype:trojan-activity;sid:83959643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096544)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096544/; classtype:trojan-activity;sid:83959644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096428)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096428/; classtype:trojan-activity;sid:83959528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096417)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096417/; classtype:trojan-activity;sid:83959517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096404)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096404/; classtype:trojan-activity;sid:83959504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096385)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096385/; classtype:trojan-activity;sid:83959485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095177)"; flow:established,from_client; content:"GET"; http_method; content:"/blink"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"152.168.125.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095177/; classtype:trojan-activity;sid:83958277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3094781)"; flow:established,from_client; content:"GET"; http_method; content:"/logon.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.15.9.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3094781/; classtype:trojan-activity;sid:83957881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093388)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093388/; classtype:trojan-activity;sid:83956488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093391)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"59.110.136.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093391/; classtype:trojan-activity;sid:83956491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093383)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.236.19.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093383/; classtype:trojan-activity;sid:83956483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093191)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.243.175.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093191/; classtype:trojan-activity;sid:83956291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093153)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.36.117.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093153/; classtype:trojan-activity;sid:83956253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093129)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.137.140.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093129/; classtype:trojan-activity;sid:83956229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093133)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.5.43.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093133/; classtype:trojan-activity;sid:83956233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093077)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.2.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093077/; classtype:trojan-activity;sid:83956177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093012)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.200.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093012/; classtype:trojan-activity;sid:83956112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092998)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.113.179.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092998/; classtype:trojan-activity;sid:83956098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092930)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.60.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092930/; classtype:trojan-activity;sid:83956030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092909)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"59.110.136.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092909/; classtype:trojan-activity;sid:83956009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092916)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.196.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092916/; classtype:trojan-activity;sid:83956016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092877)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.175.101.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092877/; classtype:trojan-activity;sid:83955977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092881)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.16.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092881/; classtype:trojan-activity;sid:83955981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091753)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/av.scr"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091753/; classtype:trojan-activity;sid:83954853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091745)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/photo.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091745/; classtype:trojan-activity;sid:83954845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091743)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091743/; classtype:trojan-activity;sid:83954843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091738)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091738/; classtype:trojan-activity;sid:83954838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091729)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.230.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091729/; classtype:trojan-activity;sid:83954829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091730)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091730/; classtype:trojan-activity;sid:83954830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091734)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.230.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091734/; classtype:trojan-activity;sid:83954834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091735)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.230.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091735/; classtype:trojan-activity;sid:83954835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091725)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.230.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091725/; classtype:trojan-activity;sid:83954825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091727)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"41.230.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091727/; classtype:trojan-activity;sid:83954827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091709)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.230.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091709/; classtype:trojan-activity;sid:83954809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091696)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/video.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091696/; classtype:trojan-activity;sid:83954796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091697)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/photo.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091697/; classtype:trojan-activity;sid:83954797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091665)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/av.lnk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091665/; classtype:trojan-activity;sid:83954765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091659)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/video.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091659/; classtype:trojan-activity;sid:83954759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089687)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clsid.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3089687/; classtype:trojan-activity;sid:83952787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089612)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3544436.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3089612/; classtype:trojan-activity;sid:83952712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%88%91%e7%9a%84%e7%94%b5%e8%a7%86tv-v2.1.8-%e5%85%8d%e8%b4%b9%e7%ba%af%e5%87%80%e7%89%88.apk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088911/; classtype:trojan-activity;sid:83952011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088858)"; flow:established,from_client; content:"GET"; http_method; content:"/1722087714.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.116.192.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088858/; classtype:trojan-activity;sid:83951958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088857)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.116.192.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088857/; classtype:trojan-activity;sid:83951957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088306)"; flow:established,from_client; content:"GET"; http_method; content:"/dtl.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.251.102.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088306/; classtype:trojan-activity;sid:83951406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087715)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cbmefxrmnv.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087715/; classtype:trojan-activity;sid:83950815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087662)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/systems.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087662/; classtype:trojan-activity;sid:83950762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087649)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087649/; classtype:trojan-activity;sid:83950749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086916)"; flow:established,from_client; content:"GET"; http_method; content:"/fucksupershell"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"park.chuitian.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086916/; classtype:trojan-activity;sid:83950016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086915)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/rssh"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"park.chuitian.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086915/; classtype:trojan-activity;sid:83950015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086914)"; flow:established,from_client; content:"GET"; http_method; content:"/fucksupershell"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rd.chuitian.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086914/; classtype:trojan-activity;sid:83950014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086911)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/n"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ciscocdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086911/; classtype:trojan-activity;sid:83950011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086908)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rd.chuitian.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086908/; classtype:trojan-activity;sid:83950008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086907)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"park.chuitian.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086907/; classtype:trojan-activity;sid:83950007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086906)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/rssh"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"rd.chuitian.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086906/; classtype:trojan-activity;sid:83950006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086854)"; flow:established,from_client; content:"GET"; http_method; content:"/d2/cdclient.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"dld.jxwan.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086854/; classtype:trojan-activity;sid:83949954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086853)"; flow:established,from_client; content:"GET"; http_method; content:"/d2/x64.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dld.jxwan.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086853/; classtype:trojan-activity;sid:83949953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086850)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1//three-daisies.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086850/; classtype:trojan-activity;sid:83949950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086851)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1//yellow-rose.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086851/; classtype:trojan-activity;sid:83949951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086849)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1//smell-the-roses.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086849/; classtype:trojan-activity;sid:83949949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086847)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jf/jf.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086847/; classtype:trojan-activity;sid:83949947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086846)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings//greetings1/wow.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086846/; classtype:trojan-activity;sid:83949946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086844)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings//greetings1/whats-new.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086844/; classtype:trojan-activity;sid:83949944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086843)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings//greetings1/hiya.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086843/; classtype:trojan-activity;sid:83949943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086829)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//jet.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086829/; classtype:trojan-activity;sid:83949929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086830)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//sunset1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086830/; classtype:trojan-activity;sid:83949930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086831)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/china.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086831/; classtype:trojan-activity;sid:83949931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086832)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//foggy-mountains.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086832/; classtype:trojan-activity;sid:83949932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086833)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//mountain-pasture.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086833/; classtype:trojan-activity;sid:83949933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086416)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/x64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"43.134.118.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086416/; classtype:trojan-activity;sid:83949516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086388)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/n"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"43.134.118.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086388/; classtype:trojan-activity;sid:83949488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086390)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%5bwin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086390/; classtype:trojan-activity;sid:83949490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3084981)"; flow:established,from_client; content:"GET"; http_method; content:"/chisel.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"4.180.120.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3084981/; classtype:trojan-activity;sid:83948081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083844)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083844/; classtype:trojan-activity;sid:83946944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083792)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/23c2343.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083792/; classtype:trojan-activity;sid:83946892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083790)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-24_23-16.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083790/; classtype:trojan-activity;sid:83946890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083248)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3083248/; classtype:trojan-activity;sid:83946348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083247)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3083247/; classtype:trojan-activity;sid:83946347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083096)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3083096/; classtype:trojan-activity;sid:83946196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081942)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081942/; classtype:trojan-activity;sid:83945042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081941)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mynewrdx.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081941/; classtype:trojan-activity;sid:83945041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081930)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4434.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081930/; classtype:trojan-activity;sid:83945030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.16.67.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3081519/; classtype:trojan-activity;sid:83944619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081274)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3081274/; classtype:trojan-activity;sid:83944374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081269)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3081269/; classtype:trojan-activity;sid:83944369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3080574)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.152.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3080574/; classtype:trojan-activity;sid:83943674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.147.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079797/; classtype:trojan-activity;sid:83942897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079718)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.77.253.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079718/; classtype:trojan-activity;sid:83942818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079460)"; flow:established,from_client; content:"GET"; http_method; content:"/webdav"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079460/; classtype:trojan-activity;sid:83942560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079150)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079150/; classtype:trojan-activity;sid:83942250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.16.67.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079051/; classtype:trojan-activity;sid:83942151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3078753)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/postbox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3078753/; classtype:trojan-activity;sid:83941853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3078669)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_valenciga.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3078669/; classtype:trojan-activity;sid:83941769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075283)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075283/; classtype:trojan-activity;sid:83938383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075047)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/anticheat.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075047/; classtype:trojan-activity;sid:83938147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075049)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-27_00-41.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075049/; classtype:trojan-activity;sid:83938149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3074802)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhostc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3074802/; classtype:trojan-activity;sid:83937902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3074142)"; flow:established,from_client; content:"GET"; http_method; content:"/chromedump.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.140.133.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3074142/; classtype:trojan-activity;sid:83937242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072990)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072990/; classtype:trojan-activity;sid:83936090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072974)"; flow:established,from_client; content:"GET"; http_method; content:"/adrinnno/ptwis/raw/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072974/; classtype:trojan-activity;sid:83936074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072975)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/raw/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072975/; classtype:trojan-activity;sid:83936075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072977)"; flow:established,from_client; content:"GET"; http_method; content:"/mendoza1123/rgya/raw/main/transaction_error_details_file_981209_jpeg.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072977/; classtype:trojan-activity;sid:83936077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072978)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/raw/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072978/; classtype:trojan-activity;sid:83936078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072979)"; flow:established,from_client; content:"GET"; http_method; content:"/mendoza1123/rgya/main/transaction_error_details_file_981209_jpeg.rar"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072979/; classtype:trojan-activity;sid:83936079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072969)"; flow:established,from_client; content:"GET"; http_method; content:"/deannwas/policah/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072969/; classtype:trojan-activity;sid:83936069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072970)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/main/ref_ba0929399122_pdf.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072970/; classtype:trojan-activity;sid:83936070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072971)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/raw/main/ref_ba0929399122_pdf.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072971/; classtype:trojan-activity;sid:83936071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072972)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072972/; classtype:trojan-activity;sid:83936072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072973)"; flow:established,from_client; content:"GET"; http_method; content:"/grayinv/henidus/raw/main/transaction_end_ids_58788719853478_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072973/; classtype:trojan-activity;sid:83936073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072521)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072521/; classtype:trojan-activity;sid:83935621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071940)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071940/; classtype:trojan-activity;sid:83935040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071939)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pharmaciesdetection.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071939/; classtype:trojan-activity;sid:83935039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/influencednervous.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071844/; classtype:trojan-activity;sid:83934944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071843)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/buildred.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071843/; classtype:trojan-activity;sid:83934943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069729)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069729/; classtype:trojan-activity;sid:83932829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069617)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069617/; classtype:trojan-activity;sid:83932717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069502)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069502/; classtype:trojan-activity;sid:83932602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069343)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069343/; classtype:trojan-activity;sid:83932443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069334)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069334/; classtype:trojan-activity;sid:83932434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069309)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069309/; classtype:trojan-activity;sid:83932409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069282)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069282/; classtype:trojan-activity;sid:83932382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069242)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069242/; classtype:trojan-activity;sid:83932342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069239)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069239/; classtype:trojan-activity;sid:83932339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069103)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069103/; classtype:trojan-activity;sid:83932203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069082)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069082/; classtype:trojan-activity;sid:83932182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069085)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069085/; classtype:trojan-activity;sid:83932185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068965)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068965/; classtype:trojan-activity;sid:83932065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068937)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068937/; classtype:trojan-activity;sid:83932037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068939)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068939/; classtype:trojan-activity;sid:83932039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068940)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068940/; classtype:trojan-activity;sid:83932040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068918)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068918/; classtype:trojan-activity;sid:83932018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068905)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068905/; classtype:trojan-activity;sid:83932005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068892)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068892/; classtype:trojan-activity;sid:83931992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068876)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068876/; classtype:trojan-activity;sid:83931976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068878)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068878/; classtype:trojan-activity;sid:83931978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068828)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068828/; classtype:trojan-activity;sid:83931928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068829)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068829/; classtype:trojan-activity;sid:83931929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068844)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068844/; classtype:trojan-activity;sid:83931944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068822)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068822/; classtype:trojan-activity;sid:83931922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068803)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068803/; classtype:trojan-activity;sid:83931903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068809)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068809/; classtype:trojan-activity;sid:83931909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068814)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068814/; classtype:trojan-activity;sid:83931914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068783)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068783/; classtype:trojan-activity;sid:83931883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068784)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068784/; classtype:trojan-activity;sid:83931884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068785)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068785/; classtype:trojan-activity;sid:83931885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068788)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068788/; classtype:trojan-activity;sid:83931888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068778)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068778/; classtype:trojan-activity;sid:83931878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068779)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068779/; classtype:trojan-activity;sid:83931879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068781)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068781/; classtype:trojan-activity;sid:83931881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068759)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068759/; classtype:trojan-activity;sid:83931859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068762)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068762/; classtype:trojan-activity;sid:83931862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068757)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068757/; classtype:trojan-activity;sid:83931857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068749)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068749/; classtype:trojan-activity;sid:83931849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068750)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068750/; classtype:trojan-activity;sid:83931850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068731)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068731/; classtype:trojan-activity;sid:83931831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068734)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068734/; classtype:trojan-activity;sid:83931834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068735)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068735/; classtype:trojan-activity;sid:83931835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068736)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068736/; classtype:trojan-activity;sid:83931836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068739)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068739/; classtype:trojan-activity;sid:83931839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068741)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068741/; classtype:trojan-activity;sid:83931841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068727)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068727/; classtype:trojan-activity;sid:83931827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068728)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068728/; classtype:trojan-activity;sid:83931828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068714)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068714/; classtype:trojan-activity;sid:83931814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068707)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068707/; classtype:trojan-activity;sid:83931807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068710)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068710/; classtype:trojan-activity;sid:83931810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068699)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068699/; classtype:trojan-activity;sid:83931799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068703)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068703/; classtype:trojan-activity;sid:83931803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068692)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068692/; classtype:trojan-activity;sid:83931792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068694)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068694/; classtype:trojan-activity;sid:83931794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068683)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068683/; classtype:trojan-activity;sid:83931783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068685)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068685/; classtype:trojan-activity;sid:83931785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068687)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068687/; classtype:trojan-activity;sid:83931787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068688)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068688/; classtype:trojan-activity;sid:83931788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068679)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068679/; classtype:trojan-activity;sid:83931779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068680)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068680/; classtype:trojan-activity;sid:83931780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068681)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068681/; classtype:trojan-activity;sid:83931781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068668)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068668/; classtype:trojan-activity;sid:83931768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068674)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068674/; classtype:trojan-activity;sid:83931774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068662)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068662/; classtype:trojan-activity;sid:83931762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068664)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068664/; classtype:trojan-activity;sid:83931764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068667)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068667/; classtype:trojan-activity;sid:83931767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068656)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068656/; classtype:trojan-activity;sid:83931756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068644)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068644/; classtype:trojan-activity;sid:83931744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068646)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068646/; classtype:trojan-activity;sid:83931746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068647)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068647/; classtype:trojan-activity;sid:83931747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068655)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068655/; classtype:trojan-activity;sid:83931755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068642)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068642/; classtype:trojan-activity;sid:83931742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068643)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068643/; classtype:trojan-activity;sid:83931743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068599)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068599/; classtype:trojan-activity;sid:83931699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068595)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068595/; classtype:trojan-activity;sid:83931695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068593)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068593/; classtype:trojan-activity;sid:83931693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068579)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068579/; classtype:trojan-activity;sid:83931679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068584)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068584/; classtype:trojan-activity;sid:83931684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068572)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068572/; classtype:trojan-activity;sid:83931672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068564)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068564/; classtype:trojan-activity;sid:83931664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068569)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068569/; classtype:trojan-activity;sid:83931669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068548)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068548/; classtype:trojan-activity;sid:83931648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068550)"; flow:established,from_client; content:"GET"; http_method; content:"/o.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068550/; classtype:trojan-activity;sid:83931650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068538)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068538/; classtype:trojan-activity;sid:83931638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068539)"; flow:established,from_client; content:"GET"; http_method; content:"/m.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068539/; classtype:trojan-activity;sid:83931639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068540)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068540/; classtype:trojan-activity;sid:83931640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068542)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068542/; classtype:trojan-activity;sid:83931642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068546)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068546/; classtype:trojan-activity;sid:83931646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068534)"; flow:established,from_client; content:"GET"; http_method; content:"/t1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068534/; classtype:trojan-activity;sid:83931634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068535)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068535/; classtype:trojan-activity;sid:83931635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068351)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dccrypt.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068351/; classtype:trojan-activity;sid:83931451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068352)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/decryptjohn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068352/; classtype:trojan-activity;sid:83931452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068353)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/server.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068353/; classtype:trojan-activity;sid:83931453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068350)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-25_20-56.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068350/; classtype:trojan-activity;sid:83931450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067426)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067426/; classtype:trojan-activity;sid:83930526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067427)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067427/; classtype:trojan-activity;sid:83930527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067318)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067318/; classtype:trojan-activity;sid:83930418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067316)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067316/; classtype:trojan-activity;sid:83930416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067315)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067315/; classtype:trojan-activity;sid:83930415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067314/; classtype:trojan-activity;sid:83930414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067313/; classtype:trojan-activity;sid:83930413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067312)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067312/; classtype:trojan-activity;sid:83930412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067310)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067310/; classtype:trojan-activity;sid:83930410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067309)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067309/; classtype:trojan-activity;sid:83930409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067307)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067307/; classtype:trojan-activity;sid:83930407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067308)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067308/; classtype:trojan-activity;sid:83930408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063596)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/ld2207-88703.appspot.com/o/ldmx2207|3f|alt=media|7c|26|7c|token=ea4d3172-9ea9-4c03-96a7-2174419c6a1e"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063596/; classtype:trojan-activity;sid:83926696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063290/; classtype:trojan-activity;sid:83926390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059331)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059331/; classtype:trojan-activity;sid:83922431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059332)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059332/; classtype:trojan-activity;sid:83922432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059333)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059333/; classtype:trojan-activity;sid:83922433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059334)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059334/; classtype:trojan-activity;sid:83922434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059326)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059326/; classtype:trojan-activity;sid:83922426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059327)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059327/; classtype:trojan-activity;sid:83922427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059328)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059328/; classtype:trojan-activity;sid:83922428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059329)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059329/; classtype:trojan-activity;sid:83922429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059330)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059330/; classtype:trojan-activity;sid:83922430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059323)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059323/; classtype:trojan-activity;sid:83922423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059324)"; flow:established,from_client; content:"GET"; http_method; content:"/sensi.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.139.104.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059324/; classtype:trojan-activity;sid:83922424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058858)"; flow:established,from_client; content:"GET"; http_method; content:"/bp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"34.102.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058858/; classtype:trojan-activity;sid:83921958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058859)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"34.102.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058859/; classtype:trojan-activity;sid:83921959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058860)"; flow:established,from_client; content:"GET"; http_method; content:"/jp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"34.102.78.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058860/; classtype:trojan-activity;sid:83921960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058205)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058205/; classtype:trojan-activity;sid:83921305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058195/; classtype:trojan-activity;sid:83921295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058196)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058196/; classtype:trojan-activity;sid:83921296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058197)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058197/; classtype:trojan-activity;sid:83921297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058198)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.i486"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058198/; classtype:trojan-activity;sid:83921298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058199/; classtype:trojan-activity;sid:83921299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058200/; classtype:trojan-activity;sid:83921300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058201)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058201/; classtype:trojan-activity;sid:83921301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i486"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058202/; classtype:trojan-activity;sid:83921302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058194/; classtype:trojan-activity;sid:83921294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058187/; classtype:trojan-activity;sid:83921287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058188)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.armv6l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058188/; classtype:trojan-activity;sid:83921288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv6l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058189/; classtype:trojan-activity;sid:83921289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv7l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058190/; classtype:trojan-activity;sid:83921290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058191)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.armv7l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058191/; classtype:trojan-activity;sid:83921291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv5l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058192/; classtype:trojan-activity;sid:83921292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058193)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.armv4l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058193/; classtype:trojan-activity;sid:83921293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058186)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.armv5l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058186/; classtype:trojan-activity;sid:83921286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058173)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058173/; classtype:trojan-activity;sid:83921273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058174)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058174/; classtype:trojan-activity;sid:83921274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058175)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058175/; classtype:trojan-activity;sid:83921275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058176)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.aarch64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058176/; classtype:trojan-activity;sid:83921276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058177)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058177/; classtype:trojan-activity;sid:83921277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058178)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.powerpc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058178/; classtype:trojan-activity;sid:83921278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058179)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058179/; classtype:trojan-activity;sid:83921279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058180)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.powerpc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058180/; classtype:trojan-activity;sid:83921280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058181)"; flow:established,from_client; content:"GET"; http_method; content:"/loadbot.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058181/; classtype:trojan-activity;sid:83921281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058182/; classtype:trojan-activity;sid:83921282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.sparc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058183/; classtype:trojan-activity;sid:83921283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058184)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/bin.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058184/; classtype:trojan-activity;sid:83921284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.aarch64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.204.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058185/; classtype:trojan-activity;sid:83921285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052814)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.15.239.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052814/; classtype:trojan-activity;sid:83915914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052707/; classtype:trojan-activity;sid:83915807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052704)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052704/; classtype:trojan-activity;sid:83915804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.248.47.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052415/; classtype:trojan-activity;sid:83915515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052412/; classtype:trojan-activity;sid:83915512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052413/; classtype:trojan-activity;sid:83915513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052414/; classtype:trojan-activity;sid:83915514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052395/; classtype:trojan-activity;sid:83915495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052400/; classtype:trojan-activity;sid:83915500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052392/; classtype:trojan-activity;sid:83915492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052393/; classtype:trojan-activity;sid:83915493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052394/; classtype:trojan-activity;sid:83915494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045201)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045201/; classtype:trojan-activity;sid:83908301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045202)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045202/; classtype:trojan-activity;sid:83908302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045203)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045203/; classtype:trojan-activity;sid:83908303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045192)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045192/; classtype:trojan-activity;sid:83908292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045193)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045193/; classtype:trojan-activity;sid:83908293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045194)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045194/; classtype:trojan-activity;sid:83908294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045197)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045197/; classtype:trojan-activity;sid:83908297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045187)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045187/; classtype:trojan-activity;sid:83908287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045191)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045191/; classtype:trojan-activity;sid:83908291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045186)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045186/; classtype:trojan-activity;sid:83908286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045183)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045183/; classtype:trojan-activity;sid:83908283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045184)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045184/; classtype:trojan-activity;sid:83908284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045176)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045176/; classtype:trojan-activity;sid:83908276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045177)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045177/; classtype:trojan-activity;sid:83908277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045175)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045175/; classtype:trojan-activity;sid:83908275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045166)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045166/; classtype:trojan-activity;sid:83908266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045168)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"deauduafzgezzfgm.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045168/; classtype:trojan-activity;sid:83908268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045169)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045169/; classtype:trojan-activity;sid:83908269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045163)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045163/; classtype:trojan-activity;sid:83908263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045165)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045165/; classtype:trojan-activity;sid:83908265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045161)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045161/; classtype:trojan-activity;sid:83908261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045162)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeufoeahfouefhg.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045162/; classtype:trojan-activity;sid:83908262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045157)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"loeghaiofiehfihf.to"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045157/; classtype:trojan-activity;sid:83908257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045159)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045159/; classtype:trojan-activity;sid:83908259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045160)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rddissisifigifidi.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045160/; classtype:trojan-activity;sid:83908260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045148)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045148/; classtype:trojan-activity;sid:83908248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045145)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045145/; classtype:trojan-activity;sid:83908245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045146)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045146/; classtype:trojan-activity;sid:83908246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045144)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045144/; classtype:trojan-activity;sid:83908244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968688)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968688/; classtype:trojan-activity;sid:83831788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968679)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/12.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968679/; classtype:trojan-activity;sid:83831779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968678)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/22.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968678/; classtype:trojan-activity;sid:83831778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952278)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rz.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952278/; classtype:trojan-activity;sid:83815378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952271)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952271/; classtype:trojan-activity;sid:83815371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952272)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/async.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952272/; classtype:trojan-activity;sid:83815372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952273)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/wx1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952273/; classtype:trojan-activity;sid:83815373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952274)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rup.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952274/; classtype:trojan-activity;sid:83815374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952275)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rr2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952275/; classtype:trojan-activity;sid:83815375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952276)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952276/; classtype:trojan-activity;sid:83815376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952277)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmup.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952277/; classtype:trojan-activity;sid:83815377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952266)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nj.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952266/; classtype:trojan-activity;sid:83815366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952267)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nj.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952267/; classtype:trojan-activity;sid:83815367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952268)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nc.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952268/; classtype:trojan-activity;sid:83815368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952269)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny0.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952269/; classtype:trojan-activity;sid:83815369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952263)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r1.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952263/; classtype:trojan-activity;sid:83815363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952264)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nx.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952264/; classtype:trojan-activity;sid:83815364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952265)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/ps1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952265/; classtype:trojan-activity;sid:83815365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952258)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/fesarog.txt"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952258/; classtype:trojan-activity;sid:83815358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952259)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/p.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952259/; classtype:trojan-activity;sid:83815359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952260)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/n3.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952260/; classtype:trojan-activity;sid:83815360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952261)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/n3.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952261/; classtype:trojan-activity;sid:83815361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952262)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/p.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952262/; classtype:trojan-activity;sid:83815362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952253)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/ps1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952253/; classtype:trojan-activity;sid:83815353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952254)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/n1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952254/; classtype:trojan-activity;sid:83815354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952255)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qx.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952255/; classtype:trojan-activity;sid:83815355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952256)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qxx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952256/; classtype:trojan-activity;sid:83815356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952257)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952257/; classtype:trojan-activity;sid:83815357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952244)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rr2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952244/; classtype:trojan-activity;sid:83815344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952245)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/dx.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952245/; classtype:trojan-activity;sid:83815345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952246)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qx.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952246/; classtype:trojan-activity;sid:83815346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952247)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/async.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952247/; classtype:trojan-activity;sid:83815347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952248)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/dcr.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952248/; classtype:trojan-activity;sid:83815348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952249)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny1.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952249/; classtype:trojan-activity;sid:83815349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952250)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/fesarog.txt"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952250/; classtype:trojan-activity;sid:83815350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952251)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rm.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952251/; classtype:trojan-activity;sid:83815351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952238)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/qxx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952238/; classtype:trojan-activity;sid:83815338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952239)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/nx.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952239/; classtype:trojan-activity;sid:83815339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952240)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/zx2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952240/; classtype:trojan-activity;sid:83815340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952241)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/q2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952241/; classtype:trojan-activity;sid:83815341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952242)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/r1.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952242/; classtype:trojan-activity;sid:83815342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952234)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/ny0.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952234/; classtype:trojan-activity;sid:83815334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952236)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/n1.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952236/; classtype:trojan-activity;sid:83815336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952237)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/q2.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952237/; classtype:trojan-activity;sid:83815337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952231)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rm.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952231/; classtype:trojan-activity;sid:83815331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952232)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmup.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952232/; classtype:trojan-activity;sid:83815332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952233)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/pr.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952233/; classtype:trojan-activity;sid:83815333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952226)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/asx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952226/; classtype:trojan-activity;sid:83815326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952227)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/dx.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952227/; classtype:trojan-activity;sid:83815327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952228)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rup.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952228/; classtype:trojan-activity;sid:83815328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952229)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nc.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952229/; classtype:trojan-activity;sid:83815329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952230)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/rz.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952230/; classtype:trojan-activity;sid:83815330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952224)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q7.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952224/; classtype:trojan-activity;sid:83815324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952225)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sh/asx.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952225/; classtype:trojan-activity;sid:83815325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952220)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/pef3dir.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952220/; classtype:trojan-activity;sid:83815320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952221)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952221/; classtype:trojan-activity;sid:83815321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952222)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952222/; classtype:trojan-activity;sid:83815322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952218)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q7.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952218/; classtype:trojan-activity;sid:83815318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952219)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/t3.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952219/; classtype:trojan-activity;sid:83815319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952215)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/wx1.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952215/; classtype:trojan-activity;sid:83815315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952216)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/t3.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952216/; classtype:trojan-activity;sid:83815316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952217)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/rmz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952217/; classtype:trojan-activity;sid:83815317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952212)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952212/; classtype:trojan-activity;sid:83815312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952213)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/q1.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952213/; classtype:trojan-activity;sid:83815313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952214)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/dcr.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952214/; classtype:trojan-activity;sid:83815314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952211)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/pr.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952211/; classtype:trojan-activity;sid:83815311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952209)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/dllxf3.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952209/; classtype:trojan-activity;sid:83815309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952204)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/zx2.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952204/; classtype:trojan-activity;sid:83815304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952205)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njx.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952205/; classtype:trojan-activity;sid:83815305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952206)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njz.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952206/; classtype:trojan-activity;sid:83815306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952208)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/sgrh/nousados/njx.txt"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952208/; classtype:trojan-activity;sid:83815308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949406/; classtype:trojan-activity;sid:83812506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946132/; classtype:trojan-activity;sid:83809232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945569)"; flow:established,from_client; content:"GET"; http_method; content:"/22/items/new_image_20240628_1859/new_image.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ia903207.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945569/; classtype:trojan-activity;sid:83808669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; content:"GET"; http_method; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943953)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/sss.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"39.103.150.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943953/; classtype:trojan-activity;sid:83807053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943264)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.183.9.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2943264/; classtype:trojan-activity;sid:83806364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942730)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"117.50.184.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942730/; classtype:trojan-activity;sid:83805830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942727)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942727/; classtype:trojan-activity;sid:83805827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942725)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download//1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942725/; classtype:trojan-activity;sid:83805825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942718)"; flow:established,from_client; content:"GET"; http_method; content:"/fucksupershell"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942718/; classtype:trojan-activity;sid:83805818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942715)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/tool"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942715/; classtype:trojan-activity;sid:83805815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942714)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942714/; classtype:trojan-activity;sid:83805814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942694)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/123.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942694/; classtype:trojan-activity;sid:83805794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942673)"; flow:established,from_client; content:"GET"; http_method; content:"//shell.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.96.128.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942673/; classtype:trojan-activity;sid:83805773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942671)"; flow:established,from_client; content:"GET"; http_method; content:"/gdb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.96.128.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942671/; classtype:trojan-activity;sid:83805771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942567)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942567/; classtype:trojan-activity;sid:83805667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942557)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/tool.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942557/; classtype:trojan-activity;sid:83805657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934823)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/000.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934823/; classtype:trojan-activity;sid:83797923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934821)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/noescape.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934821/; classtype:trojan-activity;sid:83797921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932525)"; flow:established,from_client; content:"GET"; http_method; content:"/fotonview.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932525/; classtype:trojan-activity;sid:83795625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932524)"; flow:established,from_client; content:"GET"; http_method; content:"/evaluation.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932524/; classtype:trojan-activity;sid:83795624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932523)"; flow:established,from_client; content:"GET"; http_method; content:"/cameracomponent.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932523/; classtype:trojan-activity;sid:83795623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932522)"; flow:established,from_client; content:"GET"; http_method; content:"/kuwaitsetuphockey.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932522/; classtype:trojan-activity;sid:83795622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932521)"; flow:established,from_client; content:"GET"; http_method; content:"/officialsevaluationold.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932521/; classtype:trojan-activity;sid:83795621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932520)"; flow:established,from_client; content:"GET"; http_method; content:"/srbijasetuphokej.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932520/; classtype:trojan-activity;sid:83795620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932466)"; flow:established,from_client; content:"GET"; http_method; content:"/64.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.108.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932466/; classtype:trojan-activity;sid:83795566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932462)"; flow:established,from_client; content:"GET"; http_method; content:"/hooks.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hook.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932462/; classtype:trojan-activity;sid:83795562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932461)"; flow:established,from_client; content:"GET"; http_method; content:"/mpmgsvc.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hook.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932461/; classtype:trojan-activity;sid:83795561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921858)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2921858/; classtype:trojan-activity;sid:83784958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921210)"; flow:established,from_client; content:"GET"; http_method; content:"/data/a.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"129.151.210.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2921210/; classtype:trojan-activity;sid:83784310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917510)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.23.169.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917510/; classtype:trojan-activity;sid:83780610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916093)"; flow:established,from_client; content:"GET"; http_method; content:"/mpmgsvc.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.108.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916093/; classtype:trojan-activity;sid:83779193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.246.106.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914041/; classtype:trojan-activity;sid:83777141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912423)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssl.ftp21.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912423/; classtype:trojan-activity;sid:83775523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911222)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.3.78.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911222/; classtype:trojan-activity;sid:83774322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911218)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"230.sub-166-166-188.myvzw.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911218/; classtype:trojan-activity;sid:83774318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911215)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911215/; classtype:trojan-activity;sid:83774315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911213)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.166.188.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911213/; classtype:trojan-activity;sid:83774313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911212)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911212/; classtype:trojan-activity;sid:83774312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911211)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.250.120.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911211/; classtype:trojan-activity;sid:83774311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911208)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.60.25.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911208/; classtype:trojan-activity;sid:83774308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911206)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.122.210.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911206/; classtype:trojan-activity;sid:83774306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911204)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5-157-110-232.dyn.eolo.it"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911204/; classtype:trojan-activity;sid:83774304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911196)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78-20-115-5.access.telenet.be"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911196/; classtype:trojan-activity;sid:83774296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911190)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.20.115.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911190/; classtype:trojan-activity;sid:83774290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911191/; classtype:trojan-activity;sid:83774291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911182)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.143.54.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911182/; classtype:trojan-activity;sid:83774282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911179)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.29.46.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911179/; classtype:trojan-activity;sid:83774279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911167)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.115.102.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911167/; classtype:trojan-activity;sid:83774267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911166)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.22.139.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911166/; classtype:trojan-activity;sid:83774266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.255.114.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911157)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.157.110.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911157/; classtype:trojan-activity;sid:83774257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911160)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911160/; classtype:trojan-activity;sid:83774260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911150)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.215.253.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911150/; classtype:trojan-activity;sid:83774250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911148)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.214.192.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911148/; classtype:trojan-activity;sid:83774248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911141)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.147.147.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911141/; classtype:trojan-activity;sid:83774241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911140)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.31.159.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911140/; classtype:trojan-activity;sid:83774240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911136)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23-122-210-174.lightspeed.cicril.sbcglobal.net"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911136/; classtype:trojan-activity;sid:83774236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911131)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.253.12.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911131/; classtype:trojan-activity;sid:83774231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911129/; classtype:trojan-activity;sid:83774229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911126)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.186.91.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911126/; classtype:trojan-activity;sid:83774226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911122)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911122/; classtype:trojan-activity;sid:83774222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911123)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.213.59.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911123/; classtype:trojan-activity;sid:83774223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911119)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83-87-76-41.cable.dynamic.v4.ziggo.nl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911119/; classtype:trojan-activity;sid:83774219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911118)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911118/; classtype:trojan-activity;sid:83774218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"softbank126023203236.bbtec.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911109)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"epei77.direct.quickconnect.to"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911109/; classtype:trojan-activity;sid:83774209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-195-103-203-106.business.telecomitalia.it"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-95-255-114-11.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911011)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"100.16.168.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911011/; classtype:trojan-activity;sid:83774111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910756/; classtype:trojan-activity;sid:83773856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910687)"; flow:established,from_client; content:"GET"; http_method; content:"/config/qnvqkfym.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"b46.oss-cn-hongkong.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910687/; classtype:trojan-activity;sid:83773787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910224)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"shell.dimitrimedia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910224/; classtype:trojan-activity;sid:83773324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910223)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172-105-66-118.ip.linodeusercontent.com"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910223/; classtype:trojan-activity;sid:83773323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909370)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.149.71.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909370/; classtype:trojan-activity;sid:83772470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909310)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.118.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909310/; classtype:trojan-activity;sid:83772410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909291)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.184.185.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909291/; classtype:trojan-activity;sid:83772391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.107.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908910)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908910/; classtype:trojan-activity;sid:83772010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908913)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.72.167.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908913/; classtype:trojan-activity;sid:83772013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908909)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"12.196.184.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908909/; classtype:trojan-activity;sid:83772009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908899)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908899/; classtype:trojan-activity;sid:83771999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908900)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.108.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908900/; classtype:trojan-activity;sid:83772000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908901)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908901/; classtype:trojan-activity;sid:83772001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908902)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.39.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908902/; classtype:trojan-activity;sid:83772002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908903)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.142.209.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908903/; classtype:trojan-activity;sid:83772003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908906)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.40.16.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908906/; classtype:trojan-activity;sid:83772006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908891)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.123.251.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908891/; classtype:trojan-activity;sid:83771991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908894)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908894/; classtype:trojan-activity;sid:83771994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908888)"; flow:established,from_client; content:"GET"; http_method; content:"/deccastationers.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908888/; classtype:trojan-activity;sid:83771988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908887)"; flow:established,from_client; content:"GET"; http_method; content:"/deccastationers.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908887/; classtype:trojan-activity;sid:83771987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908012)"; flow:established,from_client; content:"GET"; http_method; content:"/8/items/new_image_20240619_1432/new_image.jpg"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"ia800400.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908012/; classtype:trojan-activity;sid:83771112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2907615)"; flow:established,from_client; content:"GET"; http_method; content:"/17/items/new_image_20240625_2128/new_image.jpg"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ia803402.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2907615/; classtype:trojan-activity;sid:83770715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906475)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906475/; classtype:trojan-activity;sid:83769575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906195)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906195/; classtype:trojan-activity;sid:83769295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905256)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905256/; classtype:trojan-activity;sid:83768356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905208)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905208/; classtype:trojan-activity;sid:83768308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905209)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.175.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905209/; classtype:trojan-activity;sid:83768309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905204)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905204/; classtype:trojan-activity;sid:83768304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905199)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.206.151.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905199/; classtype:trojan-activity;sid:83768299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905154)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905154/; classtype:trojan-activity;sid:83768254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905150)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905150/; classtype:trojan-activity;sid:83768250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905145)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905145/; classtype:trojan-activity;sid:83768245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905133)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.32.29.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905133/; classtype:trojan-activity;sid:83768233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905125)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905125/; classtype:trojan-activity;sid:83768225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905115)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905115/; classtype:trojan-activity;sid:83768215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901924)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.118.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_23; reference:url, urlhaus.abuse.ch/url/2901924/; classtype:trojan-activity;sid:83765024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; content:"GET"; http_method; content:"/zwzonepieces/posapsi/master/chatlife.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900550/; classtype:trojan-activity;sid:83763650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.154.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900548/; classtype:trojan-activity;sid:83763648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899910)"; flow:established,from_client; content:"GET"; http_method; content:"/16/items/new_image_202406/new_image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ia803405.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2899910/; classtype:trojan-activity;sid:83763010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898814)"; flow:established,from_client; content:"GET"; http_method; content:"/fury-os/fury_kms/releases/download/v.1.6.0/furykms_v.1.6.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898814/; classtype:trojan-activity;sid:83761914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897332/; classtype:trojan-activity;sid:83760432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896954)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896954/; classtype:trojan-activity;sid:83760054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896955)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896955/; classtype:trojan-activity;sid:83760055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896956)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896956/; classtype:trojan-activity;sid:83760056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896950)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896950/; classtype:trojan-activity;sid:83760050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896951)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896951/; classtype:trojan-activity;sid:83760051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896948)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896948/; classtype:trojan-activity;sid:83760048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; content:"GET"; http_method; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2892223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2892223/; classtype:trojan-activity;sid:83755323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891705)"; flow:established,from_client; content:"GET"; http_method; content:"/backup/clientcaller.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891705/; classtype:trojan-activity;sid:83754805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891703)"; flow:established,from_client; content:"GET"; http_method; content:"/clientcaller.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"183.57.21.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891703/; classtype:trojan-activity;sid:83754803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888479)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.215.245.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888479/; classtype:trojan-activity;sid:83751579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888476)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"59.175.183.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888476/; classtype:trojan-activity;sid:83751576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888474)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888474/; classtype:trojan-activity;sid:83751574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888469)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.244.110.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888469/; classtype:trojan-activity;sid:83751569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888463)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.178.133.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888463/; classtype:trojan-activity;sid:83751563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888460)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888460/; classtype:trojan-activity;sid:83751560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888459)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"112.27.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888459/; classtype:trojan-activity;sid:83751559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888458)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888458/; classtype:trojan-activity;sid:83751558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888456/; classtype:trojan-activity;sid:83751556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888447)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"115.28.26.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888447/; classtype:trojan-activity;sid:83751547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888445)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888445/; classtype:trojan-activity;sid:83751545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.67.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888443)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.182.69.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888443/; classtype:trojan-activity;sid:83751543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888440)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888440/; classtype:trojan-activity;sid:83751540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888438)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888438/; classtype:trojan-activity;sid:83751538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888430)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.157.17.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888430/; classtype:trojan-activity;sid:83751530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2886550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.109.148.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2886550/; classtype:trojan-activity;sid:83749650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; content:"GET"; http_method; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885017)"; flow:established,from_client; content:"GET"; http_method; content:"/smug246/luna-grabber-injection/main/injection-obfuscated.js"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_12; reference:url, urlhaus.abuse.ch/url/2885017/; classtype:trojan-activity;sid:83748117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883947/; classtype:trojan-activity;sid:83747047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; content:"GET"; http_method; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2882153)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.105.66.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2882153/; classtype:trojan-activity;sid:83745253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879955)"; flow:established,from_client; content:"GET"; http_method; content:"/unp%20setup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.138.125.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879955/; classtype:trojan-activity;sid:83743055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879886)"; flow:established,from_client; content:"GET"; http_method; content:"/pwnkit"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.71.224.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879886/; classtype:trojan-activity;sid:83742986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879846)"; flow:established,from_client; content:"GET"; http_method; content:"/cve/cve-2021-4034"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879846/; classtype:trojan-activity;sid:83742946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879845)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/test.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879845/; classtype:trojan-activity;sid:83742945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879683)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.101.160.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879683/; classtype:trojan-activity;sid:83742783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879655)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879655/; classtype:trojan-activity;sid:83742755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879531)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.149.81.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879531/; classtype:trojan-activity;sid:83742631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877962)"; flow:established,from_client; content:"GET"; http_method; content:"/images/8fc809.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jtpdev.co.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877962/; classtype:trojan-activity;sid:83741062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877425)"; flow:established,from_client; content:"GET"; http_method; content:"/images/8fc809.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jtpdev.co.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877425/; classtype:trojan-activity;sid:83740525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877319)"; flow:established,from_client; content:"GET"; http_method; content:"/slade107.psm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877319/; classtype:trojan-activity;sid:83740419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875723)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/dllxf3.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875723/; classtype:trojan-activity;sid:83738823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875722)"; flow:established,from_client; content:"GET"; http_method; content:"/tak/reg/marz/zqwer/pef3dir.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.202.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875722/; classtype:trojan-activity;sid:83738822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874516)"; flow:established,from_client; content:"GET"; http_method; content:"/o.elf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"reusable-flex.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874516/; classtype:trojan-activity;sid:83737616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874102)"; flow:established,from_client; content:"GET"; http_method; content:"/walesboller.pcx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874102/; classtype:trojan-activity;sid:83737202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2873811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2873811/; classtype:trojan-activity;sid:83736911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2871410)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12gxtnsqsjokneqetkvk1a99fni-es6ir"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_01; reference:url, urlhaus.abuse.ch/url/2871410/; classtype:trojan-activity;sid:83734510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870229)"; flow:established,from_client; content:"GET"; http_method; content:"/download/40/4a6ca328-7888-3279-b672-d1d9d0a46ee2/gta_v.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"softcatalog.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870229/; classtype:trojan-activity;sid:83733329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870174)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.7.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870174/; classtype:trojan-activity;sid:83733274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; content:"GET"; http_method; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869436)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/rssh"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2869436/; classtype:trojan-activity;sid:83732536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868847)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/dahmfv126.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868847/; classtype:trojan-activity;sid:83731947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; content:"GET"; http_method; content:"/a.i_1003h.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"221.143.49.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868722)"; flow:established,from_client; content:"GET"; http_method; content:"/batch.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868722/; classtype:trojan-activity;sid:83731822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868720)"; flow:established,from_client; content:"GET"; http_method; content:"/coreminer-linux-x86_64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868720/; classtype:trojan-activity;sid:83731820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868719)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellfordopaddcrontab.psl"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868719/; classtype:trojan-activity;sid:83731819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868710)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellfordop.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868710/; classtype:trojan-activity;sid:83731810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868714)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellxlies.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868714/; classtype:trojan-activity;sid:83731814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865442)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws_upload.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865442/; classtype:trojan-activity;sid:83728542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865272)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthbq.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865272/; classtype:trojan-activity;sid:83728372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865273)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupload.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865273/; classtype:trojan-activity;sid:83728373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865241)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupdate.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865241/; classtype:trojan-activity;sid:83728341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864267)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864267/; classtype:trojan-activity;sid:83727367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864266)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864266/; classtype:trojan-activity;sid:83727366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864259)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864259/; classtype:trojan-activity;sid:83727359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864261)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864261/; classtype:trojan-activity;sid:83727361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864256)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.120.175.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864256/; classtype:trojan-activity;sid:83727356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864245)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864245/; classtype:trojan-activity;sid:83727345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864247)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864247/; classtype:trojan-activity;sid:83727347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864249)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864249/; classtype:trojan-activity;sid:83727349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864252)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864252/; classtype:trojan-activity;sid:83727352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864253)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.191.190.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864253/; classtype:trojan-activity;sid:83727353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864254)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864254/; classtype:trojan-activity;sid:83727354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864255)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864255/; classtype:trojan-activity;sid:83727355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864244/; classtype:trojan-activity;sid:83727344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863534)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863534/; classtype:trojan-activity;sid:83726634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863372)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"221.10.233.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863372/; classtype:trojan-activity;sid:83726472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863373)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863373/; classtype:trojan-activity;sid:83726473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863371)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863371/; classtype:trojan-activity;sid:83726471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863363)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863363/; classtype:trojan-activity;sid:83726463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863366)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863366/; classtype:trojan-activity;sid:83726466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863359)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863359/; classtype:trojan-activity;sid:83726459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863360)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863360/; classtype:trojan-activity;sid:83726460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863362)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863362/; classtype:trojan-activity;sid:83726462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863358)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863358/; classtype:trojan-activity;sid:83726458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863354)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863354/; classtype:trojan-activity;sid:83726454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863355)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863355/; classtype:trojan-activity;sid:83726455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863342)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863342/; classtype:trojan-activity;sid:83726442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863343)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.191.190.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863343/; classtype:trojan-activity;sid:83726443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863345)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863345/; classtype:trojan-activity;sid:83726445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863346)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.19.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863346/; classtype:trojan-activity;sid:83726446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863323/; classtype:trojan-activity;sid:83726423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863326)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863326/; classtype:trojan-activity;sid:83726426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863328/; classtype:trojan-activity;sid:83726428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863331)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863331/; classtype:trojan-activity;sid:83726431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863332)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863332/; classtype:trojan-activity;sid:83726432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.77.57.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863333/; classtype:trojan-activity;sid:83726433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.49.168.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863335)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863335/; classtype:trojan-activity;sid:83726435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863339)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863339/; classtype:trojan-activity;sid:83726439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863340)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863340/; classtype:trojan-activity;sid:83726440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863321)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863321/; classtype:trojan-activity;sid:83726421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863322)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863322/; classtype:trojan-activity;sid:83726422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862297)"; flow:established,from_client; content:"GET"; http_method; content:"/wxijgyp.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862297/; classtype:trojan-activity;sid:83725397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862107)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"125.168.166.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862107/; classtype:trojan-activity;sid:83725207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862022/; classtype:trojan-activity;sid:83725122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862018)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862018/; classtype:trojan-activity;sid:83725118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862005)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.202.0.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862005/; classtype:trojan-activity;sid:83725105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862010/; classtype:trojan-activity;sid:83725110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862011/; classtype:trojan-activity;sid:83725111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862013)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862013/; classtype:trojan-activity;sid:83725113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862014/; classtype:trojan-activity;sid:83725114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861994)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861994/; classtype:trojan-activity;sid:83725094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861996)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.127.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861996/; classtype:trojan-activity;sid:83725096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861998)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861998/; classtype:trojan-activity;sid:83725098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861999)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861999/; classtype:trojan-activity;sid:83725099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861992)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861992/; classtype:trojan-activity;sid:83725092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861989)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861989/; classtype:trojan-activity;sid:83725089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861987)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861987/; classtype:trojan-activity;sid:83725087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861978)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861978/; classtype:trojan-activity;sid:83725078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861980)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861980/; classtype:trojan-activity;sid:83725080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861962)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861962/; classtype:trojan-activity;sid:83725062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861967)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861967/; classtype:trojan-activity;sid:83725067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861968)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861968/; classtype:trojan-activity;sid:83725068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861969)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861969/; classtype:trojan-activity;sid:83725069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861971)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861971/; classtype:trojan-activity;sid:83725071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861972)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861972/; classtype:trojan-activity;sid:83725072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861974)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861974/; classtype:trojan-activity;sid:83725074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861953)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861953/; classtype:trojan-activity;sid:83725053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861956/; classtype:trojan-activity;sid:83725056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861959)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861959/; classtype:trojan-activity;sid:83725059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861951)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861951/; classtype:trojan-activity;sid:83725051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861950)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861950/; classtype:trojan-activity;sid:83725050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861946)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861946/; classtype:trojan-activity;sid:83725046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861948)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861948/; classtype:trojan-activity;sid:83725048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861949)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861949/; classtype:trojan-activity;sid:83725049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861918)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861918/; classtype:trojan-activity;sid:83725018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861922)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.196.96.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861922/; classtype:trojan-activity;sid:83725022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861927)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861927/; classtype:trojan-activity;sid:83725027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861929)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861929/; classtype:trojan-activity;sid:83725029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861930)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861930/; classtype:trojan-activity;sid:83725030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861931)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861931/; classtype:trojan-activity;sid:83725031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861932)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861932/; classtype:trojan-activity;sid:83725032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861935/; classtype:trojan-activity;sid:83725035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861941)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861941/; classtype:trojan-activity;sid:83725041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861943)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861943/; classtype:trojan-activity;sid:83725043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861914)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861914/; classtype:trojan-activity;sid:83725014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861915)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.112.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861915/; classtype:trojan-activity;sid:83725015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861910)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861910/; classtype:trojan-activity;sid:83725010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861856)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861856/; classtype:trojan-activity;sid:83724956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861841)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861841/; classtype:trojan-activity;sid:83724941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861842)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861842/; classtype:trojan-activity;sid:83724942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861844)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861844/; classtype:trojan-activity;sid:83724944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861846)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"96.76.18.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861846/; classtype:trojan-activity;sid:83724946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861848)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.112.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861848/; classtype:trojan-activity;sid:83724948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861852)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861852/; classtype:trojan-activity;sid:83724952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861854)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861854/; classtype:trojan-activity;sid:83724954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861836)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861836/; classtype:trojan-activity;sid:83724936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861839)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861839/; classtype:trojan-activity;sid:83724939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861830)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"193.160.86.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861830/; classtype:trojan-activity;sid:83724930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861824)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861824/; classtype:trojan-activity;sid:83724924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861820)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861820/; classtype:trojan-activity;sid:83724920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861821)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.214.27.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861821/; classtype:trojan-activity;sid:83724921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861817)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"124.19.79.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861817/; classtype:trojan-activity;sid:83724917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861818)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861818/; classtype:trojan-activity;sid:83724918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861814)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861814/; classtype:trojan-activity;sid:83724914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861815)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861815/; classtype:trojan-activity;sid:83724915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861809)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"109.69.8.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861809/; classtype:trojan-activity;sid:83724909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861810)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861810/; classtype:trojan-activity;sid:83724910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861812)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861812/; classtype:trojan-activity;sid:83724912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861801)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861801/; classtype:trojan-activity;sid:83724901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861799)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861799/; classtype:trojan-activity;sid:83724899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861798)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861798/; classtype:trojan-activity;sid:83724898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861796)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861796/; classtype:trojan-activity;sid:83724896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861790)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861790/; classtype:trojan-activity;sid:83724890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861788)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861788/; classtype:trojan-activity;sid:83724888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861787)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.113.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861787/; classtype:trojan-activity;sid:83724887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861785)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861785/; classtype:trojan-activity;sid:83724885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861786)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861786/; classtype:trojan-activity;sid:83724886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861781)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861781/; classtype:trojan-activity;sid:83724881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861776)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861776/; classtype:trojan-activity;sid:83724876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861777)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861777/; classtype:trojan-activity;sid:83724877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861778)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861778/; classtype:trojan-activity;sid:83724878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861769)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861769/; classtype:trojan-activity;sid:83724869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861774)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.112.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861774/; classtype:trojan-activity;sid:83724874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861761)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861761/; classtype:trojan-activity;sid:83724861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861763)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861763/; classtype:trojan-activity;sid:83724863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861754)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861754/; classtype:trojan-activity;sid:83724854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861752)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.127.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861752/; classtype:trojan-activity;sid:83724852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861749)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861749/; classtype:trojan-activity;sid:83724849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861745)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861745/; classtype:trojan-activity;sid:83724845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861744)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861744/; classtype:trojan-activity;sid:83724844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861737)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861737/; classtype:trojan-activity;sid:83724837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861730)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.200.171.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861730/; classtype:trojan-activity;sid:83724830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861733)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861733/; classtype:trojan-activity;sid:83724833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861734)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861734/; classtype:trojan-activity;sid:83724834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861722)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861722/; classtype:trojan-activity;sid:83724822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861723)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861723/; classtype:trojan-activity;sid:83724823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861725)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861725/; classtype:trojan-activity;sid:83724825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861726)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861726/; classtype:trojan-activity;sid:83724826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861717)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861717/; classtype:trojan-activity;sid:83724817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861715)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861715/; classtype:trojan-activity;sid:83724815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861716)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861716/; classtype:trojan-activity;sid:83724816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861714)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861714/; classtype:trojan-activity;sid:83724814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861708)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861708/; classtype:trojan-activity;sid:83724808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861694)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"41.71.51.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861694/; classtype:trojan-activity;sid:83724794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861695)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861695/; classtype:trojan-activity;sid:83724795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861697)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"222.252.15.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861697/; classtype:trojan-activity;sid:83724797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861700)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861700/; classtype:trojan-activity;sid:83724800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861682)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861682/; classtype:trojan-activity;sid:83724782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861683)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"117.202.0.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861683/; classtype:trojan-activity;sid:83724783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861685)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861685/; classtype:trojan-activity;sid:83724785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861686)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861686/; classtype:trojan-activity;sid:83724786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861687)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"124.19.77.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861687/; classtype:trojan-activity;sid:83724787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861688)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861688/; classtype:trojan-activity;sid:83724788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861689)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861689/; classtype:trojan-activity;sid:83724789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861690)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861690/; classtype:trojan-activity;sid:83724790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861676)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861676/; classtype:trojan-activity;sid:83724776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861677)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861677/; classtype:trojan-activity;sid:83724777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861678)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"96.76.18.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861678/; classtype:trojan-activity;sid:83724778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861672)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"36.95.166.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861672/; classtype:trojan-activity;sid:83724772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861670)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861670/; classtype:trojan-activity;sid:83724770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861668)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.127.104.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861668/; classtype:trojan-activity;sid:83724768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861666)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861666/; classtype:trojan-activity;sid:83724766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861664)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861664/; classtype:trojan-activity;sid:83724764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861652)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861652/; classtype:trojan-activity;sid:83724752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861655)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"36.67.155.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861655/; classtype:trojan-activity;sid:83724755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861657)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861657/; classtype:trojan-activity;sid:83724757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861660)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861660/; classtype:trojan-activity;sid:83724760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861661)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861661/; classtype:trojan-activity;sid:83724761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861643)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861643/; classtype:trojan-activity;sid:83724743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861646)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861646/; classtype:trojan-activity;sid:83724746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861639)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861639/; classtype:trojan-activity;sid:83724739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861640)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861640/; classtype:trojan-activity;sid:83724740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861641)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861641/; classtype:trojan-activity;sid:83724741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861632)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.122.141.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861632/; classtype:trojan-activity;sid:83724732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861633)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861633/; classtype:trojan-activity;sid:83724733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861637)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861637/; classtype:trojan-activity;sid:83724737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861629)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861629/; classtype:trojan-activity;sid:83724729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861627)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"86.121.113.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861627/; classtype:trojan-activity;sid:83724727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861628)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861628/; classtype:trojan-activity;sid:83724728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861626)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861626/; classtype:trojan-activity;sid:83724726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861613)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861613/; classtype:trojan-activity;sid:83724713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861614)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861614/; classtype:trojan-activity;sid:83724714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861615)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861615/; classtype:trojan-activity;sid:83724715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861619)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861619/; classtype:trojan-activity;sid:83724719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861620)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861620/; classtype:trojan-activity;sid:83724720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861622)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861622/; classtype:trojan-activity;sid:83724722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861624)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861624/; classtype:trojan-activity;sid:83724724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861597)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861597/; classtype:trojan-activity;sid:83724697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861598)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861598/; classtype:trojan-activity;sid:83724698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861600)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861600/; classtype:trojan-activity;sid:83724700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861601)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861601/; classtype:trojan-activity;sid:83724701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861602)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861602/; classtype:trojan-activity;sid:83724702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861606)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861606/; classtype:trojan-activity;sid:83724706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861609)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861609/; classtype:trojan-activity;sid:83724709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861594)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861594/; classtype:trojan-activity;sid:83724694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861589)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"109.69.8.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861589/; classtype:trojan-activity;sid:83724689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861588)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.63.154.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861588/; classtype:trojan-activity;sid:83724688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861586)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861586/; classtype:trojan-activity;sid:83724686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861567)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861567/; classtype:trojan-activity;sid:83724667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861570)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861570/; classtype:trojan-activity;sid:83724670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861577)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861577/; classtype:trojan-activity;sid:83724677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861579)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861579/; classtype:trojan-activity;sid:83724679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861580)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"59.154.252.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861580/; classtype:trojan-activity;sid:83724680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861556)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861556/; classtype:trojan-activity;sid:83724656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861562)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861562/; classtype:trojan-activity;sid:83724662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861563)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861563/; classtype:trojan-activity;sid:83724663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861564)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"172.115.81.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861564/; classtype:trojan-activity;sid:83724664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861551)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.76.12.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861551/; classtype:trojan-activity;sid:83724651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861554)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861554/; classtype:trojan-activity;sid:83724654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861548)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.196.96.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861548/; classtype:trojan-activity;sid:83724648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861543/; classtype:trojan-activity;sid:83724643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861538)"; flow:established,from_client; content:"GET"; http_method; content:"/tsaplqyj.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861538/; classtype:trojan-activity;sid:83724638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2860721)"; flow:established,from_client; content:"GET"; http_method; content:"/srbijasetuphokej.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_23; reference:url, urlhaus.abuse.ch/url/2860721/; classtype:trojan-activity;sid:83723821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859508/; classtype:trojan-activity;sid:83722608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858898)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858898/; classtype:trojan-activity;sid:83721998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857904)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857904/; classtype:trojan-activity;sid:83721004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.21.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857893/; classtype:trojan-activity;sid:83720993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857888)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857888/; classtype:trojan-activity;sid:83720988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857884/; classtype:trojan-activity;sid:83720984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857881)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857881/; classtype:trojan-activity;sid:83720981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857874/; classtype:trojan-activity;sid:83720974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.122.141.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857878/; classtype:trojan-activity;sid:83720978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857871)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857871/; classtype:trojan-activity;sid:83720971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857872)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.196.121.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857872/; classtype:trojan-activity;sid:83720972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857868/; classtype:trojan-activity;sid:83720968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857870)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857870/; classtype:trojan-activity;sid:83720970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857865)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.122.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857865/; classtype:trojan-activity;sid:83720965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857866)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857866/; classtype:trojan-activity;sid:83720966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857861/; classtype:trojan-activity;sid:83720961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857859)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857859/; classtype:trojan-activity;sid:83720959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857854)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.154.67.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857854/; classtype:trojan-activity;sid:83720954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857850)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857850/; classtype:trojan-activity;sid:83720950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857848)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857848/; classtype:trojan-activity;sid:83720948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857849/; classtype:trojan-activity;sid:83720949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.2.229.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857846)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857846/; classtype:trojan-activity;sid:83720946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.62.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857834/; classtype:trojan-activity;sid:83720934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857835)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857835/; classtype:trojan-activity;sid:83720935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857836)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.95.166.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857836/; classtype:trojan-activity;sid:83720936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857833)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.67.155.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857833/; classtype:trojan-activity;sid:83720933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857831)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"98.180.230.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857831/; classtype:trojan-activity;sid:83720931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857829)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.69.8.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857829/; classtype:trojan-activity;sid:83720929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857822)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857822/; classtype:trojan-activity;sid:83720922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857819)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.71.51.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857819/; classtype:trojan-activity;sid:83720919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857820)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857820/; classtype:trojan-activity;sid:83720920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857821)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857821/; classtype:trojan-activity;sid:83720921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857813)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857813/; classtype:trojan-activity;sid:83720913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857809)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857809/; classtype:trojan-activity;sid:83720909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857810)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.79.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857810/; classtype:trojan-activity;sid:83720910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857806)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857806/; classtype:trojan-activity;sid:83720906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857807)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857807/; classtype:trojan-activity;sid:83720907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857804)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857804/; classtype:trojan-activity;sid:83720904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857802/; classtype:trojan-activity;sid:83720902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857795)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857795/; classtype:trojan-activity;sid:83720895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857797)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857797/; classtype:trojan-activity;sid:83720897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857785/; classtype:trojan-activity;sid:83720885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857780/; classtype:trojan-activity;sid:83720880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857778/; classtype:trojan-activity;sid:83720878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857776)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.202.20.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857776/; classtype:trojan-activity;sid:83720876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857770)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857770/; classtype:trojan-activity;sid:83720870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857771)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857771/; classtype:trojan-activity;sid:83720871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857772)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857772/; classtype:trojan-activity;sid:83720872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857773)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857773/; classtype:trojan-activity;sid:83720873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857768)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.15.181.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857768/; classtype:trojan-activity;sid:83720868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857763/; classtype:trojan-activity;sid:83720863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857762/; classtype:trojan-activity;sid:83720862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857758)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857758/; classtype:trojan-activity;sid:83720858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857752)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857752/; classtype:trojan-activity;sid:83720852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857753/; classtype:trojan-activity;sid:83720853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857754/; classtype:trojan-activity;sid:83720854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857755)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857755/; classtype:trojan-activity;sid:83720855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"125.168.166.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857750/; classtype:trojan-activity;sid:83720850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857749/; classtype:trojan-activity;sid:83720849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857746)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857746/; classtype:trojan-activity;sid:83720846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857736)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.122.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857736/; classtype:trojan-activity;sid:83720836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857731)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857731/; classtype:trojan-activity;sid:83720831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857729)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.69.8.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857729/; classtype:trojan-activity;sid:83720829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857724)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857724/; classtype:trojan-activity;sid:83720824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857722)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857722/; classtype:trojan-activity;sid:83720822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857721)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.171.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857721/; classtype:trojan-activity;sid:83720821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857717/; classtype:trojan-activity;sid:83720817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857719/; classtype:trojan-activity;sid:83720819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857710)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.185.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857710/; classtype:trojan-activity;sid:83720810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857712)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857712/; classtype:trojan-activity;sid:83720812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857708)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857708/; classtype:trojan-activity;sid:83720808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857706)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857706/; classtype:trojan-activity;sid:83720806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857704/; classtype:trojan-activity;sid:83720804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857699)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857699/; classtype:trojan-activity;sid:83720799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.241.90.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857696/; classtype:trojan-activity;sid:83720796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857692/; classtype:trojan-activity;sid:83720792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857693)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857693/; classtype:trojan-activity;sid:83720793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857689/; classtype:trojan-activity;sid:83720789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857687/; classtype:trojan-activity;sid:83720787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857679)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.123.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857679/; classtype:trojan-activity;sid:83720779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857674/; classtype:trojan-activity;sid:83720774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857676)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857676/; classtype:trojan-activity;sid:83720776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857678)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857678/; classtype:trojan-activity;sid:83720778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857670)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857670/; classtype:trojan-activity;sid:83720770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857671/; classtype:trojan-activity;sid:83720771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857672/; classtype:trojan-activity;sid:83720772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857669/; classtype:trojan-activity;sid:83720769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857662)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857662/; classtype:trojan-activity;sid:83720762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857657/; classtype:trojan-activity;sid:83720757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857653)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857653/; classtype:trojan-activity;sid:83720753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857654/; classtype:trojan-activity;sid:83720754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857655)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857655/; classtype:trojan-activity;sid:83720755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857651/; classtype:trojan-activity;sid:83720751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857652)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857652/; classtype:trojan-activity;sid:83720752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857645/; classtype:trojan-activity;sid:83720745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857642/; classtype:trojan-activity;sid:83720742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857633)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857633/; classtype:trojan-activity;sid:83720733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857634)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857634/; classtype:trojan-activity;sid:83720734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857635)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857635/; classtype:trojan-activity;sid:83720735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857640)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857640/; classtype:trojan-activity;sid:83720740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857628)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857628/; classtype:trojan-activity;sid:83720728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857630)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857630/; classtype:trojan-activity;sid:83720730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857624/; classtype:trojan-activity;sid:83720724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857620/; classtype:trojan-activity;sid:83720720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857621/; classtype:trojan-activity;sid:83720721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857616)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857616/; classtype:trojan-activity;sid:83720716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857613)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857613/; classtype:trojan-activity;sid:83720713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857614)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.252.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857614/; classtype:trojan-activity;sid:83720714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857610)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857610/; classtype:trojan-activity;sid:83720710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857603)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"96.76.18.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857603/; classtype:trojan-activity;sid:83720703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857606)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.214.27.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857606/; classtype:trojan-activity;sid:83720706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857607)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857607/; classtype:trojan-activity;sid:83720707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857600)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857600/; classtype:trojan-activity;sid:83720700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857602/; classtype:trojan-activity;sid:83720702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857590)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857590/; classtype:trojan-activity;sid:83720690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857585)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857585/; classtype:trojan-activity;sid:83720685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857586/; classtype:trojan-activity;sid:83720686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857587)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857587/; classtype:trojan-activity;sid:83720687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857583)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857583/; classtype:trojan-activity;sid:83720683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857579)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.86.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857579/; classtype:trojan-activity;sid:83720679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857578)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857578/; classtype:trojan-activity;sid:83720678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857576)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857576/; classtype:trojan-activity;sid:83720676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857574)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857574/; classtype:trojan-activity;sid:83720674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857568)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857568/; classtype:trojan-activity;sid:83720668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857570)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857570/; classtype:trojan-activity;sid:83720670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857563)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857563/; classtype:trojan-activity;sid:83720663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.251.62.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857564/; classtype:trojan-activity;sid:83720664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857566)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857566/; classtype:trojan-activity;sid:83720666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857561)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857561/; classtype:trojan-activity;sid:83720661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857553)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857553/; classtype:trojan-activity;sid:83720653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857556)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.21.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857556/; classtype:trojan-activity;sid:83720656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857550)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857550/; classtype:trojan-activity;sid:83720650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857551)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857551/; classtype:trojan-activity;sid:83720651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857545)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857545/; classtype:trojan-activity;sid:83720645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857542)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857542/; classtype:trojan-activity;sid:83720642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857543/; classtype:trojan-activity;sid:83720643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857541)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857541/; classtype:trojan-activity;sid:83720641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857539)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857539/; classtype:trojan-activity;sid:83720639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857535)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857535/; classtype:trojan-activity;sid:83720635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857530)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857530/; classtype:trojan-activity;sid:83720630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857526)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857526/; classtype:trojan-activity;sid:83720626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857521)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.129.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857521/; classtype:trojan-activity;sid:83720621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857522)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857522/; classtype:trojan-activity;sid:83720622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857517)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.21.148.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857517/; classtype:trojan-activity;sid:83720617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857513)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857513/; classtype:trojan-activity;sid:83720613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857510)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857510/; classtype:trojan-activity;sid:83720610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857509)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857509/; classtype:trojan-activity;sid:83720609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857506)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"172.115.81.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857506/; classtype:trojan-activity;sid:83720606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857507)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857507/; classtype:trojan-activity;sid:83720607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.77.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857508/; classtype:trojan-activity;sid:83720608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857501)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857501/; classtype:trojan-activity;sid:83720601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857498/; classtype:trojan-activity;sid:83720598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857500)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857500/; classtype:trojan-activity;sid:83720600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.63.154.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857492/; classtype:trojan-activity;sid:83720592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857493/; classtype:trojan-activity;sid:83720593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857485)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.196.121.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857485/; classtype:trojan-activity;sid:83720585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857486/; classtype:trojan-activity;sid:83720586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857475)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857475/; classtype:trojan-activity;sid:83720575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857472)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857472/; classtype:trojan-activity;sid:83720572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857468)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.222.113.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857468/; classtype:trojan-activity;sid:83720568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857464)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857464/; classtype:trojan-activity;sid:83720564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857465/; classtype:trojan-activity;sid:83720565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857462)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"222.252.15.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857462/; classtype:trojan-activity;sid:83720562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857463)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857463/; classtype:trojan-activity;sid:83720563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857444)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857444/; classtype:trojan-activity;sid:83720544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857447)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857447/; classtype:trojan-activity;sid:83720547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857448)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857448/; classtype:trojan-activity;sid:83720548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857454/; classtype:trojan-activity;sid:83720554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857455)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857455/; classtype:trojan-activity;sid:83720555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857457)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857457/; classtype:trojan-activity;sid:83720557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857458)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.185.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857458/; classtype:trojan-activity;sid:83720558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857459)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.65.37.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857459/; classtype:trojan-activity;sid:83720559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.238.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857437/; classtype:trojan-activity;sid:83720537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857438)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857438/; classtype:trojan-activity;sid:83720538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857439)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857439/; classtype:trojan-activity;sid:83720539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857440)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"96.76.18.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857440/; classtype:trojan-activity;sid:83720540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857434)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857434/; classtype:trojan-activity;sid:83720534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857169)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857169/; classtype:trojan-activity;sid:83720269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854636)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-6.18.0-linux-x64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"46.231.32.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854636/; classtype:trojan-activity;sid:83717736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854622)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig0.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854622/; classtype:trojan-activity;sid:83717722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854623)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig0.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854623/; classtype:trojan-activity;sid:83717723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854611)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-6.19.3-linux-x64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"31.186.217.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854611/; classtype:trojan-activity;sid:83717711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2853223)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aefieiaehfiaehr.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_17; reference:url, urlhaus.abuse.ch/url/2853223/; classtype:trojan-activity;sid:83716323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2850765)"; flow:established,from_client; content:"GET"; http_method; content:"/x103.log"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zffsg.oss-ap-northeast-2.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_05_15; reference:url, urlhaus.abuse.ch/url/2850765/; classtype:trojan-activity;sid:83713865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2850173)"; flow:established,from_client; content:"GET"; http_method; content:"/990_ota.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"59.59.6.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_14; reference:url, urlhaus.abuse.ch/url/2850173/; classtype:trojan-activity;sid:83713273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845989)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845989/; classtype:trojan-activity;sid:83709089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845988)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845988/; classtype:trojan-activity;sid:83709088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845981)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845981/; classtype:trojan-activity;sid:83709081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845969)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845969/; classtype:trojan-activity;sid:83709069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845952)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845952/; classtype:trojan-activity;sid:83709052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845958)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"52.83.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845958/; classtype:trojan-activity;sid:83709058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845932)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845932/; classtype:trojan-activity;sid:83709032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845931)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845931/; classtype:trojan-activity;sid:83709031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842725/; classtype:trojan-activity;sid:83705825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842724/; classtype:trojan-activity;sid:83705824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842723)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842723/; classtype:trojan-activity;sid:83705823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842720)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.201.7.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842720/; classtype:trojan-activity;sid:83705820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842719)"; flow:established,from_client; content:"GET"; http_method; content:"//.i"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"90.176.171.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842719/; classtype:trojan-activity;sid:83705819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842661)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842661/; classtype:trojan-activity;sid:83705761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842662)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.5.152.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842662/; classtype:trojan-activity;sid:83705762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"162.194.8.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842663/; classtype:trojan-activity;sid:83705763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.35.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842650/; classtype:trojan-activity;sid:83705750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.28.38.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842413/; classtype:trojan-activity;sid:83705513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842401/; classtype:trojan-activity;sid:83705501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.35.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842402/; classtype:trojan-activity;sid:83705502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842081)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.205.81.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842081/; classtype:trojan-activity;sid:83705181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842062)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842062/; classtype:trojan-activity;sid:83705162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842056)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.42.105.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842056/; classtype:trojan-activity;sid:83705156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842053/; classtype:trojan-activity;sid:83705153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842055)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.70.95.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842055/; classtype:trojan-activity;sid:83705155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842036/; classtype:trojan-activity;sid:83705136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842037)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.37.170.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842037/; classtype:trojan-activity;sid:83705137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842029)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842029/; classtype:trojan-activity;sid:83705129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842033)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842033/; classtype:trojan-activity;sid:83705133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.80.77.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842018/; classtype:trojan-activity;sid:83705118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842023)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.39.247.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842023/; classtype:trojan-activity;sid:83705123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842026)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842026/; classtype:trojan-activity;sid:83705126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842010)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842010/; classtype:trojan-activity;sid:83705110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842012)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.255.42.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842012/; classtype:trojan-activity;sid:83705112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842003)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.8.227.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842003/; classtype:trojan-activity;sid:83705103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.43.113.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842004/; classtype:trojan-activity;sid:83705104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842006/; classtype:trojan-activity;sid:83705106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842007/; classtype:trojan-activity;sid:83705107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841995)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841995/; classtype:trojan-activity;sid:83705095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841996)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.27.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841996/; classtype:trojan-activity;sid:83705096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841987)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841987/; classtype:trojan-activity;sid:83705087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841988)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841988/; classtype:trojan-activity;sid:83705088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841978)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.46.255.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841978/; classtype:trojan-activity;sid:83705078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841979)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841979/; classtype:trojan-activity;sid:83705079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841983)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"144.48.170.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841983/; classtype:trojan-activity;sid:83705083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841972)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.36.11.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841972/; classtype:trojan-activity;sid:83705072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841974/; classtype:trojan-activity;sid:83705074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841976/; classtype:trojan-activity;sid:83705076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841962)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841962/; classtype:trojan-activity;sid:83705062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841963)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.101.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841963/; classtype:trojan-activity;sid:83705063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841967)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.53.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841967/; classtype:trojan-activity;sid:83705067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.209.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841949/; classtype:trojan-activity;sid:83705049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841941/; classtype:trojan-activity;sid:83705041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841929/; classtype:trojan-activity;sid:83705029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841931)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.169.136.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841931/; classtype:trojan-activity;sid:83705031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841932/; classtype:trojan-activity;sid:83705032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841926)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.87.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841926/; classtype:trojan-activity;sid:83705026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841917)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.28.38.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841917/; classtype:trojan-activity;sid:83705017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module_windows.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841726/; classtype:trojan-activity;sid:83704826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.37.170.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841721/; classtype:trojan-activity;sid:83704821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.169.136.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841716/; classtype:trojan-activity;sid:83704816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.123.53.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841713/; classtype:trojan-activity;sid:83704813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841714/; classtype:trojan-activity;sid:83704814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841712/; classtype:trojan-activity;sid:83704812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.211.112.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841707/; classtype:trojan-activity;sid:83704807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.46.255.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841697/; classtype:trojan-activity;sid:83704797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841705/; classtype:trojan-activity;sid:83704805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841688/; classtype:trojan-activity;sid:83704788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.43.113.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841695/; classtype:trojan-activity;sid:83704795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841683/; classtype:trojan-activity;sid:83704783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.255.42.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841686/; classtype:trojan-activity;sid:83704786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841679/; classtype:trojan-activity;sid:83704779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.36.11.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841676/; classtype:trojan-activity;sid:83704776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.87.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841673/; classtype:trojan-activity;sid:83704773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841666/; classtype:trojan-activity;sid:83704766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.39.247.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841667/; classtype:trojan-activity;sid:83704767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.80.77.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841656/; classtype:trojan-activity;sid:83704756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841650/; classtype:trojan-activity;sid:83704750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841636/; classtype:trojan-activity;sid:83704736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.79.48.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841639/; classtype:trojan-activity;sid:83704739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841644/; classtype:trojan-activity;sid:83704744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.209.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841625/; classtype:trojan-activity;sid:83704725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841621/; classtype:trojan-activity;sid:83704721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.42.105.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841619/; classtype:trojan-activity;sid:83704719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841613/; classtype:trojan-activity;sid:83704713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841604/; classtype:trojan-activity;sid:83704704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841609/; classtype:trojan-activity;sid:83704709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.70.95.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841598/; classtype:trojan-activity;sid:83704698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841602/; classtype:trojan-activity;sid:83704702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.8.227.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841587/; classtype:trojan-activity;sid:83704687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.170.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841594/; classtype:trojan-activity;sid:83704694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841582/; classtype:trojan-activity;sid:83704682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.27.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841584/; classtype:trojan-activity;sid:83704684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841581/; classtype:trojan-activity;sid:83704681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841576/; classtype:trojan-activity;sid:83704676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841573/; classtype:trojan-activity;sid:83704673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841570/; classtype:trojan-activity;sid:83704670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841312)"; flow:established,from_client; content:"GET"; http_method; content:"/aioc_5.0.0.63_it.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"912648.aioc.qbgxl.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841312/; classtype:trojan-activity;sid:83704412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2839963)"; flow:established,from_client; content:"GET"; http_method; content:"/aioc_5.0.0.63_it.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"139520.aioc.qbgxl.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2839963/; classtype:trojan-activity;sid:83703063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836844)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836844/; classtype:trojan-activity;sid:83699944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836794)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/bots_mips"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836794/; classtype:trojan-activity;sid:83699894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835124)"; flow:established,from_client; content:"GET"; http_method; content:"/static/tiktok/ready.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gawx.florenda.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835124/; classtype:trojan-activity;sid:83698224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835122)"; flow:established,from_client; content:"GET"; http_method; content:"/static/tiktok/ready.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gawx.florenda.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835122/; classtype:trojan-activity;sid:83698222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/main/cock.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833829)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/disbot"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833829/; classtype:trojan-activity;sid:83696929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833648)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm7"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833648/; classtype:trojan-activity;sid:83696748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833649)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm6"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833649/; classtype:trojan-activity;sid:83696749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833650)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/mips"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833650/; classtype:trojan-activity;sid:83696750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833651)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/x86_64"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833651/; classtype:trojan-activity;sid:83696751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833643)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm5"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833643/; classtype:trojan-activity;sid:83696743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833644)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/m68k"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833644/; classtype:trojan-activity;sid:83696744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833645)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/sh4"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833645/; classtype:trojan-activity;sid:83696745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833646)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/mpsl"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833646/; classtype:trojan-activity;sid:83696746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833647)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833647/; classtype:trojan-activity;sid:83696747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833642)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/x86_32"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833642/; classtype:trojan-activity;sid:83696742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833217)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/386"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833217/; classtype:trojan-activity;sid:83696317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833216)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833216/; classtype:trojan-activity;sid:83696316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833213)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833213/; classtype:trojan-activity;sid:83696313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; content:"GET"; http_method; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; content:"GET"; http_method; content:"/delta-io/delta/files/15016110/delta.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828091)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/imtoken-intl-v2.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"154.23.240.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828091/; classtype:trojan-activity;sid:83691191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825976)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1/build3.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cajgtus.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825976/; classtype:trojan-activity;sid:83689076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824981)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824981/; classtype:trojan-activity;sid:83688081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.79.48.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824688/; classtype:trojan-activity;sid:83687788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823256)"; flow:established,from_client; content:"GET"; http_method; content:"/imtoken.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"imtoken8.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823256/; classtype:trojan-activity;sid:83686356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823150)"; flow:established,from_client; content:"GET"; http_method; content:"/y-steamworks.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.50.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823150/; classtype:trojan-activity;sid:83686250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822910)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822910/; classtype:trojan-activity;sid:83686010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822909)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822909/; classtype:trojan-activity;sid:83686009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822908)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822908/; classtype:trojan-activity;sid:83686008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.50.148.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822890/; classtype:trojan-activity;sid:83685990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822894)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.136.240.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822894/; classtype:trojan-activity;sid:83685994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822895)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822895/; classtype:trojan-activity;sid:83685995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822899)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822899/; classtype:trojan-activity;sid:83685999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822886)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.92.222.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822886/; classtype:trojan-activity;sid:83685986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822887)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822887/; classtype:trojan-activity;sid:83685987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822876)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822876/; classtype:trojan-activity;sid:83685976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822866)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.254.173.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822866/; classtype:trojan-activity;sid:83685966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822867)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822867/; classtype:trojan-activity;sid:83685967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822869)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.114.137.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822869/; classtype:trojan-activity;sid:83685969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822870)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.84.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822870/; classtype:trojan-activity;sid:83685970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822874)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822874/; classtype:trojan-activity;sid:83685974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822861)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.189.172.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822861/; classtype:trojan-activity;sid:83685961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822863)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822863/; classtype:trojan-activity;sid:83685963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822844)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822844/; classtype:trojan-activity;sid:83685944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822845)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822845/; classtype:trojan-activity;sid:83685945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822846)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.67.251.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822846/; classtype:trojan-activity;sid:83685946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822847)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822847/; classtype:trojan-activity;sid:83685947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822833)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.253.241.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822833/; classtype:trojan-activity;sid:83685933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822821)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822821/; classtype:trojan-activity;sid:83685921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822823)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822823/; classtype:trojan-activity;sid:83685923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822825)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822825/; classtype:trojan-activity;sid:83685925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822828/; classtype:trojan-activity;sid:83685928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822831)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.23.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822831/; classtype:trojan-activity;sid:83685931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822808)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.223.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822808/; classtype:trojan-activity;sid:83685908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822809)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822809/; classtype:trojan-activity;sid:83685909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822811/; classtype:trojan-activity;sid:83685911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822812)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822812/; classtype:trojan-activity;sid:83685912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822815)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822815/; classtype:trojan-activity;sid:83685915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822819)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822819/; classtype:trojan-activity;sid:83685919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822802)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822802/; classtype:trojan-activity;sid:83685902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822797/; classtype:trojan-activity;sid:83685897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822800)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822800/; classtype:trojan-activity;sid:83685900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822778/; classtype:trojan-activity;sid:83685878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822782/; classtype:trojan-activity;sid:83685882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.37.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822783/; classtype:trojan-activity;sid:83685883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822784)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.237.174.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822784/; classtype:trojan-activity;sid:83685884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822789)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822789/; classtype:trojan-activity;sid:83685889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822770)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822770/; classtype:trojan-activity;sid:83685870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822772/; classtype:trojan-activity;sid:83685872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822774)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822774/; classtype:trojan-activity;sid:83685874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822762)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.60.191.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822762/; classtype:trojan-activity;sid:83685862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822763)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822763/; classtype:trojan-activity;sid:83685863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822764)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.246.177.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822764/; classtype:trojan-activity;sid:83685864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822768)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822768/; classtype:trojan-activity;sid:83685868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822757)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822757/; classtype:trojan-activity;sid:83685857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822754)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822754/; classtype:trojan-activity;sid:83685854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822755/; classtype:trojan-activity;sid:83685855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822746)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.190.142.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822746/; classtype:trojan-activity;sid:83685846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822747)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822747/; classtype:trojan-activity;sid:83685847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822734)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822734/; classtype:trojan-activity;sid:83685834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822735)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822735/; classtype:trojan-activity;sid:83685835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822736)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822736/; classtype:trojan-activity;sid:83685836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822740)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822740/; classtype:trojan-activity;sid:83685840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822743)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.7.153.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822743/; classtype:trojan-activity;sid:83685843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822727)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.19.251.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822727/; classtype:trojan-activity;sid:83685827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822733)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.70.242.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822733/; classtype:trojan-activity;sid:83685833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822721)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822721/; classtype:trojan-activity;sid:83685821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822711)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822711/; classtype:trojan-activity;sid:83685811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822706)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822706/; classtype:trojan-activity;sid:83685806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822707)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.57.121.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822707/; classtype:trojan-activity;sid:83685807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822695)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822695/; classtype:trojan-activity;sid:83685795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822697)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.71.191.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822697/; classtype:trojan-activity;sid:83685797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822699)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.236.114.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822699/; classtype:trojan-activity;sid:83685799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822704)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822704/; classtype:trojan-activity;sid:83685804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822705/; classtype:trojan-activity;sid:83685805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822684)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822684/; classtype:trojan-activity;sid:83685784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822688/; classtype:trojan-activity;sid:83685788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822689)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.43.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822689/; classtype:trojan-activity;sid:83685789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822691)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822691/; classtype:trojan-activity;sid:83685791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822692)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.111.182.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822692/; classtype:trojan-activity;sid:83685792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822678)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.212.109.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822678/; classtype:trojan-activity;sid:83685778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822671/; classtype:trojan-activity;sid:83685771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822670)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822670/; classtype:trojan-activity;sid:83685770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822666)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822666/; classtype:trojan-activity;sid:83685766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.42.121.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822663/; classtype:trojan-activity;sid:83685763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822646)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822646/; classtype:trojan-activity;sid:83685746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822650/; classtype:trojan-activity;sid:83685750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822653)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822653/; classtype:trojan-activity;sid:83685753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822655)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822655/; classtype:trojan-activity;sid:83685755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822657)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.100.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822657/; classtype:trojan-activity;sid:83685757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822658)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.218.50.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822658/; classtype:trojan-activity;sid:83685758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822637)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822637/; classtype:trojan-activity;sid:83685737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822639)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822639/; classtype:trojan-activity;sid:83685739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822633)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.78.118.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822633/; classtype:trojan-activity;sid:83685733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822634)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822634/; classtype:trojan-activity;sid:83685734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822622)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822622/; classtype:trojan-activity;sid:83685722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822601)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822601/; classtype:trojan-activity;sid:83685701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822603)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.113.141.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822603/; classtype:trojan-activity;sid:83685703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822605)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.245.131.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822605/; classtype:trojan-activity;sid:83685705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822606)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822606/; classtype:trojan-activity;sid:83685706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822609)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.159.0.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822609/; classtype:trojan-activity;sid:83685709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822611)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.34.22.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822611/; classtype:trojan-activity;sid:83685711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822612)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822612/; classtype:trojan-activity;sid:83685712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822617)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.188.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822617/; classtype:trojan-activity;sid:83685717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822590)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822590/; classtype:trojan-activity;sid:83685690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822592)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822592/; classtype:trojan-activity;sid:83685692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822575)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822575/; classtype:trojan-activity;sid:83685675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822577)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.77.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822577/; classtype:trojan-activity;sid:83685677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822578)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822578/; classtype:trojan-activity;sid:83685678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822580)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.43.59.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822580/; classtype:trojan-activity;sid:83685680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822581)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822581/; classtype:trojan-activity;sid:83685681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822586)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"144.48.169.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822586/; classtype:trojan-activity;sid:83685686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822587)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.41.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822587/; classtype:trojan-activity;sid:83685687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822566)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822566/; classtype:trojan-activity;sid:83685666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822567)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822567/; classtype:trojan-activity;sid:83685667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822568/; classtype:trojan-activity;sid:83685668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822570)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822570/; classtype:trojan-activity;sid:83685670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822571)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822571/; classtype:trojan-activity;sid:83685671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822573)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.231.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822573/; classtype:trojan-activity;sid:83685673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822574)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822574/; classtype:trojan-activity;sid:83685674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822555)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822555/; classtype:trojan-activity;sid:83685655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822557)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822557/; classtype:trojan-activity;sid:83685657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822559)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.9.192.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822559/; classtype:trojan-activity;sid:83685659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822563)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.7.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822563/; classtype:trojan-activity;sid:83685663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822564)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822564/; classtype:trojan-activity;sid:83685664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822553)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822553/; classtype:trojan-activity;sid:83685653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822547/; classtype:trojan-activity;sid:83685647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822548/; classtype:trojan-activity;sid:83685648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822549)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822549/; classtype:trojan-activity;sid:83685649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822546)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.219.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822546/; classtype:trojan-activity;sid:83685646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822536/; classtype:trojan-activity;sid:83685636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822537)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822537/; classtype:trojan-activity;sid:83685637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822542)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822542/; classtype:trojan-activity;sid:83685642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822523)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.167.25.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822523/; classtype:trojan-activity;sid:83685623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.136.195.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822524/; classtype:trojan-activity;sid:83685624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822525)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.232.241.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822525/; classtype:trojan-activity;sid:83685625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822526)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.182.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822526/; classtype:trojan-activity;sid:83685626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822530)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822530/; classtype:trojan-activity;sid:83685630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822518)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822518/; classtype:trojan-activity;sid:83685618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822522)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822522/; classtype:trojan-activity;sid:83685622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822512)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822512/; classtype:trojan-activity;sid:83685612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822514)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822514/; classtype:trojan-activity;sid:83685614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822515)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822515/; classtype:trojan-activity;sid:83685615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822516)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.239.22.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822516/; classtype:trojan-activity;sid:83685616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822517)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.66.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822517/; classtype:trojan-activity;sid:83685617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822506)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.232.188.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822506/; classtype:trojan-activity;sid:83685606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822507)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.141.122.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822507/; classtype:trojan-activity;sid:83685607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822501)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.189.188.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822501/; classtype:trojan-activity;sid:83685601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822505)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.219.119.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822505/; classtype:trojan-activity;sid:83685605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822495)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822495/; classtype:trojan-activity;sid:83685595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822494)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.253.154.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822494/; classtype:trojan-activity;sid:83685594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822490)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.211.153.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822490/; classtype:trojan-activity;sid:83685590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822481)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822481/; classtype:trojan-activity;sid:83685581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822482/; classtype:trojan-activity;sid:83685582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822484)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.99.230.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822484/; classtype:trojan-activity;sid:83685584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822485)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822485/; classtype:trojan-activity;sid:83685585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822467)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822467/; classtype:trojan-activity;sid:83685567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822471)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822471/; classtype:trojan-activity;sid:83685571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822474)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822474/; classtype:trojan-activity;sid:83685574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822475)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822475/; classtype:trojan-activity;sid:83685575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822477/; classtype:trojan-activity;sid:83685577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822460)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822460/; classtype:trojan-activity;sid:83685560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822451)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822451/; classtype:trojan-activity;sid:83685551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822449)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.59.90.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822449/; classtype:trojan-activity;sid:83685549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822436)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.182.214.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822436/; classtype:trojan-activity;sid:83685536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822441)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822441/; classtype:trojan-activity;sid:83685541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822442)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.83.248.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822442/; classtype:trojan-activity;sid:83685542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822443)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822443/; classtype:trojan-activity;sid:83685543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.134.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822426/; classtype:trojan-activity;sid:83685526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822430)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.112.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822430/; classtype:trojan-activity;sid:83685530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822432)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822432/; classtype:trojan-activity;sid:83685532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822416)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822416/; classtype:trojan-activity;sid:83685516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822417)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822417/; classtype:trojan-activity;sid:83685517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822418)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822418/; classtype:trojan-activity;sid:83685518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822421)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.43.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822421/; classtype:trojan-activity;sid:83685521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822411)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822411/; classtype:trojan-activity;sid:83685511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822406/; classtype:trojan-activity;sid:83685506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822407)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822407/; classtype:trojan-activity;sid:83685507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822401)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822401/; classtype:trojan-activity;sid:83685501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822405/; classtype:trojan-activity;sid:83685505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822388)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822388/; classtype:trojan-activity;sid:83685488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822389/; classtype:trojan-activity;sid:83685489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822390)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822390/; classtype:trojan-activity;sid:83685490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822393)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.122.28.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822393/; classtype:trojan-activity;sid:83685493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822395)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822395/; classtype:trojan-activity;sid:83685495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822396/; classtype:trojan-activity;sid:83685496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822377)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822377/; classtype:trojan-activity;sid:83685477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822383)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822383/; classtype:trojan-activity;sid:83685483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822384/; classtype:trojan-activity;sid:83685484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822371)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822371/; classtype:trojan-activity;sid:83685471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822376)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822376/; classtype:trojan-activity;sid:83685476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822367)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822367/; classtype:trojan-activity;sid:83685467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822356)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822356/; classtype:trojan-activity;sid:83685456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822361)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.198.199.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822361/; classtype:trojan-activity;sid:83685461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822362)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822362/; classtype:trojan-activity;sid:83685462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822363)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822363/; classtype:trojan-activity;sid:83685463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822364)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822364/; classtype:trojan-activity;sid:83685464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822355)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822355/; classtype:trojan-activity;sid:83685455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822345)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822345/; classtype:trojan-activity;sid:83685445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822347)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.56.21.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822347/; classtype:trojan-activity;sid:83685447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822337)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822337/; classtype:trojan-activity;sid:83685437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822342)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.111.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822342/; classtype:trojan-activity;sid:83685442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.29.162.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822332/; classtype:trojan-activity;sid:83685432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822334)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822334/; classtype:trojan-activity;sid:83685434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822335)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.123.142.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822335/; classtype:trojan-activity;sid:83685435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822320)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.162.187.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822320/; classtype:trojan-activity;sid:83685420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822322)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.234.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822322/; classtype:trojan-activity;sid:83685422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822316/; classtype:trojan-activity;sid:83685416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822303)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822303/; classtype:trojan-activity;sid:83685403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822308)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822308/; classtype:trojan-activity;sid:83685408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822299)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822299/; classtype:trojan-activity;sid:83685399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822300)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.52.48.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822300/; classtype:trojan-activity;sid:83685400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822288)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822288/; classtype:trojan-activity;sid:83685388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822291)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.239.120.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822291/; classtype:trojan-activity;sid:83685391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822294)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822294/; classtype:trojan-activity;sid:83685394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822295)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822295/; classtype:trojan-activity;sid:83685395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"173.235.65.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822284/; classtype:trojan-activity;sid:83685384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822286)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822286/; classtype:trojan-activity;sid:83685386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822287/; classtype:trojan-activity;sid:83685387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822275)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822275/; classtype:trojan-activity;sid:83685375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822280/; classtype:trojan-activity;sid:83685380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822272)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.120.28.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822272/; classtype:trojan-activity;sid:83685372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822268/; classtype:trojan-activity;sid:83685368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822255/; classtype:trojan-activity;sid:83685355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822257)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822257/; classtype:trojan-activity;sid:83685357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.237.174.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822258/; classtype:trojan-activity;sid:83685358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822259/; classtype:trojan-activity;sid:83685359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822249/; classtype:trojan-activity;sid:83685349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822253)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.83.245.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822253/; classtype:trojan-activity;sid:83685353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822240/; classtype:trojan-activity;sid:83685340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822242)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.218.172.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822242/; classtype:trojan-activity;sid:83685342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822245)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.196.120.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822245/; classtype:trojan-activity;sid:83685345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822236)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.24.131.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822236/; classtype:trojan-activity;sid:83685336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822234)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822234/; classtype:trojan-activity;sid:83685334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822225)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.246.214.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822225/; classtype:trojan-activity;sid:83685325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822226)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.189.199.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822226/; classtype:trojan-activity;sid:83685326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822228)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822228/; classtype:trojan-activity;sid:83685328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.89.168.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822229/; classtype:trojan-activity;sid:83685329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822230/; classtype:trojan-activity;sid:83685330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822217)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.36.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822217/; classtype:trojan-activity;sid:83685317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822219/; classtype:trojan-activity;sid:83685319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822210)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822210/; classtype:trojan-activity;sid:83685310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822212)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.17.61.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822212/; classtype:trojan-activity;sid:83685312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822214)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822214/; classtype:trojan-activity;sid:83685314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822204/; classtype:trojan-activity;sid:83685304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822205)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822205/; classtype:trojan-activity;sid:83685305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822207)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822207/; classtype:trojan-activity;sid:83685307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822196)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822196/; classtype:trojan-activity;sid:83685296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822197)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822197/; classtype:trojan-activity;sid:83685297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822198)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822198/; classtype:trojan-activity;sid:83685298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822200)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.211.154.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822200/; classtype:trojan-activity;sid:83685300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.254.192.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822194/; classtype:trojan-activity;sid:83685294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822187)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.211.169.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822187/; classtype:trojan-activity;sid:83685287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822182)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822182/; classtype:trojan-activity;sid:83685282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822173)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822173/; classtype:trojan-activity;sid:83685273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822174)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.177.98.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822174/; classtype:trojan-activity;sid:83685274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822178/; classtype:trojan-activity;sid:83685278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822181)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822181/; classtype:trojan-activity;sid:83685281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822160)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.4.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822160/; classtype:trojan-activity;sid:83685260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822161)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.159.4.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822161/; classtype:trojan-activity;sid:83685261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822163)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822163/; classtype:trojan-activity;sid:83685263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822168/; classtype:trojan-activity;sid:83685268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822169/; classtype:trojan-activity;sid:83685269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822153)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822153/; classtype:trojan-activity;sid:83685253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822155)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822155/; classtype:trojan-activity;sid:83685255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822149)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822149/; classtype:trojan-activity;sid:83685249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822142/; classtype:trojan-activity;sid:83685242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822144)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822144/; classtype:trojan-activity;sid:83685244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822145)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.69.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822145/; classtype:trojan-activity;sid:83685245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822140)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822140/; classtype:trojan-activity;sid:83685240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822138)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822138/; classtype:trojan-activity;sid:83685238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822129)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822129/; classtype:trojan-activity;sid:83685229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822131)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822131/; classtype:trojan-activity;sid:83685231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822133)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.154.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822133/; classtype:trojan-activity;sid:83685233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822137)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.174.152.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822137/; classtype:trojan-activity;sid:83685237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822125)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822125/; classtype:trojan-activity;sid:83685225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822127/; classtype:trojan-activity;sid:83685227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822114)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.101.187.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822114/; classtype:trojan-activity;sid:83685214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822100/; classtype:trojan-activity;sid:83685200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822101)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822101/; classtype:trojan-activity;sid:83685201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822107)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822107/; classtype:trojan-activity;sid:83685207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822094)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.158.238.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822094/; classtype:trojan-activity;sid:83685194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822083)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.162.70.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822083/; classtype:trojan-activity;sid:83685183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822084)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822084/; classtype:trojan-activity;sid:83685184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822091)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822091/; classtype:trojan-activity;sid:83685191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822092)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.70.204.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822092/; classtype:trojan-activity;sid:83685192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822073)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822073/; classtype:trojan-activity;sid:83685173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822077)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822077/; classtype:trojan-activity;sid:83685177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822066)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.173.163.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822066/; classtype:trojan-activity;sid:83685166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822067)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822067/; classtype:trojan-activity;sid:83685167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822072)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822072/; classtype:trojan-activity;sid:83685172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822063)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.221.254.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822063/; classtype:trojan-activity;sid:83685163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822064)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822064/; classtype:trojan-activity;sid:83685164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822058)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822058/; classtype:trojan-activity;sid:83685158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822054)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822054/; classtype:trojan-activity;sid:83685154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822048/; classtype:trojan-activity;sid:83685148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822052)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822052/; classtype:trojan-activity;sid:83685152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822042)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822042/; classtype:trojan-activity;sid:83685142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822046)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.175.189.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822046/; classtype:trojan-activity;sid:83685146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822047)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822047/; classtype:trojan-activity;sid:83685147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822031)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822031/; classtype:trojan-activity;sid:83685131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.208.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822035/; classtype:trojan-activity;sid:83685135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822041/; classtype:trojan-activity;sid:83685141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822024)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822024/; classtype:trojan-activity;sid:83685124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822025)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822025/; classtype:trojan-activity;sid:83685125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822027)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.100.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822027/; classtype:trojan-activity;sid:83685127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822018/; classtype:trojan-activity;sid:83685118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822013)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"69.70.215.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822013/; classtype:trojan-activity;sid:83685113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822014)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822014/; classtype:trojan-activity;sid:83685114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822011)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822011/; classtype:trojan-activity;sid:83685111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822007/; classtype:trojan-activity;sid:83685107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.205.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822008/; classtype:trojan-activity;sid:83685108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821996)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821996/; classtype:trojan-activity;sid:83685096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821981/; classtype:trojan-activity;sid:83685081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821984)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.168.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821984/; classtype:trojan-activity;sid:83685084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821977)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821977/; classtype:trojan-activity;sid:83685077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821979)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.100.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821979/; classtype:trojan-activity;sid:83685079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821980)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821980/; classtype:trojan-activity;sid:83685080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821966)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.189.218.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821966/; classtype:trojan-activity;sid:83685066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821970)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821970/; classtype:trojan-activity;sid:83685070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821961)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821961/; classtype:trojan-activity;sid:83685061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821960)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821960/; classtype:trojan-activity;sid:83685060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821952)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821952/; classtype:trojan-activity;sid:83685052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821953)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.231.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821953/; classtype:trojan-activity;sid:83685053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821944)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821944/; classtype:trojan-activity;sid:83685044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821949/; classtype:trojan-activity;sid:83685049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821929/; classtype:trojan-activity;sid:83685029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.16.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821930/; classtype:trojan-activity;sid:83685030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821931)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821931/; classtype:trojan-activity;sid:83685031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821934/; classtype:trojan-activity;sid:83685034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821935/; classtype:trojan-activity;sid:83685035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821939)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821939/; classtype:trojan-activity;sid:83685039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821924)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.55.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821924/; classtype:trojan-activity;sid:83685024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821925)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821925/; classtype:trojan-activity;sid:83685025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821926)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821926/; classtype:trojan-activity;sid:83685026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821917)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.195.191.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821917/; classtype:trojan-activity;sid:83685017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821914)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.101.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821914/; classtype:trojan-activity;sid:83685014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821915)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821915/; classtype:trojan-activity;sid:83685015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821911)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821911/; classtype:trojan-activity;sid:83685011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821863/; classtype:trojan-activity;sid:83684963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.189.188.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821857/; classtype:trojan-activity;sid:83684957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821858/; classtype:trojan-activity;sid:83684958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.29.162.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821861/; classtype:trojan-activity;sid:83684961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821854/; classtype:trojan-activity;sid:83684954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.114.137.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821850/; classtype:trojan-activity;sid:83684950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821851/; classtype:trojan-activity;sid:83684951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.211.153.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821839/; classtype:trojan-activity;sid:83684939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.59.90.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821840/; classtype:trojan-activity;sid:83684940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.162.70.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821844/; classtype:trojan-activity;sid:83684944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821836/; classtype:trojan-activity;sid:83684936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.95.254.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821828/; classtype:trojan-activity;sid:83684928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.190.57.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821826/; classtype:trojan-activity;sid:83684926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821818/; classtype:trojan-activity;sid:83684918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.218.50.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821819/; classtype:trojan-activity;sid:83684919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.195.191.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821821/; classtype:trojan-activity;sid:83684921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.37.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821823/; classtype:trojan-activity;sid:83684923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.77.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821813/; classtype:trojan-activity;sid:83684913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821806/; classtype:trojan-activity;sid:83684906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821801/; classtype:trojan-activity;sid:83684901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821793/; classtype:trojan-activity;sid:83684893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.149.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821794/; classtype:trojan-activity;sid:83684894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.122.28.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821795/; classtype:trojan-activity;sid:83684895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821790/; classtype:trojan-activity;sid:83684890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821776/; classtype:trojan-activity;sid:83684876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.55.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821777/; classtype:trojan-activity;sid:83684877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821772/; classtype:trojan-activity;sid:83684872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821765/; classtype:trojan-activity;sid:83684865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821764/; classtype:trojan-activity;sid:83684864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821759/; classtype:trojan-activity;sid:83684859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821762/; classtype:trojan-activity;sid:83684862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.235.65.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821753/; classtype:trojan-activity;sid:83684853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821755/; classtype:trojan-activity;sid:83684855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821747/; classtype:trojan-activity;sid:83684847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.239.120.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821749/; classtype:trojan-activity;sid:83684849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821751/; classtype:trojan-activity;sid:83684851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821740/; classtype:trojan-activity;sid:83684840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.205.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821743/; classtype:trojan-activity;sid:83684843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821745/; classtype:trojan-activity;sid:83684845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821735/; classtype:trojan-activity;sid:83684835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.100.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821736/; classtype:trojan-activity;sid:83684836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821737/; classtype:trojan-activity;sid:83684837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821738/; classtype:trojan-activity;sid:83684838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821729/; classtype:trojan-activity;sid:83684829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821730/; classtype:trojan-activity;sid:83684830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821732/; classtype:trojan-activity;sid:83684832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.59.133.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821734/; classtype:trojan-activity;sid:83684834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.159.4.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821721/; classtype:trojan-activity;sid:83684821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821722/; classtype:trojan-activity;sid:83684822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821723/; classtype:trojan-activity;sid:83684823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821726/; classtype:trojan-activity;sid:83684826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.178.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821714/; classtype:trojan-activity;sid:83684814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821706/; classtype:trojan-activity;sid:83684806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.209.71.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821713/; classtype:trojan-activity;sid:83684813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.93.245.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821703/; classtype:trojan-activity;sid:83684803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.246.177.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821690/; classtype:trojan-activity;sid:83684790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.159.0.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821692/; classtype:trojan-activity;sid:83684792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821693/; classtype:trojan-activity;sid:83684793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821697/; classtype:trojan-activity;sid:83684797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821699/; classtype:trojan-activity;sid:83684799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821700/; classtype:trojan-activity;sid:83684800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821679/; classtype:trojan-activity;sid:83684779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821685/; classtype:trojan-activity;sid:83684785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821687/; classtype:trojan-activity;sid:83684787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.158.238.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821688/; classtype:trojan-activity;sid:83684788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821689/; classtype:trojan-activity;sid:83684789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821676/; classtype:trojan-activity;sid:83684776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821678/; classtype:trojan-activity;sid:83684778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821669/; classtype:trojan-activity;sid:83684769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821670/; classtype:trojan-activity;sid:83684770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.211.169.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821665/; classtype:trojan-activity;sid:83684765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.99.230.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821653/; classtype:trojan-activity;sid:83684753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821654/; classtype:trojan-activity;sid:83684754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.56.21.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821651/; classtype:trojan-activity;sid:83684751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821646/; classtype:trojan-activity;sid:83684746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.205.125.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821643/; classtype:trojan-activity;sid:83684743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821629/; classtype:trojan-activity;sid:83684729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821633/; classtype:trojan-activity;sid:83684733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821634/; classtype:trojan-activity;sid:83684734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821636/; classtype:trojan-activity;sid:83684736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.177.98.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821638/; classtype:trojan-activity;sid:83684738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821622/; classtype:trojan-activity;sid:83684722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821625/; classtype:trojan-activity;sid:83684725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821617/; classtype:trojan-activity;sid:83684717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.231.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821618/; classtype:trojan-activity;sid:83684718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.16.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821611/; classtype:trojan-activity;sid:83684711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.92.222.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821613/; classtype:trojan-activity;sid:83684713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.211.154.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821609/; classtype:trojan-activity;sid:83684709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821599/; classtype:trojan-activity;sid:83684699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821594/; classtype:trojan-activity;sid:83684694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821595/; classtype:trojan-activity;sid:83684695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.66.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821583/; classtype:trojan-activity;sid:83684683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.101.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821580/; classtype:trojan-activity;sid:83684680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820656/; classtype:trojan-activity;sid:83683756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820657/; classtype:trojan-activity;sid:83683757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820658/; classtype:trojan-activity;sid:83683758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818999/; classtype:trojan-activity;sid:83682099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818993/; classtype:trojan-activity;sid:83682093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818988/; classtype:trojan-activity;sid:83682088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818986/; classtype:trojan-activity;sid:83682086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818987/; classtype:trojan-activity;sid:83682087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818981/; classtype:trojan-activity;sid:83682081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818983/; classtype:trojan-activity;sid:83682083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818984/; classtype:trojan-activity;sid:83682084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818967/; classtype:trojan-activity;sid:83682067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818969/; classtype:trojan-activity;sid:83682069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818974/; classtype:trojan-activity;sid:83682074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818975/; classtype:trojan-activity;sid:83682075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818963/; classtype:trojan-activity;sid:83682063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818966/; classtype:trojan-activity;sid:83682066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818953/; classtype:trojan-activity;sid:83682053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818946/; classtype:trojan-activity;sid:83682046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.167.25.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818948/; classtype:trojan-activity;sid:83682048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818942/; classtype:trojan-activity;sid:83682042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.182.214.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818943/; classtype:trojan-activity;sid:83682043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.137.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818930/; classtype:trojan-activity;sid:83682030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.113.141.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818932/; classtype:trojan-activity;sid:83682032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818939/; classtype:trojan-activity;sid:83682039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818940/; classtype:trojan-activity;sid:83682040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.50.148.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818926/; classtype:trojan-activity;sid:83682026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818915/; classtype:trojan-activity;sid:83682015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818917/; classtype:trojan-activity;sid:83682017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818920/; classtype:trojan-activity;sid:83682020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818911/; classtype:trojan-activity;sid:83682011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818905/; classtype:trojan-activity;sid:83682005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.254.192.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818906/; classtype:trojan-activity;sid:83682006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.242.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818907/; classtype:trojan-activity;sid:83682007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818884/; classtype:trojan-activity;sid:83681984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818887/; classtype:trojan-activity;sid:83681987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818881/; classtype:trojan-activity;sid:83681981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.111.182.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818876/; classtype:trojan-activity;sid:83681976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.232.188.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818877/; classtype:trojan-activity;sid:83681977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.120.28.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818878/; classtype:trojan-activity;sid:83681978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818874/; classtype:trojan-activity;sid:83681974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818868/; classtype:trojan-activity;sid:83681968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818866/; classtype:trojan-activity;sid:83681966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.28.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818864/; classtype:trojan-activity;sid:83681964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818857/; classtype:trojan-activity;sid:83681957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818852/; classtype:trojan-activity;sid:83681952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818853/; classtype:trojan-activity;sid:83681953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.101.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818847/; classtype:trojan-activity;sid:83681947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.36.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818851/; classtype:trojan-activity;sid:83681951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818838/; classtype:trojan-activity;sid:83681938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.210.35.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818840/; classtype:trojan-activity;sid:83681940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818832/; classtype:trojan-activity;sid:83681932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.25.133.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818829/; classtype:trojan-activity;sid:83681929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.102.177.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818823/; classtype:trojan-activity;sid:83681923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818826/; classtype:trojan-activity;sid:83681926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.60.191.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818821/; classtype:trojan-activity;sid:83681921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818800/; classtype:trojan-activity;sid:83681900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818806/; classtype:trojan-activity;sid:83681906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.162.187.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818807/; classtype:trojan-activity;sid:83681907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.219.119.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818786/; classtype:trojan-activity;sid:83681886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.136.240.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818773/; classtype:trojan-activity;sid:83681873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818777/; classtype:trojan-activity;sid:83681877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818772/; classtype:trojan-activity;sid:83681872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.83.245.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818768/; classtype:trojan-activity;sid:83681868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818758/; classtype:trojan-activity;sid:83681858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.163.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818753/; classtype:trojan-activity;sid:83681853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.105.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818240/; classtype:trojan-activity;sid:83681340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.231.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818237/; classtype:trojan-activity;sid:83681337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.251.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818229/; classtype:trojan-activity;sid:83681329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818227/; classtype:trojan-activity;sid:83681327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818228/; classtype:trojan-activity;sid:83681328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817148)"; flow:established,from_client; content:"GET"; http_method; content:"/coolismoney/laughing-octo-tribble/releases/download/v2/crazycore.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817148/; classtype:trojan-activity;sid:83680248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.52.48.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814130/; classtype:trojan-activity;sid:83677230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814129/; classtype:trojan-activity;sid:83677229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814128/; classtype:trojan-activity;sid:83677228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814116/; classtype:trojan-activity;sid:83677216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814117/; classtype:trojan-activity;sid:83677217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.168.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814119/; classtype:trojan-activity;sid:83677219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814122/; classtype:trojan-activity;sid:83677222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814109/; classtype:trojan-activity;sid:83677209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.123.142.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814100/; classtype:trojan-activity;sid:83677200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814105/; classtype:trojan-activity;sid:83677205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814093/; classtype:trojan-activity;sid:83677193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814095/; classtype:trojan-activity;sid:83677195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814086/; classtype:trojan-activity;sid:83677186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.254.173.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814087/; classtype:trojan-activity;sid:83677187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814080/; classtype:trojan-activity;sid:83677180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814082/; classtype:trojan-activity;sid:83677182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.189.218.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814083/; classtype:trojan-activity;sid:83677183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.67.115.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813793/; classtype:trojan-activity;sid:83676893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813151/; classtype:trojan-activity;sid:83676251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813148/; classtype:trojan-activity;sid:83676248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813150/; classtype:trojan-activity;sid:83676250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813143/; classtype:trojan-activity;sid:83676243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813146/; classtype:trojan-activity;sid:83676246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.253.154.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813147/; classtype:trojan-activity;sid:83676247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813133/; classtype:trojan-activity;sid:83676233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.43.59.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813134/; classtype:trojan-activity;sid:83676234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813128/; classtype:trojan-activity;sid:83676228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.198.242.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813129/; classtype:trojan-activity;sid:83676229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.219.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813130/; classtype:trojan-activity;sid:83676230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813132/; classtype:trojan-activity;sid:83676232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813122/; classtype:trojan-activity;sid:83676222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813125/; classtype:trojan-activity;sid:83676225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813108/; classtype:trojan-activity;sid:83676208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813091/; classtype:trojan-activity;sid:83676191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813093/; classtype:trojan-activity;sid:83676193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813101/; classtype:trojan-activity;sid:83676201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.142.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813103/; classtype:trojan-activity;sid:83676203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813084/; classtype:trojan-activity;sid:83676184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813078/; classtype:trojan-activity;sid:83676178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813068/; classtype:trojan-activity;sid:83676168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813070/; classtype:trojan-activity;sid:83676170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813060/; classtype:trojan-activity;sid:83676160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813064/; classtype:trojan-activity;sid:83676164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813047/; classtype:trojan-activity;sid:83676147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813049/; classtype:trojan-activity;sid:83676149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.169.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813051/; classtype:trojan-activity;sid:83676151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813052/; classtype:trojan-activity;sid:83676152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813037/; classtype:trojan-activity;sid:83676137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.204.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813040/; classtype:trojan-activity;sid:83676140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813041/; classtype:trojan-activity;sid:83676141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.19.251.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813028/; classtype:trojan-activity;sid:83676128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.29.137.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813029/; classtype:trojan-activity;sid:83676129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.169.235.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813024/; classtype:trojan-activity;sid:83676124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812539)"; flow:established,from_client; content:"GET"; http_method; content:"/dinsherman202/solid-lamp/releases/download/download/github.software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812539/; classtype:trojan-activity;sid:83675639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.239.105.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809231/; classtype:trojan-activity;sid:83672331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809227/; classtype:trojan-activity;sid:83672327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809228/; classtype:trojan-activity;sid:83672328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809223/; classtype:trojan-activity;sid:83672323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.100.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809224/; classtype:trojan-activity;sid:83672324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809225/; classtype:trojan-activity;sid:83672325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809226/; classtype:trojan-activity;sid:83672326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.9.192.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809221/; classtype:trojan-activity;sid:83672321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809208/; classtype:trojan-activity;sid:83672308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809209/; classtype:trojan-activity;sid:83672309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.95.186.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809204/; classtype:trojan-activity;sid:83672304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809202/; classtype:trojan-activity;sid:83672302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809203/; classtype:trojan-activity;sid:83672303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809193/; classtype:trojan-activity;sid:83672293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.223.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809184/; classtype:trojan-activity;sid:83672284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809187/; classtype:trojan-activity;sid:83672287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.54.121.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809177/; classtype:trojan-activity;sid:83672277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809173/; classtype:trojan-activity;sid:83672273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809175/; classtype:trojan-activity;sid:83672275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809167/; classtype:trojan-activity;sid:83672267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809162/; classtype:trojan-activity;sid:83672262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.191.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809160/; classtype:trojan-activity;sid:83672260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.89.168.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809146/; classtype:trojan-activity;sid:83672246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809149/; classtype:trojan-activity;sid:83672249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809139/; classtype:trojan-activity;sid:83672239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809132/; classtype:trojan-activity;sid:83672232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809135/; classtype:trojan-activity;sid:83672235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809128/; classtype:trojan-activity;sid:83672228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809115/; classtype:trojan-activity;sid:83672215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809117/; classtype:trojan-activity;sid:83672217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809120/; classtype:trojan-activity;sid:83672220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809107/; classtype:trojan-activity;sid:83672207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809112/; classtype:trojan-activity;sid:83672212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.43.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809113/; classtype:trojan-activity;sid:83672213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.7.153.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809105/; classtype:trojan-activity;sid:83672205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.42.121.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809100/; classtype:trojan-activity;sid:83672200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809084/; classtype:trojan-activity;sid:83672184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809089/; classtype:trojan-activity;sid:83672189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809091/; classtype:trojan-activity;sid:83672191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809073/; classtype:trojan-activity;sid:83672173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809077/; classtype:trojan-activity;sid:83672177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.222.45.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809054/; classtype:trojan-activity;sid:83672154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809010/; classtype:trojan-activity;sid:83672110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809011/; classtype:trojan-activity;sid:83672111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.105.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808999/; classtype:trojan-activity;sid:83672099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.72.31.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808994/; classtype:trojan-activity;sid:83672094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808986/; classtype:trojan-activity;sid:83672086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808981/; classtype:trojan-activity;sid:83672081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808972/; classtype:trojan-activity;sid:83672072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.174.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808973/; classtype:trojan-activity;sid:83672073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.84.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808975/; classtype:trojan-activity;sid:83672075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.184.188.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808976/; classtype:trojan-activity;sid:83672076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808963/; classtype:trojan-activity;sid:83672063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808966/; classtype:trojan-activity;sid:83672066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808967/; classtype:trojan-activity;sid:83672067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.79.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808968/; classtype:trojan-activity;sid:83672068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808970/; classtype:trojan-activity;sid:83672070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808957/; classtype:trojan-activity;sid:83672057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808951/; classtype:trojan-activity;sid:83672051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808952/; classtype:trojan-activity;sid:83672052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808946/; classtype:trojan-activity;sid:83672046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808929/; classtype:trojan-activity;sid:83672029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.208.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808931/; classtype:trojan-activity;sid:83672031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.241.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808932/; classtype:trojan-activity;sid:83672032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808933/; classtype:trojan-activity;sid:83672033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808936/; classtype:trojan-activity;sid:83672036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.234.203.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808937/; classtype:trojan-activity;sid:83672037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808939/; classtype:trojan-activity;sid:83672039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.253.241.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808926/; classtype:trojan-activity;sid:83672026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.175.138.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808915/; classtype:trojan-activity;sid:83672015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.70.215.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808917/; classtype:trojan-activity;sid:83672017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.151.29.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808906/; classtype:trojan-activity;sid:83672006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808907/; classtype:trojan-activity;sid:83672007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808910/; classtype:trojan-activity;sid:83672010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.74.128.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808911/; classtype:trojan-activity;sid:83672011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.189.199.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808912/; classtype:trojan-activity;sid:83672012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.20.122.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808895/; classtype:trojan-activity;sid:83671995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808900/; classtype:trojan-activity;sid:83672000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808888/; classtype:trojan-activity;sid:83671988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808883/; classtype:trojan-activity;sid:83671983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808876/; classtype:trojan-activity;sid:83671976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808872/; classtype:trojan-activity;sid:83671972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.16.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808873/; classtype:trojan-activity;sid:83671973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808869/; classtype:trojan-activity;sid:83671969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808870/; classtype:trojan-activity;sid:83671970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.78.118.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808861/; classtype:trojan-activity;sid:83671961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808851/; classtype:trojan-activity;sid:83671951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808852/; classtype:trojan-activity;sid:83671952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.34.22.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808853/; classtype:trojan-activity;sid:83671953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808854/; classtype:trojan-activity;sid:83671954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808842/; classtype:trojan-activity;sid:83671942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.236.114.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808840/; classtype:trojan-activity;sid:83671940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808832/; classtype:trojan-activity;sid:83671932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.134.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808822/; classtype:trojan-activity;sid:83671922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.41.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808824/; classtype:trojan-activity;sid:83671924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.189.172.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808826/; classtype:trojan-activity;sid:83671926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808827/; classtype:trojan-activity;sid:83671927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808829/; classtype:trojan-activity;sid:83671929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808820/; classtype:trojan-activity;sid:83671920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808814/; classtype:trojan-activity;sid:83671914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.188.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808807/; classtype:trojan-activity;sid:83671907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808809/; classtype:trojan-activity;sid:83671909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808802/; classtype:trojan-activity;sid:83671902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.164.252.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808793/; classtype:trojan-activity;sid:83671893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808794/; classtype:trojan-activity;sid:83671894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808795/; classtype:trojan-activity;sid:83671895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808797/; classtype:trojan-activity;sid:83671897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808798/; classtype:trojan-activity;sid:83671898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.83.248.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808786/; classtype:trojan-activity;sid:83671886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.173.163.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808778/; classtype:trojan-activity;sid:83671878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.24.131.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808782/; classtype:trojan-activity;sid:83671882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.43.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808770/; classtype:trojan-activity;sid:83671870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808771/; classtype:trojan-activity;sid:83671871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.202.220.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808760/; classtype:trojan-activity;sid:83671860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808767/; classtype:trojan-activity;sid:83671867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808758/; classtype:trojan-activity;sid:83671858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808754/; classtype:trojan-activity;sid:83671854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808748/; classtype:trojan-activity;sid:83671848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808751/; classtype:trojan-activity;sid:83671851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.69.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808743/; classtype:trojan-activity;sid:83671843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808734/; classtype:trojan-activity;sid:83671834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.111.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808735/; classtype:trojan-activity;sid:83671835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808737/; classtype:trojan-activity;sid:83671837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.71.191.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808738/; classtype:trojan-activity;sid:83671838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808739/; classtype:trojan-activity;sid:83671839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808708/; classtype:trojan-activity;sid:83671808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808710/; classtype:trojan-activity;sid:83671810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808715/; classtype:trojan-activity;sid:83671815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808716/; classtype:trojan-activity;sid:83671816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808717/; classtype:trojan-activity;sid:83671817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.7.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808701/; classtype:trojan-activity;sid:83671801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808659/; classtype:trojan-activity;sid:83671759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808652/; classtype:trojan-activity;sid:83671752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.212.109.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808643/; classtype:trojan-activity;sid:83671743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808637/; classtype:trojan-activity;sid:83671737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.23.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808639/; classtype:trojan-activity;sid:83671739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808631/; classtype:trojan-activity;sid:83671731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808630/; classtype:trojan-activity;sid:83671730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808625/; classtype:trojan-activity;sid:83671725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808616/; classtype:trojan-activity;sid:83671716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808610/; classtype:trojan-activity;sid:83671710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808603/; classtype:trojan-activity;sid:83671703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808594/; classtype:trojan-activity;sid:83671694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808599/; classtype:trojan-activity;sid:83671699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.38.241.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808586/; classtype:trojan-activity;sid:83671686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.69.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808575/; classtype:trojan-activity;sid:83671675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808564/; classtype:trojan-activity;sid:83671664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808563/; classtype:trojan-activity;sid:83671663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808561/; classtype:trojan-activity;sid:83671661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808562/; classtype:trojan-activity;sid:83671662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.218.172.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808556/; classtype:trojan-activity;sid:83671656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808560/; classtype:trojan-activity;sid:83671660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808540/; classtype:trojan-activity;sid:83671640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808542/; classtype:trojan-activity;sid:83671642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.234.147.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808544/; classtype:trojan-activity;sid:83671644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808545/; classtype:trojan-activity;sid:83671645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.141.122.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808546/; classtype:trojan-activity;sid:83671646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.101.187.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808549/; classtype:trojan-activity;sid:83671649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.239.22.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808550/; classtype:trojan-activity;sid:83671650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808551/; classtype:trojan-activity;sid:83671651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808533/; classtype:trojan-activity;sid:83671633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.191.218.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808521/; classtype:trojan-activity;sid:83671621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808524/; classtype:trojan-activity;sid:83671624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808511/; classtype:trojan-activity;sid:83671611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808515/; classtype:trojan-activity;sid:83671615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808502/; classtype:trojan-activity;sid:83671602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808492/; classtype:trojan-activity;sid:83671592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808485/; classtype:trojan-activity;sid:83671585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.68.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808482/; classtype:trojan-activity;sid:83671582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808475/; classtype:trojan-activity;sid:83671575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.42.243.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808478/; classtype:trojan-activity;sid:83671578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808467/; classtype:trojan-activity;sid:83671567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808468/; classtype:trojan-activity;sid:83671568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808474/; classtype:trojan-activity;sid:83671574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.55.243.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808462/; classtype:trojan-activity;sid:83671562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.17.61.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808457/; classtype:trojan-activity;sid:83671557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.154.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808459/; classtype:trojan-activity;sid:83671559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.4.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808460/; classtype:trojan-activity;sid:83671560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.237.174.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808452/; classtype:trojan-activity;sid:83671552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.234.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808447/; classtype:trojan-activity;sid:83671547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808432/; classtype:trojan-activity;sid:83671532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.237.174.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808434/; classtype:trojan-activity;sid:83671534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808442/; classtype:trojan-activity;sid:83671542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.136.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808443/; classtype:trojan-activity;sid:83671543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808444/; classtype:trojan-activity;sid:83671544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808445/; classtype:trojan-activity;sid:83671545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808423/; classtype:trojan-activity;sid:83671523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.246.214.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808425/; classtype:trojan-activity;sid:83671525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808427/; classtype:trojan-activity;sid:83671527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.174.152.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808429/; classtype:trojan-activity;sid:83671529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808430/; classtype:trojan-activity;sid:83671530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.209.255.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808413/; classtype:trojan-activity;sid:83671513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808418/; classtype:trojan-activity;sid:83671518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.221.254.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808406/; classtype:trojan-activity;sid:83671506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808408/; classtype:trojan-activity;sid:83671508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808390/; classtype:trojan-activity;sid:83671490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.100.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808392/; classtype:trojan-activity;sid:83671492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.57.121.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808397/; classtype:trojan-activity;sid:83671497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.182.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808376/; classtype:trojan-activity;sid:83671476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.72.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808377/; classtype:trojan-activity;sid:83671477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808380/; classtype:trojan-activity;sid:83671480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.245.131.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808385/; classtype:trojan-activity;sid:83671485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808371/; classtype:trojan-activity;sid:83671471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808373/; classtype:trojan-activity;sid:83671473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808366/; classtype:trojan-activity;sid:83671466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808309)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808309/; classtype:trojan-activity;sid:83671409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808300)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808300/; classtype:trojan-activity;sid:83671400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808303/; classtype:trojan-activity;sid:83671403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808304/; classtype:trojan-activity;sid:83671404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808306)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808306/; classtype:trojan-activity;sid:83671406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808307)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808307/; classtype:trojan-activity;sid:83671407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808284/; classtype:trojan-activity;sid:83671384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808286)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808286/; classtype:trojan-activity;sid:83671386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808287/; classtype:trojan-activity;sid:83671387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808289)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808289/; classtype:trojan-activity;sid:83671389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808281)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808281/; classtype:trojan-activity;sid:83671381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808271)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808271/; classtype:trojan-activity;sid:83671371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808274)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808274/; classtype:trojan-activity;sid:83671374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808276)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808276/; classtype:trojan-activity;sid:83671376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808277)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808277/; classtype:trojan-activity;sid:83671377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808278)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808278/; classtype:trojan-activity;sid:83671378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808279)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808279/; classtype:trojan-activity;sid:83671379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808280)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808280/; classtype:trojan-activity;sid:83671380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808264)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808264/; classtype:trojan-activity;sid:83671364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808267)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808267/; classtype:trojan-activity;sid:83671367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808231)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808231/; classtype:trojan-activity;sid:83671331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808232)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808232/; classtype:trojan-activity;sid:83671332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808233/; classtype:trojan-activity;sid:83671333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808235)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808235/; classtype:trojan-activity;sid:83671335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808236/; classtype:trojan-activity;sid:83671336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808241)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808241/; classtype:trojan-activity;sid:83671341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808244/; classtype:trojan-activity;sid:83671344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808245/; classtype:trojan-activity;sid:83671345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808247/; classtype:trojan-activity;sid:83671347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808249)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808249/; classtype:trojan-activity;sid:83671349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808250)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808250/; classtype:trojan-activity;sid:83671350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808226/; classtype:trojan-activity;sid:83671326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808227/; classtype:trojan-activity;sid:83671327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808215)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808215/; classtype:trojan-activity;sid:83671315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808216/; classtype:trojan-activity;sid:83671316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808217)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808217/; classtype:trojan-activity;sid:83671317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808219)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808219/; classtype:trojan-activity;sid:83671319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808221/; classtype:trojan-activity;sid:83671321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808199/; classtype:trojan-activity;sid:83671299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808189/; classtype:trojan-activity;sid:83671289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808190/; classtype:trojan-activity;sid:83671290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808191/; classtype:trojan-activity;sid:83671291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808193/; classtype:trojan-activity;sid:83671293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808195/; classtype:trojan-activity;sid:83671295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808196/; classtype:trojan-activity;sid:83671296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808176/; classtype:trojan-activity;sid:83671276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808178/; classtype:trojan-activity;sid:83671278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808179/; classtype:trojan-activity;sid:83671279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808183/; classtype:trojan-activity;sid:83671283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808184/; classtype:trojan-activity;sid:83671284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808167/; classtype:trojan-activity;sid:83671267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808168/; classtype:trojan-activity;sid:83671268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; content:"GET"; http_method; content:"/ping"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807300)"; flow:established,from_client; content:"GET"; http_method; content:"/http.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807300/; classtype:trojan-activity;sid:83670400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806527)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"138.36.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806527/; classtype:trojan-activity;sid:83669627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804806)"; flow:established,from_client; content:"GET"; http_method; content:"/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"distro.ibiblio.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804806/; classtype:trojan-activity;sid:83667906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798785)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.209.41.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798785/; classtype:trojan-activity;sid:83661885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798784)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.209.41.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798784/; classtype:trojan-activity;sid:83661884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789955)"; flow:established,from_client; content:"GET"; http_method; content:"/incoper887/tua/raw/main/build.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789955/; classtype:trojan-activity;sid:83653055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; content:"GET"; http_method; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"60.22.23.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"65.49.44.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.113.35.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787023/; classtype:trojan-activity;sid:83650123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786674)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.101.206.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786674/; classtype:trojan-activity;sid:83649774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786672)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.96.147.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786672/; classtype:trojan-activity;sid:83649772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786665)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.44.203.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786665/; classtype:trojan-activity;sid:83649765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786649)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.42.168.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786649/; classtype:trojan-activity;sid:83649749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786332)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.class"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.98.107.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786332/; classtype:trojan-activity;sid:83649432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786333)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.98.107.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786333/; classtype:trojan-activity;sid:83649433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; content:"GET"; http_method; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tinder%20bot.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785235)"; flow:established,from_client; content:"GET"; http_method; content:"/ransomware.wannacry_plus.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_17; reference:url, urlhaus.abuse.ch/url/2785235/; classtype:trojan-activity;sid:83648335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; content:"GET"; http_method; content:"/17c4755d1d45ed1bb454/8703634058188758823"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"f24-zfcloud.zdn.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780261)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780261/; classtype:trojan-activity;sid:83643361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"oys0ro.static.otenet.gr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780255/; classtype:trojan-activity;sid:83643355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777824)"; flow:established,from_client; content:"GET"; http_method; content:"/m.py"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777824/; classtype:trojan-activity;sid:83640924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777823)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777823/; classtype:trojan-activity;sid:83640923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777822)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777822/; classtype:trojan-activity;sid:83640922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777441)"; flow:established,from_client; content:"GET"; http_method; content:"/greenpackage.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bitkiselurunsiparis.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_07; reference:url, urlhaus.abuse.ch/url/2777441/; classtype:trojan-activity;sid:83640541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776111)"; flow:established,from_client; content:"GET"; http_method; content:"/update/cheat.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776111/; classtype:trojan-activity;sid:83639211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776110)"; flow:established,from_client; content:"GET"; http_method; content:"/update/main.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776110/; classtype:trojan-activity;sid:83639210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776109)"; flow:established,from_client; content:"GET"; http_method; content:"/update/zverify.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776109/; classtype:trojan-activity;sid:83639209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776108)"; flow:established,from_client; content:"GET"; http_method; content:"/update/mhpverify.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776108/; classtype:trojan-activity;sid:83639208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769194/; classtype:trojan-activity;sid:83632294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769195/; classtype:trojan-activity;sid:83632295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.198.199.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769198/; classtype:trojan-activity;sid:83632298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.194.8.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769199/; classtype:trojan-activity;sid:83632299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.ojang.pe.kr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_r1.bmp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; content:"GET"; http_method; content:"/hitmanpro.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hitman-pro.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765586)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_default.bmp"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765586/; classtype:trojan-activity;sid:83628686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757963)"; flow:established,from_client; content:"GET"; http_method; content:"/mobileanjian.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.6.5.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757963/; classtype:trojan-activity;sid:83621063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2755280)"; flow:established,from_client; content:"GET"; http_method; content:"/den4ikyt/spoofer/raw/main/hwid%20spoofer.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_02; reference:url, urlhaus.abuse.ch/url/2755280/; classtype:trojan-activity;sid:83618380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752947)"; flow:established,from_client; content:"GET"; http_method; content:"/app/view/ta.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.26.174.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_29; reference:url, urlhaus.abuse.ch/url/2752947/; classtype:trojan-activity;sid:83616047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752434)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/build6_unencrypted.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_28; reference:url, urlhaus.abuse.ch/url/2752434/; classtype:trojan-activity;sid:83615534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750554)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/first.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_22; reference:url, urlhaus.abuse.ch/url/2750554/; classtype:trojan-activity;sid:83613654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749981)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/windows.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749981/; classtype:trojan-activity;sid:83613081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749973)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/eszop.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749973/; classtype:trojan-activity;sid:83613073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749975)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/wefhrf.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749975/; classtype:trojan-activity;sid:83613075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748820)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748820/; classtype:trojan-activity;sid:83611920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748808)"; flow:established,from_client; content:"GET"; http_method; content:"/kseniakucherksenia/.github.io/raw/main/cayv0deo9jst417.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748808/; classtype:trojan-activity;sid:83611908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748809)"; flow:established,from_client; content:"GET"; http_method; content:"/kseniakucherksenia/.github.io/main/cayv0deo9jst417.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748809/; classtype:trojan-activity;sid:83611909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; content:"GET"; http_method; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748350)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rqhgsr779gyzvi15p-bmkx8txq4bj-yi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748350/; classtype:trojan-activity;sid:83611450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_06; reference:url, urlhaus.abuse.ch/url/2746783/; classtype:trojan-activity;sid:83609883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744609)"; flow:established,from_client; content:"GET"; http_method; content:"/24/b.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.16.38.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_12_27; reference:url, urlhaus.abuse.ch/url/2744609/; classtype:trojan-activity;sid:83607709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744000)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_24; reference:url, urlhaus.abuse.ch/url/2744000/; classtype:trojan-activity;sid:83607100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735437)"; flow:established,from_client; content:"GET"; http_method; content:"/static/automaticamente/index.php"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"wynecare.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_27; reference:url, urlhaus.abuse.ch/url/2735437/; classtype:trojan-activity;sid:83598537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735400)"; flow:established,from_client; content:"GET"; http_method; content:"/chdyz/chdyz.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.110.247.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735400/; classtype:trojan-activity;sid:83598500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735399)"; flow:established,from_client; content:"GET"; http_method; content:"/chdyz/chdyz.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.110.247.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735399/; classtype:trojan-activity;sid:83598499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735077)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/store.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.globallaborsupply.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2735077/; classtype:trojan-activity;sid:83598177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734988)"; flow:established,from_client; content:"GET"; http_method; content:"/lti_ruby/av/development/insertionsortpro.js"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"lti.cs.vt.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734988/; classtype:trojan-activity;sid:83598088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734981)"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/bin/nobody/clean.it"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"xiangshunjy.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734981/; classtype:trojan-activity;sid:83598081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; content:"GET"; http_method; content:"/404"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.184.194.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733662)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_22; reference:url, urlhaus.abuse.ch/url/2733662/; classtype:trojan-activity;sid:83596762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731357/; classtype:trojan-activity;sid:83594457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; content:"GET"; http_method; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728916)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jmvlc342a-9khhwqofk1aticown34bxe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_08; reference:url, urlhaus.abuse.ch/url/2728916/; classtype:trojan-activity;sid:83592016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726789)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zte2ty_wldnnepgomzi6zqqad7moc4kk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726789/; classtype:trojan-activity;sid:83589889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; content:"GET"; http_method; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2725971)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctnmusyjuqkrxgvd6uph5ttb4-sb1zxr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2725971/; classtype:trojan-activity;sid:83589071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2724547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.36.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2724547/; classtype:trojan-activity;sid:83587647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2723186)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nx37rcyoclifch3waaddhuzclyj4ouue"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2723186/; classtype:trojan-activity;sid:83586286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720676)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.35.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_15; reference:url, urlhaus.abuse.ch/url/2720676/; classtype:trojan-activity;sid:83583776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720427)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_14; reference:url, urlhaus.abuse.ch/url/2720427/; classtype:trojan-activity;sid:83583527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717631)"; flow:established,from_client; content:"GET"; http_method; content:"/112s"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717631/; classtype:trojan-activity;sid:83580731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714956)"; flow:established,from_client; content:"GET"; http_method; content:"/112"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714956/; classtype:trojan-activity;sid:83578056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713178/; classtype:trojan-activity;sid:83576278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713150)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.101.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713150/; classtype:trojan-activity;sid:83576250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2712484)"; flow:established,from_client; content:"GET"; http_method; content:"/test/test.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pouya.blob.core.windows.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_19; reference:url, urlhaus.abuse.ch/url/2712484/; classtype:trojan-activity;sid:83575584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705628)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.68.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_20; reference:url, urlhaus.abuse.ch/url/2705628/; classtype:trojan-activity;sid:83568728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2704162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_08_13; reference:url, urlhaus.abuse.ch/url/2704162/; classtype:trojan-activity;sid:83567262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2699237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_05; reference:url, urlhaus.abuse.ch/url/2699237/; classtype:trojan-activity;sid:83562337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2695319)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2695319/; classtype:trojan-activity;sid:83558419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; content:"GET"; http_method; content:"/housenetshare.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"stdown.dinju.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2684828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_18; reference:url, urlhaus.abuse.ch/url/2684828/; classtype:trojan-activity;sid:83547928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.234.203.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678477/; classtype:trojan-activity;sid:83541577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676880)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/qmydsnl.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"lostheaven.com.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676880/; classtype:trojan-activity;sid:83539980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676879)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/apctntoca.bmp"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"lostheaven.com.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676879/; classtype:trojan-activity;sid:83539979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_07_02; reference:url, urlhaus.abuse.ch/url/2675524/; classtype:trojan-activity;sid:83538624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661661)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661661/; classtype:trojan-activity;sid:83524761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661657)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661657/; classtype:trojan-activity;sid:83524757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661658)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661658/; classtype:trojan-activity;sid:83524758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661659)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661659/; classtype:trojan-activity;sid:83524759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661660)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661660/; classtype:trojan-activity;sid:83524760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661653)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661653/; classtype:trojan-activity;sid:83524753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661654)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661654/; classtype:trojan-activity;sid:83524754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661655)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661655/; classtype:trojan-activity;sid:83524755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661656)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661656/; classtype:trojan-activity;sid:83524756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2637944)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_05_21; reference:url, urlhaus.abuse.ch/url/2637944/; classtype:trojan-activity;sid:83501044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2618340)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_26; reference:url, urlhaus.abuse.ch/url/2618340/; classtype:trojan-activity;sid:83481440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615901)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.59.133.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_22; reference:url, urlhaus.abuse.ch/url/2615901/; classtype:trojan-activity;sid:83479001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615316/; classtype:trojan-activity;sid:83478416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615314)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615314/; classtype:trojan-activity;sid:83478414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615283)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615283/; classtype:trojan-activity;sid:83478383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.93.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615280/; classtype:trojan-activity;sid:83478380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615262/; classtype:trojan-activity;sid:83478362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615260)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615260/; classtype:trojan-activity;sid:83478360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.20.122.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615259/; classtype:trojan-activity;sid:83478359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615258/; classtype:trojan-activity;sid:83478358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; content:"GET"; http_method; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2562937)"; flow:established,from_client; content:"GET"; http_method; content:"/b512c9bf0b/rnlgmamvrrbyey3nzb/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"ns1.koleso.tc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_08; reference:url, urlhaus.abuse.ch/url/2562937/; classtype:trojan-activity;sid:83426037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; content:"GET"; http_method; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; content:"GET"; http_method; content:"/unlockteame/unlimited/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530828)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_05; reference:url, urlhaus.abuse.ch/url/2530828/; classtype:trojan-activity;sid:83393928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517803)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_25; reference:url, urlhaus.abuse.ch/url/2517803/; classtype:trojan-activity;sid:83380903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517273)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517273/; classtype:trojan-activity;sid:83380373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517268)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517268/; classtype:trojan-activity;sid:83380368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517269)"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517269/; classtype:trojan-activity;sid:83380369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517271)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517271/; classtype:trojan-activity;sid:83380371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513702)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513702/; classtype:trojan-activity;sid:83376802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513700)"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513700/; classtype:trojan-activity;sid:83376800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513697)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513697/; classtype:trojan-activity;sid:83376797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513699)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513699/; classtype:trojan-activity;sid:83376799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2504339)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/89wkr/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"coadymarine.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_01_11; reference:url, urlhaus.abuse.ch/url/2504339/; classtype:trojan-activity;sid:83367439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2466408)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_12_16; reference:url, urlhaus.abuse.ch/url/2466408/; classtype:trojan-activity;sid:83329508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2441027)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/idr/v3/pub/idrb5event.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"update.itopvpn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_12_01; reference:url, urlhaus.abuse.ch/url/2441027/; classtype:trojan-activity;sid:83304127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2423598)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_11_17; reference:url, urlhaus.abuse.ch/url/2423598/; classtype:trojan-activity;sid:83286698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414734)"; flow:established,from_client; content:"GET"; http_method; content:"/core"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414734/; classtype:trojan-activity;sid:83277834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414733)"; flow:established,from_client; content:"GET"; http_method; content:"/12"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414733/; classtype:trojan-activity;sid:83277833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; content:"GET"; http_method; content:"/analytics/zy5ntk/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fromthetrenchesworldreport.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403434)"; flow:established,from_client; content:"GET"; http_method; content:"/down/fw/fw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403434/; classtype:trojan-activity;sid:83266534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2296313)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_07; reference:url, urlhaus.abuse.ch/url/2296313/; classtype:trojan-activity;sid:83159413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2274787)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_19; reference:url, urlhaus.abuse.ch/url/2274787/; classtype:trojan-activity;sid:83137887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2267284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_06; reference:url, urlhaus.abuse.ch/url/2267284/; classtype:trojan-activity;sid:83130384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2261300)"; flow:established,from_client; content:"GET"; http_method; content:"/opencart/system/library/cache/.cache/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"www.maxmoney.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_07_26; reference:url, urlhaus.abuse.ch/url/2261300/; classtype:trojan-activity;sid:83124400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2255098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.173.39.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_07_07; reference:url, urlhaus.abuse.ch/url/2255098/; classtype:trojan-activity;sid:83118198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; content:"GET"; http_method; content:"/updates1/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1717.1000uc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2246119)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.169.235.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_20; reference:url, urlhaus.abuse.ch/url/2246119/; classtype:trojan-activity;sid:83109219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237418)"; flow:established,from_client; content:"GET"; http_method; content:"/system/gbh/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"airhobi.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237418/; classtype:trojan-activity;sid:83100518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2236625)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_13; reference:url, urlhaus.abuse.ch/url/2236625/; classtype:trojan-activity;sid:83099725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2233031)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty4|3f|ddos"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_10; reference:url, urlhaus.abuse.ch/url/2233031/; classtype:trojan-activity;sid:83096131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2227709)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_06; reference:url, urlhaus.abuse.ch/url/2227709/; classtype:trojan-activity;sid:83090809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2218862)"; flow:established,from_client; content:"GET"; http_method; content:"/accesorios/plg/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tecni-soft.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_31; reference:url, urlhaus.abuse.ch/url/2218862/; classtype:trojan-activity;sid:83081962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2192744)"; flow:established,from_client; content:"GET"; http_method; content:"/crt/xe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pns.org.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_05_13; reference:url, urlhaus.abuse.ch/url/2192744/; classtype:trojan-activity;sid:83055844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2191248)"; flow:established,from_client; content:"GET"; http_method; content:"/application/phebceg4tx/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.ingonherbal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_05_12; reference:url, urlhaus.abuse.ch/url/2191248/; classtype:trojan-activity;sid:83054348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2143816)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/server.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"linkvilleplayers.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_04_12; reference:url, urlhaus.abuse.ch/url/2143816/; classtype:trojan-activity;sid:83006916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2134110)"; flow:established,from_client; content:"GET"; http_method; content:"/0011b9cd240249c3aeb520ea1205eaf1.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zhengxinpeixun.oss-cn-qingdao.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_04_06; reference:url, urlhaus.abuse.ch/url/2134110/; classtype:trojan-activity;sid:82997210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120576)"; flow:established,from_client; content:"GET"; http_method; content:"/64prpldhbugztyb2zl/xjvfxpux7xeopwtqsq2/|3f|i=1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"www.chemsky.tn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120576/; classtype:trojan-activity;sid:82983676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2113865)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty3|3f|ddos"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_24; reference:url, urlhaus.abuse.ch/url/2113865/; classtype:trojan-activity;sid:82976965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086476)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086476/; classtype:trojan-activity;sid:82949576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086449)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086449/; classtype:trojan-activity;sid:82949549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2076705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_04; reference:url, urlhaus.abuse.ch/url/2076705/; classtype:trojan-activity;sid:82939805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2066122)"; flow:established,from_client; content:"GET"; http_method; content:"/images/vin1.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"namthaibinh.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_02_28; reference:url, urlhaus.abuse.ch/url/2066122/; classtype:trojan-activity;sid:82929222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2051389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_21; reference:url, urlhaus.abuse.ch/url/2051389/; classtype:trojan-activity;sid:82914489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2043048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_14; reference:url, urlhaus.abuse.ch/url/2043048/; classtype:trojan-activity;sid:82906148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1988943)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh|3f|le0943_http"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.145.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_19; reference:url, urlhaus.abuse.ch/url/1988943/; classtype:trojan-activity;sid:82852043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1978480)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_15; reference:url, urlhaus.abuse.ch/url/1978480/; classtype:trojan-activity;sid:82841580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1960874)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_09; reference:url, urlhaus.abuse.ch/url/1960874/; classtype:trojan-activity;sid:82823974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1915365)"; flow:established,from_client; content:"GET"; http_method; content:"/5j1ae/apmyyqsc6q3p5y/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"aosafrica.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_23; reference:url, urlhaus.abuse.ch/url/1915365/; classtype:trojan-activity;sid:82778465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1887133)"; flow:established,from_client; content:"GET"; http_method; content:"/autokey/update/autokey.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"api.52kkg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1887133/; classtype:trojan-activity;sid:82750233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; content:"GET"; http_method; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"server.toeicswt.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; content:"GET"; http_method; content:"/update/ana/update.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.teknoarge.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506064)"; flow:established,from_client; content:"GET"; http_method; content:"/ortakmodul/nbys%20asm.net.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"files5.uludagbilisim.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506064/; classtype:trojan-activity;sid:82369164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506027)"; flow:established,from_client; content:"GET"; http_method; content:"/nbys.aspx|3f|f=aile_hekimligi/nbys%20ah.net.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"files5.uludagbilisim.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506027/; classtype:trojan-activity;sid:82369127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497688/; classtype:trojan-activity;sid:82360788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497194/; classtype:trojan-activity;sid:82360294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1469946)"; flow:established,from_client; content:"GET"; http_method; content:"/hajime"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1469946/; classtype:trojan-activity;sid:82333046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1459190)"; flow:established,from_client; content:"GET"; http_method; content:"/cliopmq/cluton.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"protechasia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_16; reference:url, urlhaus.abuse.ch/url/1459190/; classtype:trojan-activity;sid:82322290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1434520)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_07; reference:url, urlhaus.abuse.ch/url/1434520/; classtype:trojan-activity;sid:82297620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1402229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_26; reference:url, urlhaus.abuse.ch/url/1402229/; classtype:trojan-activity;sid:82265329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1393270)"; flow:established,from_client; content:"GET"; http_method; content:"/downfile.asp|3f|sid=276663/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.ysbaojia.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_24; reference:url, urlhaus.abuse.ch/url/1393270/; classtype:trojan-activity;sid:82256370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1352974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_06_11; reference:url, urlhaus.abuse.ch/url/1352974/; classtype:trojan-activity;sid:82216074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; content:"GET"; http_method; content:"/inst77player/inst77player_1.0.0.1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl.360tpcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237693)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1z7qhwcozjwehksdhw-yuivac2jzwjqia"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237693/; classtype:trojan-activity;sid:82100793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228961)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1a7jwdzayvxw_d3cgv_n7tjf4sty3ufor|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228961/; classtype:trojan-activity;sid:82092061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cfs9.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"cfs10.blog.daum.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; http_uri; depth:303; isdataat:!1,relative; nocase; content:"cfs7.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1167210)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.145.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_04_25; reference:url, urlhaus.abuse.ch/url/1167210/; classtype:trojan-activity;sid:82030310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1061608)"; flow:established,from_client; content:"GET"; http_method; content:"/dos/nemesy13.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dl.packetstormsecurity.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2021_03_11; reference:url, urlhaus.abuse.ch/url/1061608/; classtype:trojan-activity;sid:81924708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040535)"; flow:established,from_client; content:"GET"; http_method; content:"/agha25.tar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spaceframe.mobi.space-frame.co.za"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040535/; classtype:trojan-activity;sid:81903635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1009349)"; flow:established,from_client; content:"GET"; http_method; content:"/2017/06/radbxnzdxbd.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"360down7.miiyun.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1009349/; classtype:trojan-activity;sid:81872449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995049)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995049/; classtype:trojan-activity;sid:81858149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995040)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995040/; classtype:trojan-activity;sid:81858140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (986697)"; flow:established,from_client; content:"GET"; http_method; content:"/dcbl8fi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"library.arihantmbainstitute.ac.in"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_02_01; reference:url, urlhaus.abuse.ch/url/986697/; classtype:trojan-activity;sid:81849797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; content:"GET"; http_method; content:"/gamewd/yhdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.caihong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935817)"; flow:established,from_client; content:"GET"; http_method; content:"/css/bg4n3/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935817/; classtype:trojan-activity;sid:81798917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935625)"; flow:established,from_client; content:"GET"; http_method; content:"/u0eukz.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"abissnet.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935625/; classtype:trojan-activity;sid:81798725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (788214)"; flow:established,from_client; content:"GET"; http_method; content:"/v2x2vexx.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yzkzixun.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_11_05; reference:url, urlhaus.abuse.ch/url/788214/; classtype:trojan-activity;sid:81651314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (754857)"; flow:established,from_client; content:"GET"; http_method; content:"/gfl7i3kp.rar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karer.by"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/754857/; classtype:trojan-activity;sid:81617957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; content:"GET"; http_method; content:"/paetools.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soft.110route.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (611407)"; flow:established,from_client; content:"GET"; http_method; content:"/css/3u/"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_25; reference:url, urlhaus.abuse.ch/url/611407/; classtype:trojan-activity;sid:81474507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (598684)"; flow:established,from_client; content:"GET"; http_method; content:"/css/6qv2o2ehwzh1d/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_22; reference:url, urlhaus.abuse.ch/url/598684/; classtype:trojan-activity;sid:81461784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x7z9wbk77tt6v9/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (552113)"; flow:established,from_client; content:"GET"; http_method; content:"/css/llc/fa1torcvwmvsw1ioua/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/552113/; classtype:trojan-activity;sid:81415213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack1226.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (444932)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/document/81828115/bkxjh/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"hr2019.vrcom7.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_27; reference:url, urlhaus.abuse.ch/url/444932/; classtype:trojan-activity;sid:81308032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438621)"; flow:established,from_client; content:"GET"; http_method; content:"/css/statement/sv8ah2oz31fj/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438621/; classtype:trojan-activity;sid:81301721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432815)"; flow:established,from_client; content:"GET"; http_method; content:"/css/doc/kbc9dts71991684654644570io07lx5tws9zd0q/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432815/; classtype:trojan-activity;sid:81295915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429864)"; flow:established,from_client; content:"GET"; http_method; content:"/css/fqcfrfvwflt3/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_12; reference:url, urlhaus.abuse.ch/url/429864/; classtype:trojan-activity;sid:81292964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426390)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/open-0627720493640-azq24pffjrm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426390/; classtype:trojan-activity;sid:81289490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/aog-3515110/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lindnerelektroanlagen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421897)"; flow:established,from_client; content:"GET"; http_method; content:"/css/reporting/po3x708837819192166196fun7k976gnpv/"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421897/; classtype:trojan-activity;sid:81284997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (363653)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.38.241.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_16; reference:url, urlhaus.abuse.ch/url/363653/; classtype:trojan-activity;sid:81226753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"cfs5.tistory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322467)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/jet.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322467/; classtype:trojan-activity;sid:81185567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322465)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/sunset1.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322465/; classtype:trojan-activity;sid:81185565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322462)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1/smell-the-roses.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322462/; classtype:trojan-activity;sid:81185562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; content:"GET"; http_method; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242568/; classtype:trojan-activity;sid:81105668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (241993)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.175.138.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_09; reference:url, urlhaus.abuse.ch/url/241993/; classtype:trojan-activity;sid:81105093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240426/; classtype:trojan-activity;sid:81103526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240403)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240403/; classtype:trojan-activity;sid:81103503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240036/; classtype:trojan-activity;sid:81103136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239977)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.178.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/239977/; classtype:trojan-activity;sid:81103077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222979)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d3e8177e87cc.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222979/; classtype:trojan-activity;sid:81086079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; content:"GET"; http_method; content:"/meteoradminz/hidden-tear/zip/master"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210023)"; flow:established,from_client; content:"GET"; http_method; content:"/opolis.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.opolis.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_18; reference:url, urlhaus.abuse.ch/url/210023/; classtype:trojan-activity;sid:81073123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hseda.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hseda.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; content:"GET"; http_method; content:"/screenmate/cute/sm1302.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.starcountry.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/12.2013/nrv-ppwr.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/rzr-winner_intro.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"chiptune.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197801)"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/d/2014-06-12_djylh.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197801/; classtype:trojan-activity;sid:81060901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197800)"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/p/pocketrar350sc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197800/; classtype:trojan-activity;sid:81060900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195911)"; flow:established,from_client; content:"GET"; http_method; content:"/soft_hair/pcsupport.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"support.clz.kr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_14; reference:url, urlhaus.abuse.ch/url/195911/; classtype:trojan-activity;sid:81059011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170262)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/3"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170262/; classtype:trojan-activity;sid:81033362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170261)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170261/; classtype:trojan-activity;sid:81033361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170260)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170260/; classtype:trojan-activity;sid:81033360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; content:"GET"; http_method; content:"/active/pcclear_eng_mini.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"down.pcclear.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (101043)"; flow:established,from_client; content:"GET"; http_method; content:"/employeemasterimages/qace.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"livetrack.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_01_02; reference:url, urlhaus.abuse.ch/url/101043/; classtype:trojan-activity;sid:80964143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96791)"; flow:established,from_client; content:"GET"; http_method; content:"/gvhr-mmj5u8zn2kc5aoq_nkxhprvvh-t9/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"aulist.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2018_12_18; reference:url, urlhaus.abuse.ch/url/96791/; classtype:trojan-activity;sid:80959891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94279)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/20140812/14078161556897.rar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"static.3001.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94279/; classtype:trojan-activity;sid:80957379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91928)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-12/03/519808/4cf8bc6362f34.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91928/; classtype:trojan-activity;sid:80955028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85967)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/rc1veeex.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85967/; classtype:trojan-activity;sid:80949067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/5fg9yjwr.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85881/; classtype:trojan-activity;sid:80948981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85879)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/a9to40e7.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85879/; classtype:trojan-activity;sid:80948979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85878)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/e6i8pdc0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85878/; classtype:trojan-activity;sid:80948978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85877)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-07/28/117228/4wtjdjio.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85877/; classtype:trojan-activity;sid:80948977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85876)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/zwy1q6k0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85876/; classtype:trojan-activity;sid:80948976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85874)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/06/98428/07c9mfhe.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85874/; classtype:trojan-activity;sid:80948974; rev:1;) # Number of entries: 43643